Snyk Blog

Trend Micro launches Cloud One Open Source Security powered by Snyk

Written by:
Geva Solomonovich
Geva Solomonovich

May 10, 2021

0 mins read

Last summer, we announced our plan to expand our partnership with Trend Micro to provide security operations teams visibility and tracking of vulnerabilities and license risks in open source components. The long-standing partnership already includes container image security scanning that leverages Snyk’s proprietary vulnerability database.

With the new co-developed solution, Trend Micro Cloud One - Open Source Security by Snyk provides continuous insight into open source vulnerabilities to enhance risk management and drive data-driven remediation decisions. This is the first time Trend Micro is co-developing a solution with a partner on its Cloud One security service platform, which is both an honor and testament to how unique and valuable Snyk’s open source scanning technology is in the market.

We’re incredibly excited to be featured as part of the new Trend Micro Cloud One offering, which the company announced is available today through its channel partners as well as the AWS Marketplace.

Together Snyk and Trend Micro are investing in the future of the cybersecurity industry, where security and development teams effectively work together to make their organizations safer.

By adding Snyk’s developer-first security technology to Trend Micro's Cloud One platform, more customers are able to tackle open source risk through a single platform, minimizing the need to manage multiple vendors and tools, but without compromising on having the best-in-breed solution for the task.

wordpress-sync/blog-trend-micro-cloud-one-open-source-snyk

The need for open source security

Open source software usage has grown dramatically over the years. In fact, Snyk’s 2020 State of Open Source Security Report revealed that there was growth across all major open source ecosystems and a 33% increase in npm packages alone, yet 60% of organizations still did not have a full view into their dependency trees. With container security, the report found the official Node image had 642 vulnerabilities, up from 580 last year — a nearly 11% growth year-over-year in vulnerabilities in an image that has been downloaded more than 1 billion times. While that is an extreme example, other official images also contained significant vulnerabilities as well.

The problem is that developers continue to use more third-party tools and libraries, but visibility into the potential risk these components contain has lagged behind for many security teams. In fact, 78% of vulnerabilities are found in indirect dependencies, making awareness into open source a critical layer of inspection for security teams.

The growth of open source has not only accelerated the time-to-market for software, also it has revealed a new attack vector for malicious actors to exploit. A hacker that finds a single exploit on a popular open source package that is used by hundreds or thousands of organizations has all those companies as potential targets, making their hacking ROI very large, and putting more pressure on security operations teams to prioritize tracking known vulnerabilitiesand their remediation. To effectively manage risk, it’s crucial for security operations teams to have visibility into open source dependencies and license issues.

Security with the Cloud One platform

Trend Micro's Cloud One is a security services platform for organizations building applications in the cloud. Designed to help organizations meet their most strategic cloud priorities, it allows customers to migrate existing applications to the cloud, deliver new cloud-native applications and achieve cloud operational excellence, while managing their organization’s risk.

The joint solution with Snyk helps security operations professionals manage the risk of third-party dependencies as part of a larger DevSecOps strategy. This “shift left” of application security efforts enables organizations to bridge the gap between DevOps and SecOps to improve their security posture without interrupting software delivery.

“With this one solution, we’re able to solve several problems and use technology to bridge internal gaps,” said Kevin Simzer, Chief Operating Officer for Trend Micro. “The new Trend Micro and Snyk offering helps to manage risk and liability with license requirements, and gives security teams visibility into a part of their functional code base that has not been accessible before.”

Today’s organizations need to take a proactive approach to application security. This Snyk-powered solution gives security operations teams the vulnerability information they need to work in tandem with developers to better prioritize and remediate vulnerabilities at scale. That way, organizations can catch security issues before they become a problem.

With the new service, security operations professionals are able to:

  • Generate an automated open source Bill of Materials report of vulnerabilities and license issues including zero-day threats detected in the pipeline stages to ensure compliance as early as coding.

  • Easily and successfully manage and mitigate risks in open source code independently to nurture developer productivity and workflow efficiencies.

  • Prioritize remediation of open source risks with a holistic view of application security.

  • Create alignment with SecOps and DevOps teams to accelerate secure DevOps practices and help remediate cybersecurity threats.

The new Trend One offering leverages Snyk security intelligence coverage, which is maintained by a dedicated research team. The Snyk vulnerability database combines public sources, contributions from the developer community, proprietary research, and machine learning to continuously adapt to the changing and expanding nature of security threats. By going beyond public sources like CVE and NVD, Snyk makes security scanning results more actionable and comprehensive for developers and security professionals. This also allows organizations to detect issues faster and remediate them sooner.

Trend Micro Cloud One - Open Source Security by Snyk is available through Trend Micro channel partners as well as the AWS Marketplace.

Learn more or get started today by visiting Trend Micro's Cloud One - Open Source Security by Snyk page.

Posted in:Open Source Security

State of Open Source Security Report

Snyk analyzed responses from over 500 organizations and anonymized data collected from Snyk product usage to shed light on the current security posture of OS software and trends.

See the report

Start securing AI-generated code

Create your free Snyk account to start securing AI-generated code in minutes. Or book an expert demo to see how Snyk can fit your developer security use cases.

No credit card required.

Start free with GithubStart free with Google

Or Sign up with

SSOBitbucketAzure ADDocker ID

By logging in or signing up, you agree to abide by our policies, including our Terms of Service and Privacy Policy

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo

Product

What is Snyk?Snyk Code (SAST)Snyk Open Source (SCA)Snyk ContainerSnyk Infrastructure as CodeSnyk AppRisk (ASPM)Developer Security PlatformApplication securitySoftware supply chain securitySecure AI-generated code DeepCode AIPricingDeployment optionsIntegrationsIDE pluginsGit SecurityCI/CD pipelines securitySnyk CLISnyk LearnSnyk for JavaScript

Resources

DocumentationSnyk API DocsAPI statusDisclosed vulnerabilitiesSupport portal & FAQ’sBlogSecurity fundamentalsResources for security leadersResources for ethical hackersVulnerability DatabaseSnyk OSS AdvisorSnyk Top 10VideosCustomer resources

Company

AboutCustomersCareersEventsSnyk for governmentPress kitSecurity & trustLegal termsPrivacyFor California residents: Do not sell my personal informationWebsite Terms of Use

Connect

Book a live demoContact usSupportReport a new vuln

Security

Application SecurityContainer SecuritySupply Chain SecurityJavaScript SecurityOpen Source SecurityAWS SecuritySecure SDLCSecurity postureSecure codingEthical HackingAI in cybersecurityCode CheckerPythonEnterprise CybersecurityJavaScriptSnyk With GitHubSnyk vs VeracodeSnyk vs Checkmarx

© 2024 Snyk Limited
Registered in England and Wales

logo-devseccon