MaterialCentral

...

An All-In-One Solution For Your Agency's

Software has become the cornerstone of modern-day businesses. It is no exaggeration to say that it has become the material that companies use to function and thrive. Application Portfolio Management (APM) is crucial for businesses looking to optimize their software investments and drive operational efficiency. By providing a comprehensive view of the organization's application landscape, APMs allow businesses to make informed decisions about which applications to retain, retire, or replace. Traditional APM products focus primarily on application rationalization. MaterialCentral is the first APM product designed from a cybersecurity perspective.

“Maintaining an accurate technology asset and application inventory is an accepted industry-wide best practice of cyber hygiene and can help organizations more easily identify affected assets and applications in responding to an incident. All organizations should maintain an accurate IT asset and application inventory”

Teams are Struggling to Keep Up with the Demands of Managing and Maintaining Software Inventory

976

Average Number of Applications Organizations Maintain in 2022 (Increase of 16%)

730% Increase

88K Malicious Software Supply Chain Attacks in 2022

25K

CVEs Published in 2022 (Increase of 20%)

5.1

Average Number of Critical Vulnerabilities in Code Bases in 2022

12%

Average Number of Known Vulnerabilities Teams Can Fix Per Month in 2022

The Dominance of Open Source

As the adoption of open-source software continues to increase across various industries, the notion that its usage comes with without any concern is no longer valid. While open-source software offers significant benefits such as flexibility and cost savings, it also presents unique challenges such as the need to track and maintain dependencies. With the interconnected nature of open-source software, enterprises must have a clear understanding of the dependencies in their systems to ensure they remain secure and up-to-date. Neglecting to address these dependencies can leave an organization vulnerable to security breaches and other issues that can negatively impact business operations. Therefore, it is crucial for organizations to recognize that using open-source software requires a proactive approach to managing dependencies and ensuring the long-term stability and security of their systems.

97%

of enterprise codebases contain open source software

78%

of total code in codebases is from open source dependencies

77%

of organizations have increased open source in the last 12 months

MaterialCentral Can Help Tame The Chaos

MaterialCentral is a powerful application portfolio management platform designed with a cybersecurity perspective to help enterprises manage their open-source dependencies. MC provides a comprehensive view of an organization's software components and their dependencies, enabling users to identify potential vulnerabilities and outdated components that need to be updated or replaced.

...

Top MaterialCentral Features

...

Application Portfolio Management

MaterialCentral is a software tool designed to help organizations manage, track and optimize their software applications. It provides a centralized platform for IT managers to track and analyze their organization's entire application portfolio, including applications that are currently in use, as well as those that are being developed or retired.

...

Plugin Framework

MaterialCentral is built on a plugin framework which enables users to extend the functionality of the product by creating custom plugins. The plugin framework allows developers to create custom capabilities within the core APM and cybersecurity platform. software, which can be tailored to the specific needs of different users and organizations.

...

Open-Source & Proprietary Scanner Integration

MaterialCentral provides out of the box support for many scanners including trivy, grype, syft, DependencyCheck, ZAP, Lighthouse, trufflehog, Pa11y, Nikto, sqlmap, sslscan, and OpenScap. In addition to the scanners listed, MaterialCentral is built upon a modular analyzer layer that allows additional scanners to easily be integrated into the system.

...

Enhanced Supply Chain Security

MaterialCentral provides a number of capabilities to enhance your supply chain security. All scanned container images and source code repositories have their materials (libraries, packages, etc.) recorded and indexed. This information can be accessed from the Material Search feature in MaterialCentral which allows you to instantly discover which applications and dependencies include particular dependencies. A Software Bill of Material can also be exported from these container images and source code repositories from MaterialCentral to be used by other systems.

...

Jira Integration

MaterialCentral is able to create and synchronize Jira issues based upon findings from scans. When previously discovered findings are no longer present from the latest scan, MaterialCentral will automatically close the issue out with details about the latest scan. Each application scanned by MaterialCentral can be configured with its Jira project key so that new issues created by MaterialCentral show up in the correct project and backlog.

...

Detailed Reporting

MaterialCentral provides the numerous reports which can be viewed within the web application or scheduled to be delivered via. email as a PDF. Some of the reports included: Stale Container Report, Scan Activity, Findings, Overdue Findings, Stale Materials, Nexus Synchronization, Jira Synchronization, and Risky Vulnerabilities.

...

Vulnerability Priority Management

Organizations are overwhelmed by the number of vulnerabilities reported on their software. Vulnerability severity is an important prioritization metric but isn't always an indicator of which vulnerabilities are at the greatest risk of being exploited. MaterialCentral provides a number of metrics in addition to severity that organizations can pick and choose from in order to establish their risk and priority profile including Exploit Prediction System and CISA Known Exploited Vulnerabilities Catalog.

...

Scheduled & Continual Scanning

MaterialCentral provides a number of scanning tools to ensure the quality of your application before updates are published to live environments. New vulnerabilities will often be discovered after an application update is released that did not show up in the initial scan. It's important to continually scan your application after go-live to be notified when these vulnerabilities are revealed. All scans within MaterialCentral can be scheduled to execute automatically on a recurring basis.

...

Real-Time Alerts & Notification

When new vulnerabilities are published and discovered in your applications it can be important that stakeholders are made aware of this as soon as possible. MaterialCentral can be configured to send out alerts of new vulnerabilities that meet a certain threshold to both email and Slack channel.

...

API

MaterialCentral provides a full featured REST based API that can be used to systematically access all its functionality. This allows MaterialCentral to easily be integrated with your CI/CD pipeline or other systems of interest.

More MaterialCentral Features

Scan Results

MaterialCentral provides a consistent and unified results view of all the supported scan types. The results of a scan can easily be exported as a PDF or Excel spreadsheet for use with other systems.

...

Vulnerability Prioritization

MaterialCentral provides a number of metrics to order and prioritize vulnerability remediation including, CVSS Score & Severity, EPSS Score, Analyzer Confidence, and Known Exploited Vulnerability.

...

CVSS Calculator

MaterialCentral provides an intuitive CVSS calculator for Common Vulnerability Scoring System 2 and 3 vectors to perform environmental and temporal scoring on a Software Composition Analysis finding. This calculator can be used to override the base score for vulnerabilities to make the severity rating more accurate in the current environment.

...

Materials Search

Materials (artifacts and/or libraries) identified in container images from Software Composition Analysis scans can be searched on within the MaterialCentral web interface to quickly identify which containers or code repositories have dependencies on certain packages or libraries.

...

Stale Container Report

A report that shows container repository findings based upon a detailed search criteria.

...

Risky Vulnerabilities Report

This report details all active vulnerabilities that have an Exploit Prediction Scoring System score of 50% or more and a CVSS severity of Medium or higher. This report also includes details from CISA’s Known Exploited Vulnerabilities catalog.

...

Manage your application portfolio from a cybersecurity perspective with MaterialCentral.

Clients

MaterialCentral is used by the following Government Agencies.

The VA's Mobile Application Program (MAP) uses MaterialCentral (formly FlexLine) for security scanning of their Veteran and Staff mobile and web applications.

...

Schedule a demo with us.

MaterialCentral is built by TekFive. We'd love to meet with you sometime to demonstrate MaterialCentral and discuss how MaterialCentral might work for your organization. To schedule a time, please send an email to the address below.

materialcentral@tekfive.com