中文/English
Product description
Lijian development security management platform can integrate management of development security tools, unify the collection and analysis of security risks and vulnerability data, and control the complete risk mitigation process through a strict process management so as to ensure a closed loop of key risks and deal with the problems like too many projects, security tools and complicated security data, etc., to create a solid "R&D security middle office".
Product advantages
Overall security data analysis and display to create a "R&D security middle office"
The platform supports the fusion and processing of vulnerability data under a large number of R&D projects, which can break data "silos", remove contaminated data, and visualizes the presentation to provide value for business decision-making from the perspective of security. The platform can unify external technical interfaces and business interfaces based on unified business standards, extend security capabilities laterally, and creates "R&D security middle office".
Customized orchestration which can adapt to diversified requirements of multiple scenarios
It supports customized orchestration of security scenarios, covering the three major phases of system planning, construction and operation, including security classification, project team self-assessment, network assessment, emergency response, classification protection and some other security scenarios. It supports customized orchestration of security engines according to personnel roles and business needs, adapting to the diversified security requirements of customers in multiple scenarios and realizing "three Synchronization" of system security construction.
Full lifecycle management of vulnerabilities and risks
The platform helps customers easily complete the aggregation of project-based vulnerability and risk information by connecting security tools and obtaining all security data at different stages of the project. It can help establish a closed loop for tracking and patching, providing evidences for the management and tracking of security vulnerabilities and risks, and improving the security effectiveness.
Capability management of full-stack security tools
Unify the management of full-stack security capabilities from development phase to operation phase, including threat modeling, SCA, SAST, IAST, and DAST. The platform not only supports MoreSec's self-developed security products, but also provides API interfaces to help users manage existing and new third-party tools easily.
Product features
Vulnerability management
It helps centralize processing of vulnerability data from threat modeling analysis system, SCA, SAST, IAST, DAST and other modules and establish a unified flow tracking cycle. It also integrates third-party penetration testing and mobile terminal reporting data.
Development project management
It helps monitor the project health, security status, and vulnerability management status comprehensively from the perspective of project.
Multi-dimensional analysis and visualization on data
It will output unified data aggregation analysis report with multi-dimensional data collection. Data analysis results support customization, which can provide multi-dimensional processing and display of security data information from perspective of roles, permissions, and security engines.
Security engine management
It can integrate with MoreSec SDL platform and standard products, which covers security requirement modeling analysis, security R&D knowledge acquisition, component detection, code audit, IAST detection and product lines for asset security compliance detection, providing full-stack security capacity construction and business enablement.
DevSecOps capability
The platform is compatible with DevOps development model with built-in Jenkins plug-in to provide comprehensive security capability enablement in building, release, trial run, go-live and operation.
Copyright © 2023 MoreSec Technology. All rights reserved
