Xuanjing Security continues to dominate the supply chain security track of "China Cybersecurity Panorama"

Suspension mirror safety

industry

Just released

2084

collect

Introduction: Xuanjing leads Security Bull's “China Cybersecurity Panorama” in all 9 supply chain security segments including SCA, IAST, SAST, DevSecOps, Application Security Monitoring (RASP), and development process security management and control.

On April 12, 2024, SafeNiu, a well-known domestic network security professional consulting organization, officially released the 11th edition of the network security industry panorama (hereinafter referred to as the “Panorama”).Xuanjing Security has led the field of digital supply chain security for four consecutive years with years of technological innovation and application practice.leading 9 supply chain security segments including DevSecOps, Software Component Analysis (SCA), Interactive Security Testing (IAST), Static Security Testing (SAST), and Application Security Monitoring (RASP).

This panorama research work was officially launched in late December 2023 and lasted for nearly 4 months. A total of 454 network security vendors were included, which was basically the same as the 456 companies in the tenth edition of the same period last year; a total of 2,413 items were included in subdivisions, which was basically the same as the tenth edition of the same period last year. A significant reduction of 767 items. According to the statistics of Panorama, Safe Niu believes that with the changes in the macroeconomic situation, the current development strategy of my country's network security manufacturers has shifted from product line expansion to contraction of layout, and will focus on its own areas of advantage in the future. The industry development characteristics of “specialization, refinement, distinctiveness, and novelty” will be further formed.

As one of the first supporting units in the field of CNCERT data and software security evaluation, Xuanjing Security has been awarded Gartner SCA Technology Representative Vendor, Forrester SCA and SAST Technology Representative Vendor, and IDC China DevSecOps Innovator (Technology Innovator Representative) for many consecutive years. A panoramic view of the network security industry released by authoritative consulting organizations such as Leading Security Niu, Shushuo Security, FreeBuf, Shushi Consulting, and Xihou Industry Research Institute. Xuanjing Security's comprehensive strength in the field of DevSecOps digital supply chain security has always received high attention and authoritative recognition from the industry.

Faced with national and enterprise-level security needs, Xuanjing Security actively responds to policies, bases itself on independent innovation, and creates original patent-level products worldwide.The third-generation DevSecOps digital supply chain security management system of “full-process digital supply chain security empowerment platform + agile security tool chain + supply chain security intelligence service”. Under the four typical application scenarios of DevSecOps agile security system construction, digital supply chain security review, open source supply chain security governance and cloud native security system construction, we can build an enterprise-wide solution for users that adapts to the elastic development of their own business, is oriented towards agile business delivery and leads future architecture evolution. It has an endogenous active defense system, and collaborates with many enterprises in the fields of information innovation, DevOps, and cloud native to form strategic upstream and downstream partnerships to jointly create one-stop digital supply chain security, DevSecOps, information innovation security and other comprehensive solutions to help digital Thousands of industry users build safe, efficient and intelligent digital applications.

Yuanjian SCA open source threat management and control platform

·China's first AI multi-mode engine driven open source digital supply chain security review platform, integrating six core engines: source code level component dependency detection engine, source code homology detection engine, binary component analysis engine, container image detection engine and running component detection engine , combined with Xuanjing’s unique code vaccine technology, quickly scans various open source risks existing in digital applications and container images and provides real-time and accurate digital supply chain security intelligence and warning capabilities.

·Relying on the core capabilities of Yuanjian SCA, Xuanjing Security established OpenSCA, the world's first open source digital functional supply chain security community. OpenSCA focuses on security development and open source governance practices, providing global users with one-stop review governance, SaaS cloud analysis and accurate Open source digital supply chain security empowerment with intelligence early warning. OpenSCA open source community users mainly come from pan-Internet, Internet of Vehicles, finance, energy, operators and other industries.

·Based on its profound technical accumulation and application practice, according to the data from China Academy of Information and Communications Technology's “China DevOps Current Situation Survey Report”, Yuanjian SCA has ranked first in the market application rate in the same type of tool market for two consecutive years, and its suspension mirror has been safe for many consecutive years. It has been rated as the representative SCA technology vendor by international authoritative consulting organizations such as Gartner and Forrester for the first time; the OpenSCA open source community has been rated as the most valuable open source project of Gitee-GVP and the top ten open source software products in the world.

Yuanjian SCA product capabilities panorama

Lingmai IAST gray box security testing platform

·As a new generation interactive application security testing platform driven by the code vaccine kernel, Lingmai IAST uses full-scenario traffic analysis technology, including runtime application instrumentation (including active and passive), heuristic crawlers, proxy/VPN and traffic stewards, etc. Original AI penetration inspiration technology empowers development and testers without changing existing IT processes. While completing application function testing, it also automates in-depth security testing before business code goes online, focusing on covering more than 90% of medium- and high-risk vulnerabilities. , prevent applications from going online with diseases, and ensure the safe operation of the digital supply chain development process.

·According to data from China Academy of Information and Communications Technology's “China DevOps Current Situation Survey Report”, Lingmai IAST has ranked first in the market application rate of similar tools for three consecutive years.

Lingmai IAST product engine architecture

Lingmai SAST white box code audit platform

·As a new generation of static code security scanning product based on AI multi-mode intelligent engine, Lingmai SAST provides three major capabilities: source code defect detection, source code compliance detection, and source code traceability detection. It can identify security risks from the source and help enterprises solve software problems. Security defects, quality defects and coding specification defects during the development process to ensure high-quality delivery by the R&D team.

·Lingmai SAST integrates the SCA double AI driver engine for synchronous detection, the detection speed can reach one million lines/hour, supports the total number of detection rules exceeding 7000+, and is deeply linked with Yuanjian SCA to achieve vulnerability accessibility analysis and false positives in vulnerability detection. The rate is as low as 15%, and the false negative rate is as low as 13%.

·Selected into the report “The Static Application Security Testing Landscape, Q2 2023” by Forrester, an authoritative international consulting organization, Suspension Mirror Security was rated as a representative SAST technology manufacturer.

Panoramic view of Lingmai SAST linked to SCA double AI engine capabilities

Cloudshark RASP adaptive cloud defense platform

·As a new generation of application threat self-immunity platform driven by code vaccine kernel, Cloud Shark RASP combines active defense capabilities with key technologies such as patented AI detection engine, application vulnerability attack immunity algorithm, runtime security aspect scheduling algorithm and deep traffic learning algorithm. “Inject” into business applications, with the help of powerful application context analysis capabilities, it can capture and defend against various attack methods that bypass traffic detection, provide endogenous active security immunity capabilities with both business perspective and functional decoupling, and provide business applications with Factory-default safety immunity welcomes innovative development.

·According to data from China Academy of Information and Communications Technology's “China DevOps Current Situation Survey Report (2023)”, Yunsha RASP ranks first in the application rate of similar tools in the market; it was among the first batch to pass the Academy of Information and Communications Technology's RASP capability assessment for R&D and operation security tools, and was honored as one of the Academy of Information and Communications Technology's IT New Governance “Star Product of the Year”.

Panorama of Yunsha RASP product capabilities

Up to now, Xuanjing Security has been widely empowered by thousands of users in benchmark industries such as finance, Internet of Vehicles, communications, energy, government and enterprises, intelligent manufacturing and pan-Internet. Looking back at the journey, every solid step is engraved with the power of technological innovation and the accumulation of industrial practice; looking forward to the future, Xuanjing Safety always firmly believes that the road to the future will always be on the road of innovation and development. As a digital supply chain security pioneer and DevSecOps agile security leader, Xuanjing Security will continue to adhere to independent innovation and application of technology, provide the industry with more leading technology products and solutions, build a trustworthy and controllable security barrier, and continue to Protect the security of China’s digital supply chain.