Application Security Posture Management (ASPM)
Last updated
Last updated
Xygeni’s Application Security Posture Management (ASPM) enhances how your teams visualize, prioritize, and remediate risks. Xygeni platform delivers real-time visibility and contextualization that simplifies security, ensuring your applications are protected from development through deployment.
Below you can find you can find some of the main features of Xygeni's ASPM. For a full description of ASPM in the Xygeni UI please go to Xygeni ASPM Web UI
Xygeni automates the identification and cataloging of every asset within your software supply chain, enhancing visibility and control over your development and deployment processes.
From source control systems to build tools, CI/CD workflows, and distribution mechanisms, Xygeni captures a detailed inventory of assets including code repositories, opensource and private dependencies, package managers, pipelines and jobs, scripts and build files, plugins and tools, Infrastructure as Code (IaC) templates and cloud resources.
Furthermore, Xygeni automatically identifies and continuously monitors all assets, assessing their interdependencies and the individual and overall security posture of each asset, application, and customer defined group or category.
See Inventory for further details
Xygeni enhances its Inventory capabilities by integrating a comprehensive Collaborator Analysis feature.
This analysis is crucial for managing administrative users, contributors, and collaborators associated with software repositories. By scanning and assessing the roles and activities of individuals involved in the development process, Xygeni supports organizations in achieving the least privilege approach by identifying and mitigating risks related to inactive or overprivileged users.
Some key features are:
Comprehensive Permissions Review: Xygeni scans for all SCM (Source Control Management) user accounts that have read, write, or manage permissions on repositories. It includes permissions assigned directly to users or inherited from groups with access to the repositories.
Group and User Tracking: The system registers all SCM groups, including any users with significant permissions, ensuring that all potential access points are monitored and controlled.
Non-SCM Contributors: Xygeni also identifies git users who are not linked to an SCM account but have made commits to the git history. Xygeni tracks contributions across all branches, providing a complete picture of who has influenced the codebase.
See Inventory Collaborators and Heath Check Collaborators for further info.
Xygeni’s prioritization capabilities go beyond standard methods by incorporating dynamic funnels that allow for extensive customization and precise filtering.
Customers can define up to eight stages in their prioritization funnel, tailored not only by severity but also by issue type and category. This flexibility ensures that each organization can focus on the vulnerabilities that pose the highest risk according to their specific security policies and operational needs.
The funnel system supports the integration of customer-defined properties alongside pre-configured stages such as reachability or exploitability, among others. This allows organizations to refine their security focus further and manage vulnerabilities more effectively based on unique criteria important to their environment.
By utilizing Xygeni’s dynamic funnels, teams can optimize their security efforts, ensuring that critical issues are quickly identified and addressed.
See Prioritization Funnels for further info
Xygeni’s Application Security Posture Management (ASPM) platform enhances its capabilities by easily integrating reports from third-party security tools, including Static Application Security Testing (SAST) and Software Composition Analysis (SCA) tools.
This integration allows organizations to leverage their existing technology stack, providing a comprehensive view of security threats across different tools and platforms.
By consolidating and correlating these reports, Xygeni helps teams understand their security posture in a unified context, ensuring that all potential vulnerabilities are identified, prioritized, and addressed efficiently.
Key benefits of this integration include:
Unified Security Dashboard: Consolidates findings from various tools into a single, comprehensive dashboard for easy monitoring and analysis.
Enhanced Threat Detection: Combines data from multiple sources to provide a more complete assessment of security risks.
Efficient Remediation: Enables quicker and more coordinated responses to security issues by providing centralized management of vulnerabilities.
See Uploading reports from 3rd party tools for further information
Xygeni’s Application Security Posture Management platform includes a robust security audit trail feature that provides a comprehensive timeline of events associated with each asset.
This feature tracks and logs all significant activities, such as changes, updates, and security incidents, ensuring that users have a clear and detailed view of the security history for each asset within their software environment. The most relevant capabilities of our security audit trail are:
Event Login: Every modification, update, or security event related to an asset is meticulously logged, creating a chronological record that can be crucial for troubleshooting, compliance audits, and security investigations.
Comprehensive Coverage: The audit trail captures a wide range of events, from code commits and build configurations to deployment activities and configuration modifications, ensuring that all aspects of the asset lifecycle are monitored.
Easy Access and Visualization: Users can easily access and visualize the audit trails through Xygeni’s intuitive interface to quickly find specific events or patterns.
Enhanced Security and Compliance: By maintaining a detailed record of all actions taken on each asset, organizations can enhance their security posture and compliance with regulatory requirements, making it easier to verify that proper processes are followed and to detect potential security breaches early.
See Findings and Audit Trail for further information
Xygeni’s ASPM platform optimizes the remediation process by providing detailed guidelines and automated actions for addressing risks and vulnerabilities. It offers clear, actionable steps tailored to each specific issue, enabling quick and effective resolutions. Integration with ticketing and tracking tools facilitates easy updates to workflows, ensuring vulnerabilities are promptly managed.
See Remediation Actions and Automatic Fix for further information.
