To find out more visit: https://www.trendmicro.com/en_us/business/products/hybrid-cloud/cloud-one-open-source-security-by-snyk.html
This is the first service that provides visibility into open source software vulnerabilities for security operation teams. The use of these open source code components is exploding thanks to the speed, flexibility, extensibility and quality they offer application development teams. According to Snyk, 80% of application code today is open source.
In their Market Guide for Software Composition Analysis, Gartner stated that “Open-source software is used in nearly all organizations. This introduces risks from readily exploitable vulnerabilities; an expanded attack surface through which malware and malicious code can gain access, compromising proprietary code and infrastructure; and legal and intellectual property exposures.”i
Snyk has observed 2.5x growth in open source vulnerabilities over the past three years, making it more necessary than ever to deliver security further into the DevOps pipeline. However, process gaps, mismatched toolsets and communication challenges between SecOps and DevOps are commonplace. Too often, this means security practitioners face an uphill battle and lack visibility into application build-time risks. This cloud service from Trend Micro and Snyk bridges the long-standing cultural challenges between security and development teams with a unified solution that delivers unique visibility sooner in the software development lifecycle to further protect the stack.
“Together Snyk and Trend Micro are investing in the future of the cybersecurity industry, where security and development teams effectively work together to make their organizations safer,” said Geva Solomonovich, Global Alliances CTO for Snyk. “Adding Snyk’s developer-first security technology to Trend Micro’s Cloud One allows more customers to tackle open source risk on a single platform, minimizing the need to manage multiple vendors and tools. We look forward to our continued collaboration with Trend Micro to foster more innovative, effective ways to solve key security concerns for our customers.”
Almost all applications developed across the world in the last 25 years have been built using open source code. As the pressure to build and deliver new cloud-native applications continues to increase, organizations often lose sight of older applications, their component inventories, and maintenance and update cycles—creating further opacity and risk.
“With this one solution, we’re able to solve several problems and use technology to bridge internal gaps,” said Kevin Simzer, chief operating officer for Trend Micro. “This offering can save over 650 hours of development time per application through increased automation, helps to manage risk and liability with license requirements, and gives security teams visibility into a part of our functional code base that has not been accessible before.”
Trend Micro Cloud One – Open Source Security by Snyk also enables SecOps to identify vulnerabilities and issues related to licensing. This empowers security teams to better monitor, prioritize and communicate risk and exposure rates within DevOps projects over time. This happens with:
- Data-driven security decisions
- Continuous monitoring of threat levels
- Effective prioritization of risks and remediation recommendations
Built-in automation also helps security teams quickly identify and gain awareness of indirect open source dependencies that both security and developer teams may not be aware exist in their applications. Approximately eight hours can be saved per vulnerability through automation and early discovery.ii
The service is available along with the entire Cloud One platform on AWS Marketplace.
About Trend Micro
Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro’s cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world. TrendMicro.com.
Snyk, the cloud native application security leader, today enables 2.2 million developers to build securely, with a vision to empower every modern developer in the world to develop fast and stay secure. Only Snyk provides a platform to secure all of the critical components of today’s cloud native application development including the code, open source libraries, container infrastructure and infrastructure as code. Snyk’s developer-first approach enables technology-driven companies to scale security in today’s fast-paced digitally transforming world. Snyk’s security platform is powered by its industry-leading proprietary vulnerability database, maintained by the expert Snyk security research team, that also powers security solutions from strategic partners such as Atlassian, Datadog, Docker, IBM Cloud, Rapid7, Red Hat and Trend Micro. The company works with global customers of all sizes to empower developers to automatically integrate security throughout their existing workflows.
Named to the 2020 Forbes Cloud 100, the definitive ranking of the top 100 private cloud companies in the world, Snyk was also recently recognized by Comparably as the #3 small-to-medium businesses for Happiest Employees in 2020.
For more information and to get started with Snyk for free today, visit https://snyk.io.
i Gartner, Market Guide for Software Composition Analysis, Dale Gardner, 18 August 2020
ii Forrester, The Total Economic Impact of Snyk, November 2019
SOURCE Trend Micro Incorporated