modern tools for today’s devsecops teams
Mixeway – Security Automation
Today’s security systems produce enormous amount of events that have to be verified by Security Professional.
With Mixeway You have single dashboard for most of them being able to interact with those tools in unified way.
Possibility to integrate with all scanners in unified manner
e.g. CIS Benchmark reports in a user friendly dashboard
Visibility and verification of security in GCP and AWS
Generic plugin allow to define new sources easily
Neural network help to prioritize threats
Teams that operate in DevSecOps model spent way too much time verifying results from security testing. Mixeway Vulnerability Auditor is well trained Neural Network that can classify detected security vulnerabilities into one of the two classes “Fix Required” and “Not Relevant Finding”
Such classification allow us to configure proper Security Gateway in CICD where all automatically detected vulnerabilities are analyzed and graded by AI.
Intelligent Vulnerability Management System
Customizable and scalable vulnerability management system is a mandatory tool in DevSecOps eco-system.
Mixeway is a middleware between CICD and Vulnerability Scanners. From user perspective it doesn’t matter which SAST, DAST, SCA or Network Scanner You are using – all integration is done by Mixeway in the background what makes the whole
proces completely unified for the user/process.
Configure and RUN any scan
It doesn’t matter which vulnerability scanners You are using. With Mixeway integration running scans from GUI/API/CICD pipeline looks exactly the same no matter of scanning software.
Although Vulnerability Management is not main focus of Mixeway, we still serve some of the functionalities where You can browse through findings, see dashboard statistics or create JIRA tickets just by clicking on an issue.
With Mixeway Vuln Auditor each detected threat is analyzed by Neural network and categorized as one of two: Relevant threat or not important/false positive. Thanks to that CyberSec Teams can focus only on serious threats
Security Quality Gateway
Testing is the key to continuous deployment. Each set of tests in the end should be respected in a way of quality gateway.
One of a key element of Mixeway is Security Quality Gateway. This component verify if scan results meets given security policy so CICD pipeline can make a decision about building or running an application based on security testing result.
By default security quality gateway returns:
– OK – if all tests were executed and no critical vulnerabilities has been found
– NOT OK – if one or more parts of a test is missing (for example deployment is being done without performing a test) or results for an application contains critical vulnerabilities
Checkout the articles our team has prepared. They cover both DevSec, AppSec and DevSecOps areas