DefectDojo Introduces Industry-First Unified SOC, AppSec Platform

DefectDojo, the pioneer in scalable security, unified vulnerability management and DevSecOps, has announced the launch of their next-gen Security Operations Center (SOC) capabilities for DefectDojo Pro, which provides both SOC and AppSec professionals a unified platform for noise reduction and prioritisation of SOC alerts and AppSec findings. As both SOC and AppSec teams attempt to cut through noisy data from a sprawling set of tools and sources, Dojo Pro now allows two security teams to work from the same platform in a way no other solution has offered to date.

SOC teams, like their counterparts in AppSec, are facing a number of challenges that hinder their ability to effectively protect their organisations. A recent survey found that SOC teams receive approximately 500 investigation-worthy endpoint security alerts weekly, and investigating these alerts takes up to 65% of their time; in that same survey, 16% of SOC professionals said they only addressed 50–59% of their pipeline per week. In short, SOC teams do not have the time or the resources to effectively keep up with the constantly-evolving threat landscape and the deluge of associated data.

Next-gen SOC builds on DefectDojo’s previous efforts to simplify and streamline cybersecurity operations. SOC teams can now use Dojo Pro’s Machine Learning algorithms to consolidate and remove duplicate findings, significantly cutting down the amount of data they must process and assess. They can also take advantage of DefectDojo’s newly-released risk-based prioritisation features, which more effectively assess risk by factoring in exploitability, reachability, revenue, potential compliance factors, user records and a number of other factors to help teams find their most pressing vulnerabilities and SOC alerts to respond more quickly.

“DefectDojo has always prioritised meeting security teams where they are, providing them the flexible foundation to effectively manage their needs and making hypertechnical cybersecurity tools accessible. Unifying next-gen SOC and AppSec represents the culmination of all of our work to date and a major breakthrough in how different cybersecurity teams collaborate with each other,” said Greg Anderson, CEO and Founder of DefectDojo. “We aim to continue bringing our customers scalable solutions for today’s most pressing cybersecurity issues.”

The next-gen SOC capabilities join a number of recently launched features for the Dojo Pro platform, all of which are informed by direct customer feedback and use cases. These include the Rules Engine, which enables teams to customize rules to automatically manipulate, edit, enhance, add custom remediation advice, escalate, or deescalate specific findings, all without significant human effort; the universal parser, allowing for data ingestion from any tool producing JSON or XML data; and next-generation prioritisation evaluation.

Built by and for cybersecurity professionals, Dojo Pro is designed to efficiently scale for the needs of organizations of any size and centralise vulnerability data into one easy-to-use platform. DefectDojo’s customer base includes Fortune 10 companies, international banks, government agencies and solo consultants alike, and the open-source OWASP Edition of the platform has been downloaded over 43 million times. To learn more about DefectDojo and get started with either the OWASP Edition or Dojo Pro, contact hello@defectdojo.com.