Trend Micro Launches First and Only SecOps Solution to Slay Open Source Code Bugs

Built with Snyk, this Trend Micro Cloud One service saves time per vulnerability and improves visibility and tracking automation

HONG KONG SAR – Media OutReach – 17 May 2021 – Trend Micro
Incorporated (TYO: 4704; TSE: 4704),
a global
cybersecurity leader, today launched a new, co-built SaaS solution with Snyk, the leader in cloud native application
security. The first of its kind, it’s designed to provide continuous insight
into open source vulnerabilities for enhanced risk management to drive
data-driven decisions.

Trend Micro Cloud One – Open Source Security by Snyk is
the newest Cloud One service and the first partner addition to the platform,
which is available through the channel as well as AWS Marketplace.

To find out more visit: https://www.trendmicro.com/en_hk/business/products/hybrid-cloud/cloud-one-open-source-security-by-snyk.html

This is the first service that
provides visibility into open
source software vulnerabilities for security operation teams. The use of these
open source code components is exploding thanks to the speed, flexibility,
extensibility and quality they offer application development teams. According to Snyk, 80% of
application code today is open source.

In their Market Guide for Software Composition Analysis,
Gartner stated that “Open-source software is used in nearly all organizations.
This introduces risks from readily exploitable vulnerabilities; an expanded
attack surface through which malware and malicious code can gain access,
compromising proprietary code and infrastructure; and legal and intellectual
property exposures.”^[i]

Snyk has observed 2.5x growth in open source vulnerabilities
over the past three years making it more necessary than ever to deliver
security further into the DevOps pipeline. However, process gaps, mismatched
toolsets and communication challenges between SecOps and DevOps are
commonplace. Too often, this means security practitioners face an uphill battle
and lack visibility into application build-time risks. This cloud service from
Trend Micro and Snyk bridges the long-standing cultural challenges between
security and development teams with a unified solution that delivers unique
visibility sooner in the software development lifecycle to further protect the
stack.

“Together Snyk
and Trend Micro are investing in the future of the cybersecurity industry,
where security and development teams effectively work together to make their
organizations safer,” said Geva Solomonovich, Global Alliances CTO for Snyk.
“Adding Snyk’s developer-first security technology to Trend Micro’s Cloud One
allows more customers to tackle open source risk on a single platform,
minimizing the need to manage multiple vendors and tools.  We look forward
to our continued collaboration with Trend Micro to foster more innovative,
effective ways to solve key security concerns for our customers.”

Almost all applications developed across the world in the
last 25 years have been built using open source code. As the pressure to build
and deliver new cloud-native applications continues to increase, organizations
often lose sight of older applications, their component inventories, and
maintenance and update cycles—creating further opacity and risk.

“With this one solution, we’re able to solve several
problems and use technology to bridge internal gaps,” said Kevin Simzer, chief
operating officer for Trend Micro. “This offering can save over 650 hours of
development time per application through increased automation, helps to manage
risk and liability with license requirements, and gives security teams
visibility into a part of our functional code base that has not been accessible
before.”

Trend Micro Cloud One – Open Source Security by Snyk also
enables SecOps to identify vulnerabilities and issues related to licensing.
This empowers security teams to better monitor, prioritize and communicate risk
and exposure rates within DevOps projects over time. This happens with:

• Data-driven security decisions
• Continuous monitoring of threat
  levels
• Effective prioritization of risks
  and remediation recommendations

Built-in automation also helps security teams quickly
identify and gain awareness of indirect open source dependencies that both
security and developer teams may not be aware exist in their applications.
Approximately eight hours can be saved per vulnerability through automation and
early discovery.^[ii]

The service is available along with the entire Cloud One
platform on AWS Marketplace.