Skip to main content

Snyk Launches AppRisk Pro, Developer First Application Security Posture Management Solution Leveraging AI to Prioritize Remediation

feature-apprisk-pro

1 de maio de 2024

New Solution Integrates Signals from Leading Enterprise Platforms, Including SentinelOne, Sysdig and Nightfall AI

BOSTON, M.A. — May 1, 2024 — Snyk, the leader in developer security, today released Snyk AppRisk Pro, pairing artificial intelligence (AI) with application context from third-party integrations to help application security (AppSec) and development teams address business-critical risk and accelerate fixes. Snyk AppRisk Pro extends the company’s leadership in developer-first application security posture management (ASPM), prioritizing security remediation based on application posture and throughout the full development lifecycle. 

Snyk AppRisk Pro creates a holistic understanding of application risk, equipping AppSec teams with context based on how the application was built, the code it contains, its impact on the organization's business, and team responsibilities. Armed with this information, AppSec teams are equipped and empowered to make informed decisions, prioritize the most critical issues, and foster effective collaboration across traditionally siloed stakeholders within development workflows.

Notably, Snyk AppRisk Pro can trace insecure portions of deployed applications all the way back to the specific code components that must be addressed in order to fix the issue. Critically, Snyk AppRisk Pro combines a unique level of prioritization with proven developer-first tools for vulnerability prevention and remediation, all underpinned and enabled by AI. Without this solution, overflowing vulnerability backlogs can lead to rigid security measures that hinder the development process and thwart developer productivity. This outdated, legacy-based approach results in blind spots in security coverage and application prioritization, exposing businesses to unknown risks.

The release of Snyk AppRisk Pro marks the most recent achievement in Snyk’s application risk management evolution. Following the availability of Snyk AppRisk Essentials in late 2023, the company then acquired runtime data pioneer Helios in January. The innovation and insights established as a result of integrating Helios have been fundamental in the creation of the enhanced Snyk AppRisk Pro product.

Gaining Valuable Insights Informed by Key Integrations

Snyk AppRisk Pro leverages AI to contextualize inputs from across an ecosystem of security, runtime, secrets coverage management and observability solutions. Combined with Snyk’s own industry-leading capabilities, they provide Snyk AppRisk Pro users with unprecedented runtime intelligence throughout the life of the application. 

Notable new integrations include:

  • Observability and Runtime Context from SentinelOne and Sysdig: With a holistic understanding of how an application operates, developers and security pros can prioritize which identified vulnerabilities are impacting their enterprise environments. For example, Snyk AppRisk Pro customers can identify whether a vulnerable open-source package is actually deployed and loaded in runtime, enabling more granular risk assessment.

  • Secret-related Coverage Management from Nightfall AI: Snyk AppRisk Pro expands its capabilities to accommodate more diverse program requirements, including enhancing visibility into application risk coverage using Nightfall's AI-powered detection engine to identify secrets, credentials, and sensitive data across their application code repositories with unparalleled accuracy. Customers can now prioritize remediation efforts by identifying live secrets that pose the greatest risk. With this unmatched visibility into secret sprawl, organizations can fortify their application security posture, mitigate data breaches, and ensure regulatory compliance. 

To read further about the growing Snyk AppRisk Pro ecosystem, you can visit the Snyk blog here. And, to learn more about Snyk’s holistic approach to application risk management, you can book a demo here or visit booth #748 at RSA Conference 2024 in San Francisco next week.

Quotes & Commentary

“Fueled in large part by AI-driven code, application development is accelerating at an unprecedented pace, and security teams worldwide are increasingly overwhelmed as a result,” said Manoj Nair, Chief Product Officer, Snyk. “Snyk AppRisk Pro now provides AppSec teams with a birds-eye view of their overall application security program from both a risk exposure and management coverage perspective, equipping and empowering them to now  

proactively drive both remediation and prevention. This latest solution additionally underscores Snyk’s overarching commitment to a developer-first approach, consolidating both security and development efforts seamlessly within one platform.” 

“Snyk’s integration of SentinelOne runtime data further proves their commitment to a truly comprehensive AppSec experience,” said Ely Kahn, Vice President, Product Management, Cloud Security, AI/ML, SentinelOne. “Our latest integration provides security and development teams with a holistic view of their application, from its very earliest stages all the way to its running state in production, to focus triage and remediation on the most critical issues first.”

“By seamlessly integrating with Sysdig, Snyk AppRisk Pro empowers teams to quickly and accurately assess the risk of vulnerabilities in runtime environments," said Knox Anderson, SVP of Product Management, Sysdig." This means leveraging more granular runtime context so they can better direct resources where they matter most, ultimately driving a more efficient and developer-centric AppSec program.”

"Nightfall AI is proud to partner with Snyk as they extend Snyk AppRisk Pro’s visibility into secret-related coverage," said Isaac Madan, CEO and Co-Founder, Nightfall AI. "Our partnership ensures comprehensive secrets management that eliminates blind spots, mitigates the threats posed by secret sprawl and prevents costly data breaches stemming from exposed credentials."