JFrog Unveils First Runtime Security Solution to Deliver Complete Software Integrity and Lineage from Code to Cloud
JFrog (Nasdaq: FROG) has unveiled JFrog Runtime, a new security solution that integrates security throughout the entire software development lifecycle. This addition to the JFrog Platform enables organizations to:
1. Monitor Kubernetes clusters in real-time
2. Identify and address security incidents based on actual risk
3. Ensure image integrity and meet compliance requirements
The solution aims to bridge the gap between developers and security teams, automating DevSecOps tasks to save time and strengthen security for cloud-native applications. According to an IDC survey, organizations spend an average of $542 per week per developer on security-related tasks, totaling $1.89 million annually. JFrog Runtime addresses this by offering features such as real-time vulnerability visibility, accelerated triage, and comprehensive analytics for Kubernetes clusters.
JFrog (Nasdaq: FROG) ha presentato JFrog Runtime, una nuova soluzione di sicurezza che integra la protezione in tutto il ciclo di vita dello sviluppo software. Questa aggiunta alla JFrog Platform consente alle organizzazioni di:
1. Monitorare i cluster Kubernetes in tempo reale
2. Identificare e affrontare gli incidenti di sicurezza in base al rischio effettivo
3. Garantire l'integrità delle immagini e rispettare i requisiti di conformità
La soluzione mira a colmare il divario tra i sviluppatori e i team di sicurezza, automatizzando i compiti di DevSecOps per risparmiare tempo e rafforzare la sicurezza delle applicazioni cloud-native. Secondo un'indagine di IDC, le organizzazioni spendono in media 542 dollari a settimana per ogni sviluppatore in compiti legati alla sicurezza, per un totale di 1,89 milioni di dollari all'anno. JFrog Runtime risponde a questa esigenza offrendo funzionalità come visibilità delle vulnerabilità in tempo reale, triage accelerato e analisi complete per i cluster Kubernetes.
JFrog (Nasdaq: FROG) ha revelado JFrog Runtime, una nueva solución de seguridad que integra la seguridad a lo largo de todo el ciclo de vida del desarrollo de software. Esta adición a la JFrog Platform permite a las organizaciones:
1. Monitorear clústeres de Kubernetes en tiempo real
2. Identificar y abordar incidentes de seguridad basados en riesgos reales
3. Asegurar la integridad de las imágenes y cumplir con los requisitos normativos
La solución tiene como objetivo cerrar la brecha entre los desarrolladores y los equipos de seguridad, automatizando tareas de DevSecOps para ahorrar tiempo y fortalecer la seguridad de las aplicaciones nativas de la nube. Según una encuesta de IDC, las organizaciones gastan en promedio $542 por semana por desarrollador en tareas relacionadas con la seguridad, totalizando $1.89 millones anuales. JFrog Runtime aborda esto al ofrecer características como visibilidad de vulnerabilidades en tiempo real, triaje acelerado y análisis integral para clústeres de Kubernetes.
JFrog (Nasdaq: FROG)가 JFrog Runtime를 공개했습니다. 이는 소프트웨어 개발 생애 주기 전반에 걸쳐 보안을 통합하는 새로운 보안 솔루션입니다. JFrog Platform에 추가됨으로써 조직은 다음을 수행할 수 있습니다:
1. 쿠버네티스 클러스터를 실시간으로 모니터링
2. 실제 위험에 기반한 보안 사고를 식별하고 해결
3. 이미지 무결성을 보장하고 규정 준수 요구 사항을 충족
이 솔루션은 개발자와 보안 팀 간의 간극을 해소하고, 클라우드 네이티브 애플리케이션의 보안을 강화하고 시간을 절약하기 위해 DevSecOps 작업을 자동화하는 것을 목표로 하고 있습니다. IDC 조사에 따르면 조직은 보안 관련 작업에 대해 개발자당 주당 평균 542달러를 지출하며, 연간 총 189만 달러에 달합니다. JFrog Runtime는 실시간 취약성 가시성, 신속한 triage 및 Kubernetes 클러스터에 대한 포괄적인 분석과 같은 기능을 제공하여 이를 해결합니다.
JFrog (Nasdaq: FROG) a dévoilé JFrog Runtime, une nouvelle solution de sécurité qui intègre la sécurité tout au long du cycle de vie du développement logiciel. Cet ajout à la JFrog Platform permet aux organisations de :
1. Surveiller les clusters Kubernetes en temps réel
2. Identifier et traiter les incidents de sécurité sur la base des risques réels
3. Garantir l'intégrité des images et respecter les exigences de conformité
La solution vise à combler le fossé entre les développeurs et les équipes de sécurité, en automatisant les tâches DevSecOps pour gagner du temps et renforcer la sécurité des applications cloud-native. Selon une étude IDC, les organisations dépensent en moyenne 542 dollars par semaine par développeur pour des tâches liées à la sécurité, soit un total annuel de 1,89 million de dollars. JFrog Runtime répond à cela en offrant des fonctionnalités telles que la visibilité des vulnérabilités en temps réel, un triage accéléré et des analyses complètes pour les clusters Kubernetes.
JFrog (Nasdaq: FROG) hat JFrog Runtime vorgestellt, eine neue Sicherheitslösung, die Sicherheit im gesamten Softwareentwicklungszyklus integriert. Diese Ergänzung zur JFrog Platform ermöglicht es Organisationen:
1. Kubernetes-Cluster in Echtzeit zu überwachen
2. Sicherheitsvorfälle basierend auf tatsächlichen Risiken zu identifizieren und anzugehen
3. Die Integrität von Bildern sicherzustellen und Compliance-Anforderungen zu erfüllen
Die Lösung zielt darauf ab, die Lücke zwischen Entwicklern und Sicherheitsteams zu schließen, indem DevSecOps-Aufgaben automatisiert werden, um Zeit zu sparen und die Sicherheit von Cloud-nativen Anwendungen zu stärken. Laut einer IDC-Umfrage geben Organisationen durchschnittlich 542 US-Dollar pro Woche und Entwickler für sicherheitsbezogene Aufgaben aus, was jährlich insgesamt 1,89 Millionen US-Dollar entspricht. JFrog Runtime reagiert darauf mit Funktionen wie Echtzeit-Sichtbarkeit von Schwachstellen, beschleunigter Triagierung und umfassender Analyse für Kubernetes-Cluster.
- Introduction of JFrog Runtime, enhancing end-to-end security capabilities
- Real-time monitoring and security incident prioritization for Kubernetes clusters
- Potential time and cost savings for organizations in security-related tasks
- Integration of AI/ML model curation and secure OSS catalog features
- None.
Insights
JFrog's new Runtime security solution marks a significant advancement in DevSecOps. By integrating security across the entire software development lifecycle, it addresses critical gaps in cloud-native application protection. The real-time vulnerability visibility and advanced prioritization features are particularly noteworthy, potentially reducing incident response times and improving overall security posture.
The solution's focus on Kubernetes cluster analytics is timely, given the growing adoption of containerized applications. This could be a game-changer for organizations struggling with cloud security complexities. However, the true test will be in its seamless integration with existing workflows and its ability to minimize false positives, which often plague security tools.
JFrog's expansion into runtime security could positively impact its market position and financial performance. The IDC survey cited in the article suggests a substantial market opportunity, with companies spending an average of
Moreover, by offering a more comprehensive security solution, JFrog may increase its customer retention and upselling opportunities. However, investors should monitor adoption rates and the competitive landscape, as the DevSecOps market is rapidly evolving and highly competitive.
JFrog's Runtime solution addresses a critical market need, as evidenced by the statistic that
However, JFrog will need to differentiate its offering in a crowded market. The success of this product will likely depend on its ability to demonstrate tangible time and cost savings for development teams, as well as its effectiveness in reducing security incidents in real-world deployments.
Complete software lifecycle security enables organizations to simultaneously shift left & right, helping developers save time with quick threat detection and risk remediation
First Runtime Security Solution with Integrity & Lineage from Code to Cloud (Photo: Business Wire)
“As organizations increasingly shift left to combat today’s growing threat landscape, the disconnect among siloed tools places additional strain on developers, security, and MLOps teams,” said Asaf Karas, CTO of JFrog Security. “Companies can alleviate this burden by adopting a unified platform that provides end-to-end visibility, remediation, and traceability across the development and security processes. By empowering DevOps, Data Scientists, and Platform engineers with an integrated solution that spans from secure model scanning and curation on the left to JFrog Runtime on the right, organizations can significantly enhance the delivery of trusted software at scale.”
A recent IDC survey sponsored by JFrog found that organizations spend an average of
“Runtime security is critical for our customers as it ensures that their applications remain protected while in operation. With the increasing complexity of cloud environments and the rise of containerized applications, real-time visibility into potential vulnerabilities is essential,” said Paul Goldman, CEO, iTMethods. “JFrog Runtime will help enhance our customers' security posture by allowing them to rapidly detect and respond to threats, thus safeguarding their data and maintaining trust in their cloud services.”
Industry research shows that one in five applications contain runtime exposure, with 20 percent of all applications having high, critical, or apocalyptic issues during the execution stage. By automating security for fast-moving, dynamic applications like those that run in containers, JFrog Runtime security addresses the unique visibility and insight needs of cloud-native environments.
Key features and benefits of JFrog Runtime include:
- Real-Time Vulnerability Visibility: Gain real-time insights into vulnerabilities within your runtime environment.
- Accelerated Triage with Advanced Prioritization: Streamline the identification and prioritization of security incidents based on their business impact.
- Reduced Risk Through Exposure Management: Quickly identify the source and ownership of vulnerable packages, enabling faster risk mitigation.
- Protection for Cloud-Based Workloads: Aid in safeguarding applications with continuous monitoring for post-deployment threats such as malware attacks and privilege escalation.
- Comprehensive Analytics for Kubernetes clusters: Enable continuous runtime evaluation of workloads and containers for real-time vulnerability detection and alignment to the corresponding processes and files within JFrog Artifactory.
- Centralized Incident Awareness: Maintain a consolidated view of your runtime environment to facilitate accurate incident identification and response.
"A platform that unifies security across the software supply chain from development to production can provide critical visibility and traceability that developers and DevSecOps teams need to manage and remediate risks effectively," said Katie Norton, research manager, DevSecOps and Software Supply Chain Security at IDC. "JFrog's addition of runtime security supports a shift-left and shift-right strategy, fostering comprehensive protection and streamlined processes that lessen the strain on development and security teams.”
JFrog Runtime complements JFrog’s already robust suite of advanced security capabilities including:
- AI/ML Model Curation: JFrog Curation helps defend your software supply chain by enabling early detection and blocking of malicious ML Models retrieved from open-source repositories like Hugging Face before they even enter your organization. JFrog’s universal, scalable security platform also natively proxies Hugging Face allowing developers to access open source AI/ML models while simultaneously detecting malicious models, block their use if needed, and enforcing license compliance to enable safer use of AI.
- Secure OSS Catalog: The JFrog open-source software (OSS) package catalog provides a “search engine for software packages” using the JFrog UI or via API. Backed by both public and JFrog data, the OSS Catalog gives users quick insight into the security and risk metadata associated with all OSS packages.
For additional information on JFrog Runtime and the entire suite of JFrog security solutions visit https://jfrog.com/runtime. You can also read this blog and register to join JFrog security experts for a webinar deep diving into JFrog Runtime capabilities on October 2 and 15, 2024 at a time that works best for you.
Like this story? Post this on X (formerly Twitter): .@jfrog unveils industry’s first Runtime solution that integrates #security at every development stage, from source code to production. Learn more: https://jfrog.co/3THB7Lp #SoftwareSupplyChain #DevSecOps #SDLC
About JFrog
JFrog Ltd. (Nasdaq: FROG) is on a mission to create a world of software delivered without friction from developer to device. Driven by a “Liquid Software” vision, the JFrog Software Supply Chain Platform is a single system of record that powers organizations to build, manage, and distribute software quickly and securely, to aid in making it available, traceable, and tamper-proof. The integrated security features also help identify, protect, and remediate against threats and vulnerabilities. JFrog’s hybrid, universal, multi-cloud platform is available as both self-hosted and SaaS services across major cloud service providers. Millions of users and 7K+ customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely embrace digital transformation. Once you leap forward, you won’t go back! Learn more at jfrog.com and follow us on Twitter: @jfrog.
Cautionary Note About Forward-Looking Statements
This press release contains “forward-looking” statements, as that term is defined under the
These forward-looking statements are based on our current assumptions, expectations and beliefs and are subject to substantial risks, uncertainties, assumptions and changes in circumstances that may cause JFrog’s actual results, performance or achievements to differ materially from those expressed or implied in any forward-looking statement. There are a significant number of factors that could cause actual results, performance or achievements to differ materially from statements made in this press release, including but not limited to risks detailed in our filings with the Securities and Exchange Commission, including in our annual report on Form 10-K for the year ended December 31, 2023, our quarterly reports on Form 10-Q, and other filings and reports that we may file from time to time with the Securities and Exchange Commission. Forward-looking statements represent our beliefs and assumptions only as of the date of this press release. We disclaim any obligation to update forward-looking statements except as required by law.
View source version on businesswire.com: https://www.businesswire.com/news/home/20240910827937/en/
Media Contact:
jfrog@bocacommunications.com
Investor Contact:
Jeff Schreiner, VP of Investor Relations, jeffS@jfrog.com
Source: JFrog Ltd.
FAQ
What is JFrog Runtime and how does it enhance software security?
How much do organizations typically spend on security-related tasks according to the IDC survey mentioned in the JFrog (FROG) press release?
What are some key features of JFrog Runtime announced by JFrog (FROG)?