- Company (that provides the nominated product / solution / service): Security Compass
- Website: https://www.securitycompass.com/
- Company size (employees): 100 to 499
- Country: Canada
- Type of solution: Software
- Approximate number of users worldwide: 100
What other awards did this nomination receive in the previous 12 months?
Named a vendor to watch by Gartner in their 2017 Application Security Hype Cycle; named “Visionary Leader” for its Advisory Services by Markets and Markets; "Vendor of Note" in Gartner's 2017 Magic Quadrant for Security Awareness.
In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:
• No other application security solution offers a holistic and comprehensive approach to application security and compliance for DevOp environments. Current solutions are inadequate – sole reliance on application scans and automated testing tools for security miss at least half of all known vulnerabilities, leaving applications exposed to undo risk. SD Elements combines application security and threat management to deliver a holistic solution for all enterprise use cases – business, security and risk & compliance. By helping agile organizations shift security left, building security requirements into the software development lifecycle from the start, organizations can make software secure – cost effectively and at the speed business demands.
• SD Elements not only helps teams build security into their applications and manage security requirements across the SDLC, but it creates an auditable record of all activities. New and rigorous cybersecurity laws like GDPR and NY DFS require companies not only to follow secure development procedures, but also be able to prove compliance to regulating bodies. SD Elements makes this, and corporate accountability easy. If a company is hit with a data breach, CIOs and CISOs can prove that the company was following proper application security policies or, alternatively, identify what and who was responsible for the breach.
• In addition to the first-of-its-kind ASRTM platform, Security Compass also offers advisory services and robust training capabilities to help organizations train and nurture skilled developers proficient at building secure software. Offering an industry first in (ISC)2 accredited courses with Software Security Practitioner (SSP) Suites, Security Compass's training is designed to meet the agile needs of today's modern organizations through adaptive courseware that tailors to what a student needs to know. These training programs raise organizational awareness through innovative approaches to training, including integration into the SD Elements platform for just-in-time compliance training.
The Gartner “Hype Cycle for Application Security, 2017″ report introduced a new category in the Application Security sector, Application Security Requirements and Threat Management (ASRTM). Defined by Gartner as being “used for automating security requirements definition, risk assessment and threat modeling, often with Software Development Lifecycle (SDLC) integration…” SD Elements from Security Compass was named as a sample vendor.
As the world’s first and leading ASRTM platform, SD Elements from Security Compass arms developers with the tools to bake security and compliance into DevOp environments in a way that won’t disrupt development processes or get in the way of software delivery. As application development teams are moving faster than ever to build applications and embracing agile methodologies in DevOps environments to bring products to market faster, important security measures are often skipped. Instead, automated testing including static analysis security testing (SAST), dynamic analysis security testing (DAST) and interactive application security testing (IAST) are relied on. The problem is, used alone these testing tools miss at least half of all known vulnerabilities. The ASRTM platform, SD Elements complements, does not replace testing tools, and can be used to bake threat modeling and security requirements management into the software development process, helping teams anticipate, and eliminate, potential threats and known vulnerabilities before code is written.
Starting with automated threat modeling, SD Elements generates a set of security requirements to manage risk in homegrown applications or third-party software. The platform offers intuitive instructions on developing countermeasures, project tracking and reporting. Because SD Elements is highly scalable and embraces an adaptive security architecture, it features ALM integrations enabling developers to work autonomously without needing to learn a new tool. It eliminates the inefficiencies of PDFs or spreadsheets, overcomes the scarcity of talent through automation, and accelerates decision-making.