Trend Micro extends Snyk partnership with SaaS solution to highlight open source vulnerabilities for SecOps

Trend Micro Cloud One - Open Source Security by Snyk is the first SaaS service to be added to Trend’s Cloud One platform beyond the original six.

Wendy Moore, VP Product Marketing at Trend Micro in Canada 

Trend Micro has expanded its partnership with open source vulnerability specialist Snyk. They have added Trend Micro Cloud One – Open Source Security by Snyk as the latest SaaS service on Trend’s Cloud One platform. Trend expects that the service will strengthen insight into open source vulnerabilities among security operations teams, which has generally not been a strength in the industry.

“We co-developed this service with Snyk as part of our Cloud One platform, so it’s not something that can be bought from Snyk directly,” said Wendy Moore, VP Product Marketing at Trend Micro in Canada. “This is the first additional service to be introduced on Cloud One since the original six, and the first service branded with a third-party identification.”

Snyk is based in the U.K., and their CEO for the last five years has been Peter McKay, who was co-CEO of Veeam before that. Trend Micro has partnered with them before.

“About a year and a half ago, we announced our partnership with them, embedding their open source library in our container security solution,” Moore indicated.  “What the new offering does is sit in the code repository, so that it is able to scan all source code. It thus goes further left in the pipeline, identifies open source vulnerabilities in all code, and makes it visible to the security team.”

It has been the development side of the house, rather than security, which has made use of open source, and Snyk has been very popular there.

“Snyk is very well known in the developer community,” Moore said. “They have a free tool that helps them identify and automatically fix open source vulnerabilities, which is very viral in the developer community. They are recognized as experts when it comes to open source vulnerabilities. They have also been making a stronger enterprise play lately.”

Trend Micro Cloud One – Open Source Security is distinct in being designed to provide visibility into open source software vulnerabilities specifically for security operation teams.

“This is targeted at the SecOps team, but it very much fits in the developer pipeline,” Moore said. “It reflects that fact that 80% of application code out there now is open source, which has been accompanied by a great increase in the amount of open source vulnerabilities.”

Moore said that the familiarity of Trend Micro’s channel partners with DevOps and SecOps is all over the map, from those with deep practices, to those with relatively little knowledge.

“It’s a very wide spectrum right now,” she said. “We have a partner in Winnipeg who three years ago had a CI/CD pipeline practice that was really a bleeding edge type. We have others who in the last six months are still getting their training wheels on. But it is clear to us that the channel practices that will be strong five years from now will have embraced cloud – not just from a security perspective but from a development perspective.”

Moore also said that a strength of Trend’s Cloud One platform is its ability to highlight to customers issues like SecOps awareness of vulnerabilities.

“The awareness today for vulnerabilities is fairly strong among developers, but it hasn’t been strong among security operations teams,” she stated. “There is some education with customers required there. But that’s the beauty of Cloud One. We can bring awareness to customers about other gaps that they may have.”

Leave a Reply

Your email address will not be published. Required fields are marked *