Legit Security: Redefining the Future of Software Supply Chain Security

For a growing number of organizations, cybersecurity is one of the most daunting challenges. Especially when it comes to software developers, embedding security to prevent vulnerabilities are important objectives to delivering digital business solutions that stand out while staying safe. Most organization’s development team don’t have a fully resourced and dedicated security team, making it a challenging task to get rid of all vulnerabilities and deliver secure software. This is where Legit Security comes into the picture with a mission to secure applications at scale by protecting software releases from code to cloud. Legit Security offers a SaaS-based platform that supports both cloud and on-premises resources and protects an organization’s software supply chain with a centralized application security control plane that provides security, governance and risk management from code to cloud. The platform combines unique automated discovery and analysis capabilities with hundreds of security policies to detect security issues, score security risks, and assist in remediating them. This integrated platform keeps the software factory secure and provides continuous assurance that applications are released without vulnerabilities.

Unlike legacy approaches where application security was focused primarily on code scanning, modern software development has dramatically changed with software being built entirely differently. There is now a complex assortment of tools, processes, and dependencies whether it’s open source, plugins, containers and development tools including code repositories, build servers, artifact repositories and more redefining today’s software supply chain. All of these reflect a huge, constantly changing attack surface that is increasingly targeted by cyber criminals and is something which organizations have shockingly little visibility and control. Legit Security’s mission is to protect this software development complexity from being attacked and enable organizations to continue moving forward fast but stay safe. “We built Legit Security after spending several years building traditional application security tools and seeing that the landscape was dramatically changing. We saw that securing this changing development landscape was not properly addressed and decided to do something about it,” explains Roni Fuchs, Co-Founder, and CEO, Legit Security.

Scalable and Secure Releases

According to the Legit Security team, as development became more complex there is an increasing problem of providing security at scale. When there are more engineers and technologies involved, the security teams have to cope with more work, and they have a lot more attack surface to deal with. “We’re trying to create a new approach to application security where you’ll have a holistic checklist of all the mandatory security steps. We’ll observe them and help implement them to form a secure software development pipeline. Eventually organizations will deploy only software that has gone through all these processes and is approved for deployment and is “Legit”. Moreover, by leveraging the automated discovery and analysis capabilities of the Legit Security platform, organizations will save time, do more with their existing resources, and focus first on what’s most important.”

Helping to reveal the hidden vulnerabilities in the shadows of pre-production development environments, Legit Security enables businesses to auto-discover all SDLC assets, dependencies, and pipeline flows in just minutes, including a visualization graph of the complete inventory, visualizing how an application is built from code to cloud. Legit also auto-detects other security products such as SAST and SCA and their respective security coverage. If a new tool is added later, it’s automatically detected by Legit. In addition, Legit Security provides hundreds of best-practice security policies to enforce SDLC security. Organizations can toggle on or off the security policies desired for their organization and instantly obtain vulnerability detection and security incident reporting.​ Legit also provides pre-built integration with systems like Jira and Slack, orchestration tools, integration APIs, and remediation guides so that the users can prioritize and remediate issues fast. The company’s SDLC security coverage monitors incident trends and helps teams to compare the security posture of teams and pipelines. Armed with new tools for compliance reporting and collaborative governance, this helps businesses to stay safe while releasing software fast.

Tackling the Rising Security Challenges

Since opening its door, Legit Security has been a pioneer in delivering cutting-edge application security solutions and services to its clients. Most of its customers are Fortune 500 and Global 2000 which was by design. The Legit Security platform was built from the ground up to support large, complex development organizations and provide support for a wide variety of the development and security tools found within them. “When we built the Legit Security platform, we incorporated several security posture management concepts from day one, which allows us to onboard a new customer in a few minutes. By adhering to an API-first model, just don’t have to install software agents, so seeing the value of the platform is immediate,” points Fuchs.

While explaining the value proposition of the company, Fuchs recalls an instance when the team assisted one of its Fortune 500 client’s security operations through M&A activity. The company was made up of many different business units, each using a different systems and infrastructure, and was struggling to ensure that their software was released securely since they couldn’t scale their current security operations across different teams. Moreover, every time the company acquired and onboarded a new company, they needed to create new policies and accommodate their new systems. Legit Security helped bring everything into one platform and gave them the ability to define centralized security policies for the entire organization from a single management control plane.

Today, Legit Security is on an ongoing quest to help businesses tackle the rising challenges associated with cybersecurity. “We’re growing all of our functions spanning sales, marketing, and customer success in North America, as well as our product, engineering and our world-class security research team here in Israel. As always, our focus is on our fast-growing customer base, making sure that we solve their most challenging problem and thereby become a trusted partner for all our customers. That’s the focus for Legit,” concludes Fuchs.

Legit Security

Roni Fuchs, Co-Founder & CEO

“As always, our focus is on our fast-growing customer base, making sure that we solve their most challenging problem and thereby become a trusted partner for all our customers.”