Snyk, which claims tobe the leader in developer security, announced it agreed to acquire Enso Security, “pioneers” of the industry’s first Application Security Posture Management (ASPM) solution.
The acquisition is “subject to customary closing conditions and is expected to close in Q2 2023.”
Together, with the launch of Snyk’s newest innovation, Insights, “a unique prioritization capability with code-to-cloud application intelligence, global enterprises can now more effectively manage their overall AppSec posture.”
Combined, these new capabilities will “provide Snyk customers with the tools they need to effectively manage and govern a developer security program at scale.”
Peter McKay, CEO, Snyk, said:
“As DevSecOps becomes increasingly mainstream, Snyk is committed to continuing to build upon its market leadership by adding important new capabilities that allow security leaders to grow and manage their global developer security programs at scale. We look forward to welcoming the innovative Enso team as our newest Snykers. We are fully aligned in our shared vision to help more organizations stay ahead of their competition by increasing their pace of innovation securely by default.”
The Enso Security acquisition is “part of SnykLaunch June 2023, a range of new innovations that further strengthen the Snyk Developer Security Platform.”
Additional highlights in the SnykLaunch June 2023 lineup include:
- Insights: provides AppSec teams with exponentially more effective prioritization of security issues by leveraging code-to-cloud application intelligence, allowing them to effectively focus on the top risks for their particular organization; and,
- DeepCode AI: creates validated fixes as Snyk identifies issues in both human-written and AI-generated code, crucial for AppSec teams currently scrambling to securely enable the explosion of new generative AI coding assistants.
Introducing ASPM for Developer Security
ASPM is emerging “as a priority across enterprises as application environments become more complex, along with modern developers using a variety of different tools and methods to create their code.”
As a result, many enterprises today face thousands of logged security issues, but remain uncertain surrounding the coverage of their applications.
As a result, security teams lack the visibility to understand the potential business impact of these issues, “thereby wasting precious resources without ultimately improving their software supply chain security.”
Snyk will now “leverage Enso’s ASPM capabilities, together with Insights to offer the first and only developer security platform providing a holistic view of application security posture. Regardless of the security tooling currently in place, developer-first ASPM will orchestrate coverage throughout the entire software development lifecycle, with prioritization that powerfully combines both business impact and risk.”
Manoj Nair, Chief Product Officer, Snyk, said:
“Our disruptive developer-first approach has become a game changer for application security. With these new AI and ASPM capabilities, we’re excited to now help more enterprises achieve greater supply chain security transparency, allowing them to eliminate crucial security coverage gaps across their business.”
Following the 2020 acquisition of DeepCode, DeepCode AI became “the backbone of Snyk Code.”
Powering the Snyk platform, DeepCode AI “utilizes multiple AI models and is trained on security-specific data, curated by top security researchers to provide Snyk’s customers with important AI productivity gains without the security drawbacks.”
Over 100,000 organizations are currently “leveraging the benefits of DeepCode AI, including more than 1,700 Snyk Code customers.”
Since then, Snyk has continuously “innovated in this realm, most recently with the introduction of DeepCodeAI Fix, which has already attracted 150 paying customers since a preview was opened last month.”
Starting in Snyk Code, DeepCodeAI Fix leverages Snyk’s proprietary AI “to suggest secure code fixes that developers can implement with a click, eliminating the need to do their own research and dramatically improving efficiency.”
An additional new DeepCode AI capability allows application security users to interact and directly leverage Snyk’s AI “to write custom code queries, further accelerating the process of creating custom rules and policies.”
Steve Pugh, CISO, ICE/NYSE, said:
“When it comes to developer productivity gains, the recent explosion of generative AI innovation has been welcomed by many with a mixture of enthusiasm and relief. As a security leader, however, my foremost responsibility is to ensure that all of the code we create, whether AI-generated or human-written, is secure by design. By using Snyk Code’s AI static analysis and its latest innovation, DeepCodeAI Fix, our development and security teams can now ensure we’re both shipping software faster as well as more securely.”