Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
Cybersecurity giant Trend Micro has announced a new software-as-a-service (SaaS) product that offers security teams “continuous insight” into open source vulnerabilities and compliance risks. Designed in partnership with Snyk, Trend Micro Cloud One – Open Source Security by Snyk is the first service on the Cloud One platform to be powered by a third-party company.
Trend Micro launched Cloud One in 2019 as a security services platform for cloud-focused development teams. It’s designed to simplify hybrid and multi-cloud security, with solutions spanning workload, container, file object storage, serverless and application, network, and posture management.
The vast majority of modern software relies to some degree on open source components, as it saves companies the considerable time and resources needed to develop and maintain everything internally. However, recent data from Synopsys, the silicon design company behind open source security management platform Black Duck, found that 84% of the commercial codebases it scanned in 2020 contained at least one open source vulnerability — up from 75% in the previous year’s report.
Indeed, the business of securing open source software is big and only getting bigger. Last month, WhiteSource raised $75 million to bolster its open source security management and compliance platform, which is used by companies like Microsoft and IBM. Meanwhile, Snyk itself recently raised $300 million at a $4.7 billion valuation.
MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.
Founded out of London in 2015, Snyk helps developers (as opposed to cybersecurity personnel) find vulnerabilities in their open source code, as well as their containers and Kubernetes applications. The platform is used by developers spanning myriad high-profile companies, including Google, Salesforce, Atlassian, and Twilio.
The new Trend Micro and Snyk service, which was first announced last year, is designed to improve visibility and tracking automation “by eight hours per vulnerability,” according to Trend Micro. In a nutshell, the integration serves up a series of dashboards for any developer who runs it against their source code and generates visualizations that track issues over time, potential open source license issues, security severity scores, and more.
The main question is whether companies can’t just run Snyk by themselves? What, exactly, does the Trend Micro tie-up bring to the table? The key here is that Trend Micro and Snyk have distinct user bases that adhere to different workflows.
“Trend Micro has a strong security operations focus, while Snyk has a strong developer focus,” Trend Micro COO Kevin Simzer told VentureBeat. “Combined, this partnership delivers visibility to security operations teams in a manner that allows them to manage the risk found in open source vulnerabilities, gain visibility directly from source code management and build pipeline, and help solve security issues before they become a threat.”
Founded in 1988, Trend Micro is essentially a legacy cybersecurity platform born in the era of on-premises software. But as the world transitions to the cloud, Trend Micro has had to follow suit, which is why it launched Cloud One two years ago. But that also opened the door to new security considerations, including the vast array of open source vulnerabilities that exist in a company’s tech stack.
With Snyk, a cloud-native platform, developers connect the platform to their code repository (e.g. in GitHub, GitLab, or Bitbucket) and Snyk taps a giant vulnerability database it maintains internally to flag potential weaknesses or even license violations. Rather than trying to create all this from scratch, Trend Micro has recognized the need to partner with specialists in a particular domain.
“A part of being a SaaS pioneer in cybersecurity is knowing that customers want products that work together to better protect them,” Simzer said. “No vendor can go it alone in today’s threat landscape, so when there are people with knowledge that complements our projects, we plan to integrate their solutions into our platform and co-build new ones as needed.”
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.