Sysdig and Snyk Announce Partnership to Enable End-to-End Container Security

SAN FRANCISCO--(BUSINESS WIRE)--Sysdig, the unified container and cloud security leader, and Snyk, the leader in developer security, today announced the integration of Sysdig Secure with Snyk Container to cover container security from development through operations. Based on initial internal testing, this integration allows teams to eliminate up to 95 percent of vulnerability alerts using runtime intelligence from Sysdig Secure with Snyk Container.

With this partnership, Sysdig and Snyk bring together the industry-leading container runtime and developer security tools, for the first integration that bridges developer, DevOps, and SecOps silos. Sysdig runtime context provides Snyk users the ability to quickly pinpoint exploitable packages that are active in production applications. The integration aligns developer, operations, and security teams on which vulnerabilities to prioritize fixing first, focusing scarce developer resources on the biggest risks.

Today's Container Security Reality: Balancing Risk Reduction with Developer Agility

• Developers are overwhelmed with vulnerabilities and don’t know where to focus remediation efforts. Attempting to wade through the unmanageable number of issues is noise that takes precious time away from coding and leaves organizations open to risk. By understanding business impact, as well as severity score, teams can fix the most critical issues first.
• Security and operations teams responsible for monitoring the runtime environment need the container and Kubernetes visibility required to flag newly identified vulnerabilities for workloads running in production. They also need to detect threats attacking vulnerabilities that have not been fixed, and to stay ahead of zero-day exploits.

Sysdig’s unique container visibility and threat protection and Snyk’s developer-first tooling pair accurate runtime threat protection with early detection and vulnerability management. By bringing this information into the development pipeline, Sysdig and Snyk are in a unique position to help development teams instantly eliminate up to 95 percent of the vulnerabilities that would otherwise demand their attention.

Bridging The Gap: Sysdig + Snyk

Sysdig and Snyk’s new collaboration helps organizations more effectively remove the security barriers that stand in the way of faster innovation.

This is accomplished by:

• Securing the entire container lifecycle: Every aspect of the container and Kubernetes lifecycle is now covered — from the most secure base images to detecting and prioritizing which vulnerabilities require attention, to monitoring running workloads for real-time threats and new vulnerabilities.
• Building securely from the start: Snyk’s security insights and automated remediation are seamlessly integrated to more easily find, prioritize, and fix vulnerabilities in containers and open source dependencies.
• Protecting against runtime threats: Sysdig’s runtime security, based on open source Falco, detects threats across containers and Kubernetes, and captures detailed activity, enabling teams to accelerate incident response.
• Prioritizing the security alerts that matter most: With the integration of Snyk and Sysdig, organizations can quickly pinpoint exploitable packages that are active in production applications. This enables organizations to prioritize container vulnerabilities that pose the greatest risk, reducing noise and overall risk to gain developer speed and efficiency.

Quotes

Peter McKay, Chief Executive Officer, Snyk: “For too long, developers have been tasked with the impossible: fighting the unrelenting vulnerability noise that compromises both their speed as well as their company’s overall security. Together with Sysdig, we’re now empowering millions more developers worldwide to innovate securely. We’re excited for what’s ahead as together we advance the global DevSecOps movement in 2022 and beyond.”

Suresh Vasudevan, Chief Executive Officer, Sysdig: “The deep visibility available with Sysdig’s runtime security and Snyk’s developer-first tooling enables developer, DevOps, and security teams to achieve better alignment so they can manage risk without delaying software releases. The increase in productivity helps drive innovation, cost savings, revenue growth, and customer satisfaction.”

Resources

• Sysdig Blog: Sysdig and Synk use runtime intelligence to eliminate vulnerability noise
• Snyk Blog: Teaming up with Sysdig to deliver developer AND runtime Kubernetes security
• Learn more about the partnership
• Join the March 10, 10AM PST webinar, Secure Containers and Eliminate Noise from Code to Production with Sysdig and Snyk

About Sysdig

Sysdig is driving the standard for cloud and container security. The company pioneered cloud-native runtime threat detection and response by creating Falco and Sysdig as open source standards and key building blocks of the Sysdig platform. With the platform, teams can find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance. From containers and Kubernetes to cloud services, teams get a single view of risk from source to run, with no blind spots, no black boxes. The largest and most innovative companies around the world rely on Sysdig.

About Snyk

Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world. Our developer-first approach ensures organizations can secure all of the critical components of their applications from code to cloud, leading to increased developer productivity, revenue growth, customer satisfaction, cost savings and an overall improved security posture. Snyk’s Developer Security Platform automatically integrates with a developer’s workflow and is purpose-built for security teams to collaborate with their development teams. Snyk is used by 1,500+ customers worldwide today, including industry leaders such as Asurion, Google, Intuit, MongoDB, New Relic, Revolut and Salesforce.