Skip to main content

Trend Micro brings open source vulnerability data to security teams

Trend Micro and Snyk: Report dashboard
Trend Micro and Snyk: Report dashboard

Join us in Atlanta on April 10th and explore the landscape of security workforce. We will explore the vision, benefits, and use cases of AI for security teams. Request an invite here.


Cybersecurity giant Trend Micro has announced a new software-as-a-service (SaaS) product that offers security teams “continuous insight” into open source vulnerabilities and compliance risks. Designed in partnership with Snyk, Trend Micro Cloud One – Open Source Security by Snyk is the first service on the Cloud One platform to be powered by a third-party company.

Trend Micro launched Cloud One in 2019 as a security services platform for cloud-focused development teams. It’s designed to simplify hybrid and multi-cloud security, with solutions spanning workload, container, file object storage, serverless and application, network, and posture management.

Open-sourced

The vast majority of modern software relies to some degree on open source components, as it saves companies the considerable time and resources needed to develop and maintain everything internally. However, recent data from Synopsys, the silicon design company behind open source security management platform Black Duck, found that 84% of the commercial codebases it scanned in 2020 contained at least one open source vulnerability — up from 75% in the previous year’s report.

Indeed, the business of securing open source software is big and only getting bigger. Last month, WhiteSource raised $75 million to bolster its open source security management and compliance platform, which is used by companies like Microsoft and IBM. Meanwhile, Snyk itself recently raised $300 million at a $4.7 billion valuation.

VB Event

The AI Impact Tour – Atlanta

Continuing our tour, we’re headed to Atlanta for the AI Impact Tour stop on April 10th. This exclusive, invite-only event, in partnership with Microsoft, will feature discussions on how generative AI is transforming the security workforce. Space is limited, so request an invite today.
Request an invite

Founded out of London in 2015, Snyk helps developers (as opposed to cybersecurity personnel) find vulnerabilities in their open source code, as well as their containers and Kubernetes applications. The platform is used by developers spanning myriad high-profile companies, including Google, Salesforce, Atlassian, and Twilio.

The new Trend Micro and Snyk service, which was first announced last year, is designed to improve visibility and tracking automation “by eight hours per vulnerability,” according to Trend Micro. In a nutshell, the integration serves up a series of dashboards for any developer who runs it against their source code and generates visualizations that track issues over time, potential open source license issues, security severity scores, and more.

Above: Trend Micro and Snyk: Report dashboard

Partnership

The main question is whether companies can’t just run Snyk by themselves? What, exactly, does the Trend Micro tie-up bring to the table? The key here is that Trend Micro and Snyk have distinct user bases that adhere to different workflows.

“Trend Micro has a strong security operations focus, while Snyk has a strong developer focus,” Trend Micro COO Kevin Simzer told VentureBeat. “Combined, this partnership delivers visibility to security operations teams in a manner that allows them to manage the risk found in open source vulnerabilities, gain visibility directly from source code management and build pipeline, and help solve security issues before they become a threat.”

Founded in 1988, Trend Micro is essentially a legacy cybersecurity platform born in the era of on-premises software. But as the world transitions to the cloud, Trend Micro has had to follow suit, which is why it launched Cloud One two years ago. But that also opened the door to new security considerations, including the vast array of open source vulnerabilities that exist in a company’s tech stack.

With Snyk, a cloud-native platform, developers connect the platform to their code repository (e.g. in GitHub, GitLab, or Bitbucket) and Snyk taps a giant vulnerability database it maintains internally to flag potential weaknesses or even license violations. Rather than trying to create all this from scratch, Trend Micro has recognized the need to partner with specialists in a particular domain.

“A part of being a SaaS pioneer in cybersecurity is knowing that customers want products that work together to better protect them,” Simzer said. “No vendor can go it alone in today’s threat landscape, so when there are people with knowledge that complements our projects, we plan to integrate their solutions into our platform and co-build new ones as needed.”

VB Daily - get the latest in your inbox

Thanks for subscribing. Check out more VB newsletters here.

An error occured.