Additional Info

Websitehttps://www.contrastsecurity.com/
Company size (employees)50 to 99
Headquarters RegionNorth America

Overview

Founded in 2014, Contrast Security fundamentally changes the way software is secured in development and production, introducing a new era of self-protecting software. Contrast is successfully disrupting the application security market, which has been dominated by slow, inaccurate end of lifecycle scanners and manual penetration testers for over a decade. Organizations that once bought multiple application security products can now receive better results with just one. As a fundamentally distributed technology, Contrast allows organizations to assess and secure all of their applications, not just a few critical ones. Contrast’s Interactive Application Security Testing (IAST) product, Contrast Assess makes application security an automated, continuous and seamless part of software development, not a barrier slowing development and frustrating developers.  Contrast Protect, Contrast’s runtime application self-protection (RASP) product, doesn’t “learn” applications but becomes part of them. Unlike other RASP solutions, Contrast doesn’t require any changes to applications or the runtime environment. Unlike WAF and IPS solutions, no network configuration is necessary. Only Contrast provides both vulnerability testing and cyberattack monitoring and blocking.

Contrast continuously protects applications totaling over 700 million lines of custom code and 11 billion lines of library code. Over the past 12 months, Contrast discovered over 14,000 vulnerabilities per month, totaling ~ 168,000 and representing 233% growth. Contrast has protected against over 398,000 confirmed application attacks, roughly half of which targeted a real vulnerability.

Contrast is bringing the age of security “exceptionalism” to an end, making it a normal and natural part of software engineering, and is purpose-built for Waterfall, agile and DevOps methodologies. Already, Contrast has moved many large enterprise clients away from legacy scanning to continuous analysis and protection.

For example, a top five US bank with over 35,000 employees deployed Contrast Enterprise across 125 internally-facing and externally-facing applications, representing approximately 50% of their entire software application portfolio.

How we are different

• Contrast is the world’s leading provider of cybersecurity technology that enables software applications to protect themselves against cyberattacks. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate analysis and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. No other company can provide both vulnerability testing as well as continuous monitoring and blocking from attacks. Only Contrast has intelligent agents that work actively inside applications to prevent data breaches, defeat hackers and secure the entire enterprise from development, to operations, to production.
• Contrast is truly different in both philosophy and technology from any existing application security technology. When it comes to accuracy, Contrast scores a perfect 100 percent against the 21,000 test cases in the OWASP Benchmark Project, while the top legacy tools scored only 33 percent. When it comes to speed, Contrast works in real time so developers and testers get instant results. Meanwhile, legacy solutions took hours or days to complete the OWASP Benchmark. When it comes to scalability, Contrast works continuously – and is fully automated – across very large enterprise application portfolios in parallel in real time. Contrast recognizes continuous, up-to-date visibility is critical for informed security decision-making.
• With regard to operational costs, Contrast is designed to scale to many thousands of applications easily. And, Contrast Assess and Contrast Protect are available via the deployment of one agent. Deploy one agent and get both. Contrast can be installed in under a 5 minutes without any need for tailoring or configuration. All updates to software, rules, and threat information happen automatically. A top five financial organization using Contrast reports that it requires only 15% of the effort required to use legacy tools, such as static application security testing (SAST) and dynamic application security testing (DAST).