Snyk adds policy-based code security to its arsenal

Last year was a pretty good one for Snyk, a Boston-based security company. It raised a hefty $530 million on a $8.5 billion valuation, and with that kind of money in the bank, it’s probably not surprising that it went shopping. In February, it bought developer-focused cloud security company Fugue for an undisclosed amount.

Today, Snyk announced a new developer-centered cloud security product at AWS re:Inforce in Boston. The product’s policy engine enables security teams to hard code complex rules into the system to fix problems before they become an issue, and it’s based on the technology that Fugue brought to the company.

Former Fugue CEO and co-founder Josh Stella, who is now chief architect at Snyk, says when Snyk’s co-founder Guy Podjarny approached him last year, they bonded over the idea of putting developers at the center of the security solution. “We got into a conversation about how in both of our views the future of security would be focused on developers, the builders of systems,” he said.

He says when you look at some of the major breaches in recent years, they typically have involved system-level security issues that the solution his company brought to Snyk is designed to prevent. “Our unified policy engine will allow both developers and security practitioners to share an understanding through policy code of what is safe and secure. And that allows us at Snyk to share with all of our customers what we know is safe or unsafe,” he said.

He says this goes beyond the protoypical kind of use case of an Amazon S3 bucket being left exposed, which he says is rarely as simply as a misconfiguration. “Very often it’s a little more nuanced than that and it’s some combination of how the application works in the application code, how the IAM (identity and access management) privileges are configured, and how the S3 bucket is configured,” he said.

“And our approach to our policy engine allows us to look across those things, which is where the real vulnerabilities tend to lie, and where they get exploited.”

He said that from the beginning the idea was to integrate this solution into the Snyk platform. Snyk CEO Peter McKay says that Fugue’s technology really enhances the company’s product set, and adds a critical component.

“We needed to become more developer centric, and we looked at that market. We saw really one company that we thought was the most developer centric, which was Fugue, and [acquiring them] allowed us to bring their capabilities into our platform, which allowed us to offer the fifth product [in our product portfolio],” he said.

The product is available to a limited group of customers starting today with general availability expected later this year. And even though they are announcing it at an Amazon security event, it will work on all major cloud platforms.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter