Skip to main content

Snyk and Rapid7 strengthen partnership to provide a holistic risk assessment solution for container applications

Artikel von:
Jill Wilkins

Jill Wilkins

wordpress-sync/snyk-rapid7

29. Januar 2021

0 Min. Lesezeit

Modern organizations are working hard to differentiate their products and services by creating innovative solutions that their customers can leverage at home and on-the-go, forcing them to consider new, more agile approaches to application development that empower their development teams to accelerate time-to-market, and launch new solutions as quickly as possible.

This “need for speed” has created a widespread shift away from monolithic architectures, turning IT leaders toward new microservice architectures and DevOps methodologies that help shorten their software development cycles and ship more code to production more quickly.

One of the most widely adopted microservices are container architectures.  As you probably already know, containers are a form of operating system virtualization containing all necessary executbales including binary code, libraries and configuration files, that can be used to run anything from a small software executable to a large application.

The way containers are packaged allow them to run more quickly and reliably when a developer moves the application from one computing environment to another, and also provide smaller, more agile application deployments that allow development teams to release code more quickly.

Since most organizations are taking steps to reduce the friction of application development, containers are rapidly becoming the de facto standard of abstraction and virtualization, helping development teams move code to production as quickly as possible.

Mitigating the security risks

This added speed and portability, however, can also create security risks that increase an attack surface within a production environment.  For example, if an attacker managed to exploit a vulnerability in an open source component inside a container running as root, they would get full access to the host as well as the applications running on it.

Recognizing that the source of many of these risks stem from industry-wide open source software adoption, Snyk, the developer-first cloud native application security company, and Rapid7, a leading provider of security analytics and automation, have expanded their ongoing partnership to provide a new integration that brings Snyk’s actionable open source and container vulnerability data into Rapid7’s vulnerability risk-management solution, InsightVM.

The Snyk Intel Vulnerability Database provides granular visibility into Java vulnerabilities, automatically building open source software vulnerability checks, and displaying those checks within the Container Security feature in InsightVM. Customers can leverage Snyk’s granular vulnerability data today, without taking any additional action, and will be able to leverage checks for additional OSS packages automatically, as they’re made available.

Snyk’s new integration with InsightVM builds on Rapid7’s use of Snyk Intel within tCell, a Next-Gen Cloud web application firewall (WAF) and runtime application self-protection (RASP) solution which allows customers to uncover third party packages and associated vulnerabilities at runtime, more effectively enabling developers to prioritize the remediation and mitigation of their highest pressing vulnerabilities.

Together, Snyk and Rapid7 now provide modern, software-driven organizations with an end-to-end security solution that enables developers to find misconfigurations in infrastructure, open source vulnerabilities, and open source license constraints early in the software development lifecycle, offering application scanning, testing, and monitoring in development, as well as protection in runtime.

wordpress-sync/snyk-rapid7

Sie möchten Snyk in Aktion erleben?

Snyk interviewed 20+ security leaders who have successfully and unsuccessfully built security champions programs. Check out this playbook to learn how to run an effective developer-focused security champions program.