BOSTON, Dec. 13, 2023 – Snyk, the leader in developer security, today released Snyk AppRisk, a solution designed to empower application security (AppSec) teams with the comprehensive Application Security Posture Management (ASPM) workbench they need to govern and scale their security programs, as well as minimize risk arising from applications. Snyk AppRisk is the industry’s first ASPM solution that creates seamless collaboration between developer and security teams to address cybersecurity challenges, while also delivering C-Suite stakeholders visibility into software supply chain risk posture and their overall AppSec program performance.
Building on nearly a decade of Snyk’s experience working with enterprise customers to implement and scale effective developer security programs, a mission accelerated by the recent acquisition of Enso Security as well as the organic innovation of Insights, Snyk is now able to offer an unrivaled ASPM solution. Snyk AppRisk delivers automated application asset discovery, tailored security controls and risk-based prioritization to ensure developer and security teams are collaborating on risk via an advanced evidence graph linking development workflows to the apps deployed in the cloud.
Snyk’s 2023 Customer Value study identified “developer productivity” as a top three priority when searching for security solutions, validating how increasingly important developer productivity is for security leaders to consider, especially as AI code generation tools continue to multiply. Snyk AppRisk enables developers to maximize their time by being in lockstep with their security counterparts to ensure they focus on the remediation efforts that will have the largest risk reduction impact on the business. As a result, developer and security teams can together define appropriate guardrails to prevent security issues throughout the full software development lifecycle (SDLC) as well as measure the overall effectiveness of their developer security program.
“Global security leaders are hungry for more insight into their overall risk posture, while DevSecOps practitioners want to elevate their business influence to mature their developer security initiatives further,” said Katie Norton, Senior Research Analyst, IDC. “Solutions that provide business critical insights into an organization’s entire application landscape, such as Snyk’s new ASPM solution, can aid in bridging this gap by helping AppSec leaders evolve from gatekeepers to guides.”
“With the recent explosion of generative AI innovation, the speed of software development has reached new heights, while, at the same time, software supply chains are increasingly more complex as evidenced by the lingering effects of the Log4j vulnerability two years later. The need for developer and security teams to share application visibility, risk context and intelligent policy guardrails is critical to delivering innovation with trust.” said Manoj Nair, Chief Product Officer, Snyk. “Snyk AppRisk will serve as a crucial linchpin for development and security teams to more effectively collaborate, fortifying their overall risk posture without sacrificing their speed to market.”
Snyk AppRisk complements the breadth and depth of the Snyk Developer Security Platform and is designed to deliver a holistic, developer-first ASPM workbench, equipping and empowering global DevSecOps teams to:
Automate application asset discovery: continually discovering application assets and classifying them by business context, ensuring security is fully in sync with developers;Create tailored security controls: defining and managing appropriate security and compliance requirements, while verifying applications have the correct controls in place; and,Leverage risk-based prioritization: blending application context with best-in-class security and fix analysis to quantify risk and create an evidence graph, ensuring developer remediation efforts are focused on the issues that pose the biggest risk to the business.
Snyk AppRisk will prove critical for security teams as they tackle new vulnerable code components, thanks to a policy-driven approach – quickly identifying which assets are affected and prioritizing developer remediation efforts to significantly cut down on breach impact. The Log4j vulnerability disclosure, almost exactly two years ago, proved to be a watershed moment for the industry as developer, security and operations teams worldwide raced against the clock to find and fix their vulnerable assets. Snyk AppRisk would have significantly streamlined this stressful and time consuming remediation process, ultimately sparing many global enterprises time and money.
To this end, over 60% of Snyk customers view being able to track the severity of open source vulnerabilities, and the time to fix, as a key metric in DevSecOps success today. In addition, as AI agents further push the pace of application development, security leaders have become increasingly concerned about new risks being introduced into their code at this accelerated pace. Snyk AppRisk ensures the correct security controls are in place in order for global development teams to safely adopt and trust these AI tools.
“Building applications both quickly and securely is non-negotiable for us in order to pursue our own vision of transforming today’s patient journey,” said Julien Dewitte, Senior Security Engineer, Komodo Health. “Snyk’s unique, developer-based approach to ASPM will help us to gain an even better understanding of our software footprint, allowing us to more confidently deliver on our mission to reduce the global burden of disease.”
Two versions of Snyk AppRisk will ultimately be available. AppRisk Essentials, a solution focused primarily on Snyk-based developer security tools, is available today. In early 2024, Snyk will additionally launch AppRisk Pro, an offering for enterprise customers to manage and scale their entire developer security programs to include additional security solutions beyond the Snyk Developer Security Platform.
