Latest news with #IntelligenceCloud
Techday NZ
13-06-2025
- Business
- Techday NZ
Azul boosts Java security with improved runtime vulnerability detection
Azul has introduced enhanced vulnerability detection capabilities to its Intelligence Cloud that aim to reduce false positives and improve the accuracy of identifying Java application security risks. The company's updated solution, called Azul Vulnerability Detection, now uses class-level production runtime data to detect known vulnerabilities within Java applications. This approach contrasts with conventional application security (AppSec) and application performance monitoring (APM) tools, which often flag vulnerabilities based on component file names or software bill of materials (SBOM) data. Such traditional practices can generate a large volume of false positives, which the company asserts unnecessarily divert DevOps teams' time and effort. Based on findings from the Azul 2025 State of Java Survey & Report, a significant proportion of organisations are affected by this problem, with 33% indicating that more than half of their DevOps teams' time is spent addressing false positives related to Java Common Vulnerabilities and Exposures (CVEs) alerts. The broad-brush flagging approach, which does not distinguish between components actually used in production and those simply present, can result in alerts for unused or non-critical vulnerabilities. Azul's approach leverages data from Java application production environments to establish whether vulnerable classes in a component are executed, rather than simply existing as part of a packaged file. The company claims this refinement enables the solution to eliminate up to 99% of false positives, translating to a potential 100 to 1,000 times reduction compared to earlier detection methods. The technical approach The solution operates by applying a curated knowledge base that maps CVEs to individual Java classes used at runtime. By examining actual code paths executed in live environments, the system can determine whether a flagged vulnerability is relevant and warrants example cited is CVE-2024-1597, which affects specific versions of the PostgreSQL Java Database Connectivity (JDBC) driver. This high-severity vulnerability, which scores 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS), can only be exploited when the driver is used in a particular non-default configuration. Conventional tools issue alerts if the driver is present in the application package, regardless of how it is used, contributing to unnecessary remediation efforts. Azul's detection mechanism discerns whether any of the 11 susceptible classes out of 470 in the component are used, thereby reducing irrelevant alerts. Key benefits According to Azul, the Intelliigence Cloud's Vulnerability Detection capability provides several benefits to enterprises managing extensive Java estates. These include continuous, real-time detection of vulnerabilities in production environments, which helps teams rapidly triage and prioritise critical issues in high-stakes scenarios like the Log4j vulnerability event. The platform retains both real-time and historical data on component and code use, using AI methods to focus forensic investigations on vulnerabilities actively exploited prior to their discovery. Azul's vulnerability team updates the system's knowledge base with newly identified CVEs, using AI to monitor sources such as the National Vulnerabilities Database (NVD) and other repositories. The runtime data collection works across Oracle JDK as well as any OpenJDK-based Java Virtual Machine (JVM), providing flexibility for organisations using a range of Java distributions, including those from Amazon, Temurin, Microsoft, and Red Hat. Azul states that this data-gathering incurs no impact on production system performance, as it leverages information already generated by the JVM during application execution. "The improved Vulnerability Detection features strengthen the proposition of Azul's Intelligence Cloud analytics SaaS offering as a way to increase DevOps productivity and recover developer capacity by reducing the need for full-time employee time spent wasted on security false positives and inefficient triage," said William Fellows, research director at 451 Research, part of S&P Global Market Intelligence. Company statement "Our mission is to help enterprises focus their security efforts on what matters - real risk, not noise," said Scott Sellers, co-founder and CEO of Azul. "By eliminating up to 99% of false positives and pinpointing vulnerabilities in Java applications with 100x – 1000x greater accuracy than traditional tools, Azul Intelligence Cloud enables capacity recovery across DevOps and security teams. As a result, teams can dramatically reduce noise, prioritise real risk and accelerate remediation - all with zero impact to performance and without slowing innovation." Azul's enhancements to its Intelligence Cloud are positioned to address long-standing productivity challenges faced by DevOps teams handling Java application security, particularly the time lost to managing irrelevant or inaccurate alerts.
Techday NZ
11-06-2025
- Techday NZ
Azul unveils Java tool to cut false positives by up to 99%
Azul has unveiled a new class-level Java vulnerability detection capability within its Intelligence Cloud platform intended to improve the accuracy of identifying security threats in Java applications in production environments. The latest enhancement utilises runtime data to identify only those code paths that are actually executed in production, rather than simply identifying the presence of potentially vulnerable components based on file names or software bill of materials (SBOM) information. Traditional application security (AppSec) and application performance monitoring (APM) tools often generate a significant number of false positives, as they typically flag vulnerabilities if a component is present within an application regardless of whether the vulnerable portion of code is used. According to Azul, its new approach enables organisations to focus only on executable code paths, delivering a reported 100x to 1,000x reduction in false positives compared to other tools. Reducing false positives Azul referenced data from its own "2025 State of Java Survey & Report," which found that 33% of organisations say more than half of their DevOps teams' time is spent dealing with false positives from Java-related Common Vulnerabilities and Exposures (CVEs). This, the company states, not only overwhelms teams but also makes it difficult to prioritise genuine security issues and disrupts developer productivity. Java components, such as Log4j, often comprise Java ARchive (JAR) files, each containing multiple classes. It is therefore possible for applications to include components where the vulnerable class exists but is never invoked, meaning the associated vulnerability is not an actual risk. Azul argues that prioritising detection down to the class level can help Java teams correctly identify components that need patching, thereby eliminating unnecessary remediation efforts. Class-level analysis The new Vulnerability Detection capability in Azul Intelligence Cloud reportedly maps CVEs to Java classes observed at runtime, allowing organisations to pinpoint which components are in use and which are vulnerable. By relying on production runtime data, Azul claims this feature eliminates up to 99% of false positives. A cited example involves the 'Critical' severity vulnerability CVE-2024-1597, affecting certain versions of the pgjdbc PostgreSQL Java Database Connectivity (JDBC) driver. The vulnerability, which carries a CVSS score of 9.8 out of 10, only applies in specific non-default configurations. Traditional tools tend to flag the presence of the vulnerable component regardless of usage, potentially resulting in unnecessary security work. Azul states that its platform determines at runtime if any of the 11 vulnerable classes (among a total of 470 in the component) are actually used in production, enabling more precise prioritisation for remediation. "The improved Vulnerability Detection features strengthen the proposition of Azul's Intelligence Cloud analytics SaaS offering as a way to increase DevOps productivity and recover developer capacity by reducing the need for full-time employee time spent wasted on security false positives and inefficient triage," said William Fellows, Research Director at 451 Research, part of S&P Global Market Intelligence. Additional capabilities Azul states that its Intelligence Cloud platform provides several key benefits for enterprise Java security management. These include the ability to efficiently triage new vulnerabilities in real time, enabling DevOps teams to focus on the most pressing issues during high-impact events. The platform offers both real-time and historical vulnerability analysis, with forensic capabilities to determine whether vulnerable code was executed before the associated threat was identified. The underlying knowledge base that supports Azul Vulnerability Detection is updated with newly published vulnerabilities using AI-based processes, and it operates across all OpenJDK-based Java Virtual Machines (JVMs), including those provided by vendors such as Oracle, Amazon, Microsoft, Red Hat, and others. Azul notes that its approach has no measurable impact on application performance as it leverages runtime data already generated by the JVM. Azul also highlights that the system is designed to help teams recover capacity lost to unnecessary security triage, by illuminating only those vulnerabilities present in live production environments. "Our mission is to help enterprises focus their security efforts on what matters, real risk, not noise," said Scott Sellers, Co-Founder and Chief Executive Officer of Azul. "By eliminating up to 99% of false positives and pinpointing vulnerabilities in Java applications with 100x – 1000x greater accuracy than traditional tools, Azul Intelligence Cloud enables capacity recovery across DevOps and security teams. As a result, teams can dramatically reduce noise, prioritise real risk and accelerate remediation, all with zero impact to performance and without slowing innovation."
Yahoo
05-02-2025
- Business
- Yahoo
Despite uneven earnings, AI is still Big Tech's star
Big Tech's earnings season is nearly over, with just Amazon and Nvidia left to announce their quarterly performance. And despite uneven reports from some of Silicon Valley's biggest names so far, AI continues to be the star of the show for Wall Street. Microsoft (MSFT) missed on cloud revenue, Meta (META) said sales growth would slow in the current quarter, Apple (AAPL) fell short of iPhone revenue estimates, and Google (GOOG, GOOGL) disappointed on cloud growth. President Trump's tariffs on goods out of China, which have kicked off a tit-for-tat trade battle that's pulling in Google and Apple, and the emergence of DeepSeek's low-cost AI models haven't helped things either. But analysts aren't overly concerned, focusing instead on Big Tech's long-term AI bets. 'Tech sector volatility is likely to continue in the months ahead. But we see the initial set of large-cap tech results as reassuring and believe the AI growth story remains intact,' UBS's Chief Investment Office team wrote in its Daily Updates note. Nvidia (NVDA), the AI trade's bellwether, doesn't report its earnings until Feb. 26, and a miss on earnings or outlook could send AI stocks off the rails. But for now, it's all about AI's future. Microsoft and Meta kicked off earnings last week, with both companies beating analysts' expectations on the top and bottom lines. But dig deeper and the beats start to look less impressive. Microsoft reported cloud revenue of $40 billion in the quarter, shy of the $41.1 billion Wall Street was looking for. The company's Intelligence Cloud platform, which includes Azure services, came up short too, posting revenue of $25.5 billion on expectations of $25.8 billion. Microsoft said part of the problem had to do with demand outpacing its available capacity for cloud services and that non-AI cloud services were lower than expected because it's working to 'balance driving near-term non-AI consumption with AI growth.' Despite that, AI services grew 157% year over year and contributed 13 percentage points of growth to Azure overall. 'While investors wanted a more pronounced 2H [acceleration] from Azure, we continue to believe [Microsoft] is the predominant software AI winner,' Jefferies analyst Brent Thill wrote in a note to investors. Microsoft CFO Amy Hood says cloud capacity should meet customers' needs by the end of the company's fiscal 2025. Meta, for its part, declined to provide full-year guidance for its fiscal 2025, but pointed to growth opportunities via its heavy AI investments. The company is planning to spend upwards of $65 billion building out its AI services this year, including launching its next-generation Llama 4 AI model. Meta also pushed back against fears that DeepSeek's low-cost AI is a danger to its business, something Pivotal Research Group's Jeffrey Wlodarczak agreed with in his investor note following the company's earnings report. 'We expect [Meta's] open-source Llama AI to emulate the best of DeepSeek's techniques, which should allow Llama to take the lead in AI given likely significantly lower costs than their peers for best-in-class AI products boosted materially by the fact it is US based and open-sourced which will attract developers,' Wlodarczak wrote. Google parent Alphabet's stock plummeted Wednesday after coming up short on cloud revenue in the prior quarter. Like Microsoft, Google laid the blame on greater demand for its cloud services than is currently available. The fix? Spending $75 billion in 2025 on its AI build-out. That's up from the $57.9 billion analysts were anticipating. The hope, among analysts and investors, is that those billions help even out Google's supply and demand imbalance. 'We continue to see a favorable risk/reward for Alphabet and think there is a case for multiple expansion in the coming quarters as investors gain more comfort related to infrastructure spending, regulatory risk, and the impact of generative AI on Google Search,' Wedbush's Scott Devitt wrote in an investor note. Then there's Apple, which like Microsoft and Meta, beat analysts' expectations on earnings per share and revenue. But the company fell short of Wall Street's anticipations on iPhone sales, reporting revenue of $69.1 billion on expectations of $71 billion. Apple's Apple Intelligence AI platform was supposed to help buoy iPhone sales, but with the service only available in English, it's missing out on a large portion of its user base, especially in China. The company says it will launch Apple Intelligence in more languages in the coming months. CEO Tim Cook also said iPhone sales performed better where Apple Intelligence is available, indicating that the platform is helping to drive upgrades, something that is sure to please investors if it holds true for other regions. Now Apple, like the rest of its Big Tech cohort, just needs to deliver on its AI promises. Email Daniel Howley at dhowley@ Follow him on Twitter at @DanielHowley.
