Application security startup Contrast Security Inc. today announced the release of Application Vulnerability Monitoring, a new application detection and response capability that catches vulnerabilities in products before an attack.

Said to be the first solution of its kind that works within applications to find application and application programming interface vulnerabilities in products, AVM correlates vulnerabilities with known attacks. The idea is to identify these issues in production to lower cyber risks accurately.

Contrast Security argues that companies are missing vulnerabilities in production because they’re using traditional technologies such as dynamic application security testing, software composition analysis and static application security testing. AVM provides an alternative that allows SecOps and DevOps teams to see what actual vulnerabilities exist in production environments so that they can proactively fix issues before theyre exploited in an attack.

“Traditionally, application and API security testing happened before production, without any insight into real attacks or how software actually runs in production,” said Contrast Security founder and Chief Technology Officer Jeff Williams. “As a result, development and AppSec teams are drowning in theoretical risk and false positives. By identifying the real, exploitable risks in a running app in production and enriching them with details about real attacks and exploits, AVM automatically enables teams to focus on the risks that matter before attackers find them.”

Key features of AVM include addressing the challenge of managing an expanding application attack surface, especially for organizations leveraging artificial intelligence to accelerate development. AVM provides continuous visibility within production applications to enable secure innovation while mitigating risks associated with rapid growth and complexity.

Another key feature is the ability to prioritize application vulnerabilities by identifying real exploitable risks in production environments. By combining AVM with application detection and response, SecOps teams can deploy compensating controls immediately while developers work on implementing long-term fixes.

AVM also enhances incident response and protection against zero-day, or unpatched, attacks by analyzing application behavior in real time. The capability allows organizations to pinpoint vulnerabilities, understand the context surrounding them and take proactive steps to prevent exploitation.

Contrast Security is a venture capital-backed company that has raised $269 million over six rounds, including a round of $150 million on a $1 billion-plus valuation in November 2021. Investors in the company include Liberty Strategic Capital LP, Warburg Pincus, Battery Ventures LP, General Catalyst Group Management, Microsoft’s M-12 Fund, AXA Venture Partners S.A.S. and Acero Capital Management.

Image: Contrast Security