Skip to main content

Trend Micro launches Cloud One Open Source Security powered by Snyk

Écrit par:

10 mai 2021

0 minutes de lecture

Last summer, we announced our plan to expand our partnership with Trend Micro to provide security operations teams visibility and tracking of vulnerabilities and license risks in open source components. The long-standing partnership already includes container image security scanning that leverages Snyk’s proprietary vulnerability database.

With the new co-developed solution, Trend Micro Cloud One - Open Source Security by Snyk provides continuous insight into open source vulnerabilities to enhance risk management and drive data-driven remediation decisions. This is the first time Trend Micro is co-developing a solution with a partner on its Cloud One security service platform, which is both an honor and testament to how unique and valuable Snyk’s open source scanning technology is in the market.

We’re incredibly excited to be featured as part of the new Trend Micro Cloud One offering, which the company announced is available today through its channel partners as well as the AWS Marketplace.

Together Snyk and Trend Micro are investing in the future of the cybersecurity industry, where security and development teams effectively work together to make their organizations safer.

By adding Snyk’s developer-first security technology to Trend Micro's Cloud One platform, more customers are able to tackle open source risk through a single platform, minimizing the need to manage multiple vendors and tools, but without compromising on having the best-in-breed solution for the task.

wordpress-sync/blog-trend-micro-cloud-one-open-source-snyk

The need for open source security

Open source software usage has grown dramatically over the years. In fact, Snyk’s 2020 State of Open Source Security Report revealed that there was growth across all major open source ecosystems and a 33% increase in npm packages alone, yet 60% of organizations still did not have a full view into their dependency trees. With container security, the report found the official Node image had 642 vulnerabilities, up from 580 last year — a nearly 11% growth year-over-year in vulnerabilities in an image that has been downloaded more than 1 billion times. While that is an extreme example, other official images also contained significant vulnerabilities as well.

The problem is that developers continue to use more third-party tools and libraries, but visibility into the potential risk these components contain has lagged behind for many security teams. In fact, 78% of vulnerabilities are found in indirect dependencies, making awareness into open source a critical layer of inspection for security teams.

The growth of open source has not only accelerated the time-to-market for software, also it has revealed a new attack vector for malicious actors to exploit. A hacker that finds a single exploit on a popular open source package that is used by hundreds or thousands of organizations has all those companies as potential targets, making their hacking ROI very large, and putting more pressure on security operations teams to prioritize tracking known vulnerabilitiesand their remediation. To effectively manage risk, it’s crucial for security operations teams to have visibility into open source dependencies and license issues.

Security with the Cloud One platform

Trend Micro's Cloud One is a security services platform for organizations building applications in the cloud. Designed to help organizations meet their most strategic cloud priorities, it allows customers to migrate existing applications to the cloud, deliver new cloud-native applications and achieve cloud operational excellence, while managing their organization’s risk.

The joint solution with Snyk helps security operations professionals manage the risk of third-party dependencies as part of a larger DevSecOps strategy. This “shift left” of application security efforts enables organizations to bridge the gap between DevOps and SecOps to improve their security posture without interrupting software delivery.

“With this one solution, we’re able to solve several problems and use technology to bridge internal gaps,” said Kevin Simzer, Chief Operating Officer for Trend Micro. “The new Trend Micro and Snyk offering helps to manage risk and liability with license requirements, and gives security teams visibility into a part of their functional code base that has not been accessible before.”

Today’s organizations need to take a proactive approach to application security. This Snyk-powered solution gives security operations teams the vulnerability information they need to work in tandem with developers to better prioritize and remediate vulnerabilities at scale. That way, organizations can catch security issues before they become a problem.

With the new service, security operations professionals are able to:

  • Generate an automated open source Bill of Materials report of vulnerabilities and license issues including zero-day threats detected in the pipeline stages to ensure compliance as early as coding.

  • Easily and successfully manage and mitigate risks in open source code independently to nurture developer productivity and workflow efficiencies.

  • Prioritize remediation of open source risks with a holistic view of application security.

  • Create alignment with SecOps and DevOps teams to accelerate secure DevOps practices and help remediate cybersecurity threats.

The new Trend One offering leverages Snyk security intelligence coverage, which is maintained by a dedicated research team. The Snyk vulnerability database combines public sources, contributions from the developer community, proprietary research, and machine learning to continuously adapt to the changing and expanding nature of security threats. By going beyond public sources like CVE and NVD, Snyk makes security scanning results more actionable and comprehensive for developers and security professionals. This also allows organizations to detect issues faster and remediate them sooner.

Trend Micro Cloud One - Open Source Security by Snyk is available through Trend Micro channel partners as well as the AWS Marketplace.

Learn more or get started today by visiting Trend Micro's Cloud One - Open Source Security by Snyk page.