Snyk, a leader in developer security, today announced that AWS has integrated Snyk Security Intelligence into a new, significantly enhanced Amazon Inspector, empowering both developer and security teams with trusted data and actionable insights to better help them build secure software.
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on Amazon Web Services (AWS). Once enabled, Amazon Inspector automatically discovers all running Amazon Elastic Compute Cloud (Amazon EC2) instances as well as container images residing in the Amazon Elastic Container Registry (Amazon ECR), and continuously assesses for software vulnerabilities and unintended network accessibility due to misconfigurations of application workloads running on AWS. Amazon Inspector generates security findings that are aggregated in an improved Amazon Inspector console as well as pushed to AWS Security Hub and Amazon EventBridge, allowing customers to further automate remediation workflows.
Snyk Security Intelligence is an important source of vulnerability intelligence for the new Amazon Inspector, helping developer and security teams improve the accuracy of transient dependency vulnerabilities by enriching Inspector findings, and helping practitioners prioritize the management of security issues to avoid impacting their production workloads. From the Amazon Inspector user interface (UI), users can easily click through to the corresponding Snyk vulnerability page to find out more about the software vulnerabilities identified by the service.
Maintained with hand-curated content and enriched meta-data, Snyk Security Intelligence identifies vulnerable functions as well as known exploit maturity, with a Common Vulnerability Scoring System (CVSS) score and vector assigned to 100% of vulnerabilities. Snyk’s proprietary research, combined with community-powered databases, such as rubysec, friends of php, rustsec, and various others, allows Snyk to discover and disclose new vulnerabilities in the open source ecosystem in a timely and accurate manner, and helps users prioritize vulnerability remediation based on accurate data and a low false-positives ratio.
Also Read: Top Three Security Considerations When Migrating to the Public Cloud
Key Customer Benefits
- Consolidate Amazon EC2 and container vulnerability management with a highly scalable service that is enabled in just a few clicks.
- Optimize remediation efforts with extremely low false-positive rates thanks to Snyk Security Intelligence’s deep and continuous quality controls.
- Leverage Snyk’s actionable, hand-curated data to reduce mean time to resolve (MTTR) vulnerabilities.
- When using the Snyk Developer Security Platform, ensure a uniform and superior source of vulnerability data across AWS’ security (Amazon Inspector) as well as developer tools (AWS CodeSuite, Amazon ECR, Amazon Elastic Kubernetes Service (Amazon EKS) and AWS Lambda).
“Like AWS, Snyk is committed to helping more global organizations to accelerate their digital transformation, fueling innovation in a secure way,” said Carey Stanton, Vice President, Global Business and Corporate Development at Snyk. “We’re proud to be part of the new Amazon Inspector and are committed to continuing to deepen our work with AWS, ensuring that all development teams worldwide have the right tools to build software securely.”
“Cloud native development has become a critical advantage to organizations looking to deliver modern products to market more efficiently,” said Michael Fuller, Director, Product Management, AWS Security Services at AWS. “By bringing Snyk’s vulnerability insights into the new Amazon Inspector, we’re enabling security teams to leverage truly comprehensive, contextual vulnerability information that helps prioritize the most severe vulnerabilities first and further empowers agile software development on AWS.”
“We didn’t trust the security coverage (provided by other evaluated solutions) was comprehensive enough, which later compared to Snyk was indeed clear,” said Leif Dreizler, Security Engineering Manager at Segment. “When the eslint-scope vulnerability came out, it was easy to find which repositories were vulnerable, allowing us to upgrade or remove the dependency.”
Snyk Achieves AWS Security Competency Status
In addition to its integration into Amazon Inspector, Snyk has recently achieved Amazon Web Services (AWS) Security Competency status. AWS Competency Programs showcase AWS Partner Network (APN) Partners who have demonstrated high-level technical proficiency and proven customer success in specific areas. To achieve this designation, APN Partners undergo a rigorous process of technical and commercial validation related to their area. The AWS Security Competency status gives AWS customers a high degree of confidence in choosing partner solutions for their cloud environment.
The AWS Security Competency designation recognizes Snyk’s deep technical expertise and proven customer satisfaction in securing cloud native applications running on AWS. As an Advanced Technology Partner with AWS, and a recipient of several other AWS competencies and “Service-Ready” validations, Snyk is committed to continuing our work to ensure customers can secure their workloads proactively when building applications on AWS. The Security Competency designation differentiates Snyk as a key security partner for AWS that provides an agile approach to security, helping enterprises adopt, develop, and deploy applications securely on AWS.
For more such updates follow us on Google News ITsecuritywire News
