The move is still good news for CSOs looking to better manage application security, she stressed, just not necessarily industry-moving. “They are absolutely solving a problem but I don’t think the marketplace aspect of it is that interesting. I think they wanted to highlight 100 integrations out of the box. That is solid and it is what a vendor like that needs to do to go out to market. But the interesting thing about integration is that (enterprise IT managers) don’t care about the number. They only care if they have the ones they want and need.”
A core feature
Dale Gardner, a Gartner senior director analyst who tracks application and software supply chain security, reacted similarly to Carielli.
“This type of integration is considered a core, required feature for an ASPM solution,” he said. “One of the primary reasons organizations look at these tools is to help integrate information from a variety of application security tools across the SDLC to gain visibility into the security status of an application, help with prioritization, and better understand risks posed by an application,” Gardner said. “In the space, I see a couple of different types of vendors: those who focus on integration of existing tools, and those who also incorporate their own tooling as either a replacement for someone’s existing tools or to augment gaps. Cycode falls into the latter category and in looking at the product, their third-party integrations have been quite broad, covering many different aspects of the lifecycle. But not necessarily deep, with an emphasis on more popular products.”
Gardner added that Cycode “is trying to expand the scope of their integrations to better address the needs of buyers who are not looking to replace their existing tools. I don’t think this breaks new ground. Competitively, they talk about more than one hundred integrations, which is average, while some vendors support more than 200 tools. This is more of a way to improve their competitive standing.”
Cycode’s statement characterized the marketplace as quite significant. “The launch of our ASPM marketplace is a major leap in building a comprehensive security ecosystem and we’re proud to be first,” said Seth Robbins, chief revenue officer at Cycode. “Unlike competitors, Cycode’s singular focus on application security and our integrated Risk Intelligence Graph give customers unparalleled precision in their threat prioritization — table stakes for any effective ASPM.”