Cenzic Enterprise 7.1 Offers Innovative Approach to App Security by Enabling Robust Behavioral-Based Assessments from Anywhere

New Architecture Delivers Easy Scalable Web-Based Solution for Recording, Analysis and Management of the Most Robust App Security Testing Methods

Feb 21, 2013, 08:00 ET from Cenzic Inc.

SAN FRANCISCO, Feb. 21, 2013 /PRNewswire/ -- Cenzic Inc., the leading web application security intelligence platform provider, today announced a significant update to its Cenzic Enterprise software. Cenzic Enterprise 7.1 supports a new architecture which provides an innovative way for enterprises to efficiently and effectively monitor, detect and fix vulnerabilities when applications are touched by increasingly distributed teams. 

(Logo:  http://photos.prnewswire.com/prnh/20120709/MM37371LOGO)

Enterprises struggle with a growing number of applications, and too many people are involved in the application life cycle. Most enterprises have hundreds or thousands of applications to maintain. In a typical month, 300-500 new web vulnerabilities are discovered. As a result, even large enterprises don't have enough security professionals to manually conduct deep scans of every application as frequently as they should. With dispersed development, quality assurance (QA), security, production, contractors and partners involved in the total web presence, prioritizing and coordinating remediation efforts gets far too complex. Cenzic Enterprise 7.1 materially changes this reality for enterprises in two key ways.

First, Cenzic Enterprise 7.1 enables any team member anywhere to get access to automated deep scanning tools. Deep testing would normally require enterprises to deploy thick clients across hundreds of employees to be able to record human navigation behavior and meaningful required field inputs. Further, it is not possible to use the thick client in a non-Windows PC environment. Cenzic Enterprise 7.1 offers a unique value proposition in that it now delivers behavior recording for deep scanning without a cumbersome thick client. Any employee with a browser can now train an application for scanning. Ultimately, this results in higher utilization rates and more detection of application vulnerabilities.

Secondly, Cenzic Enterprise 7.1 provides centralized visibility and objective risk scoring via thin clients to better manage the entire web security lifecycle and improve remediation efforts. Team members get a role-appropriate view of the dashboard. With Cenzic Enterprise 7.1 executives and managers can gain a holistic view from anywhere. Cenzic's proprietary HARM™ scoring of vulnerability risks allows managers to rank vulnerabilities across hundreds of applications and remediate the greatest risks first, enabling optimal risk reduction.

The release of Cenzic Enterprise 7.1 marks the first time that organizations can record and analyze both user behavior as well as traffic to accurately assess security directly from a browser, eliminating the need for a thick client application to be installed. By monitoring user events and interactions, the software creates behavioral-based recordings in order to create intelligence of areas to assess. Combined with recorded traffic, the sum provides a deeper understanding and assessment of potential vulnerabilities. This also allows anyone in the organization to use the application and record their behavior and the traffic for detailed analysis later. As a result, without being on-premise, anyone can conduct deep end-to-end assessments of potential web application vulnerabilities to protect against security threats.

"Cenzic is seeking to ARM (attack, respond, manage) organizations with the tools to defend themselves against these persistent and pervasive threats," said Tyler Rorabaugh, vice president of Engineering at Cenzic. "Since most organizations have limited security resources, Cenzic is trying to help them use those resources intelligently for the greatest risk reduction possible."

New Features:

  • Distributed Behavioral-Based Recording and Assessment—New enterprise browser extension and proxy injection system enables anytime/anywhere recording of user gestures, such as clicks and swipes, as well as traffic for playback, analysis and security assessment within a distributed enterprise IT environment. Unlike traditional proxy-based models which Cenzic also supports, Cenzic now also provides a new thin client extensions and proxy injection system that doesn't require cumbersome thick client software to be installed, using instead a new injection and monitoring-based technology that records the behaviors of users.
  • Distributed Enterprise Management—New version applies a thin client paradigm of scanning and assessment management to enable security analysts to manage assessments from anywhere in the enterprise.
  • Smart Attacks—Security professionals can now assign individual and specific smart attacks, new rest service and compliance categories to assessments, as well as prioritize testing to increase accuracy and efficiency.


Cenzic Enterprise 7.1 is available for download on March 31.

Helpful Links
Cenzic Website
Cenzic Twitter
Cenzic Facebook

About Cenzic
Cenzic provides the leading application security intelligence platform to continuously assess Cloud, Mobile and Web applications to reduce online security risk. Cenzic's solutions scale from single applications to enterprise-level deployments with hybrid approaches that enable testing of applications at optimal levels. Cenzic helps brands of all sizes protect their reputation and manage security risk in the face of malicious attacks. Cenzic's solutions are used in all parts of the software development lifecycle, and most importantly in production, to protect against new threats even after the application has been deployed. Cenzic's application security intelligence platform is architected to handle web, cloud and mobile applications and is the first to provide risk reduction recommendations for business, application developers and specific applications. Today, Cenzic secures more than half a million online applications and trillions of dollars of commerce for Fortune 1000 companies, all major security companies, government agencies, universities and SMBs. More information about Cenzic can be found at www.cenzic.com.

SOURCE Cenzic Inc.