Snyk AppRisk provides an ASPM workbench for the developers and security teams to discover assets, and analyze business and security context to quantify risks. Credit: Ground Picture / Shutterstock Developer security solution provider, Snyk, has launched an application security posture management (ASPM) offering, dubbed Snyk AppRisk, to help application security (AppSec) teams monitor and manage their cybersecurity programs better. The offering will feature a workbench, which will allow developers and security teams to collaborate and address cybersecurity challenges through asset discovery and risk-based prioritization. “Snyk has been known as a pioneer in developer-focused tools to help developers better incorporate security into their development processes and free up security from being a bottleneck to faster cloud-native development cycles. It was mostly known for its software component analysis and software supply chain capabilities,” said Melinda Marks, senior analyst at ESG. “This (launch) helps them extend their brand as a broader application security vendor for modern, cloud-native development.” Snyk AppRisk will be available in two editions. AppRisk Essentials, available immediately, will target existing Snyk customers and work only with Snyk tools. In early 2024, the company will launch AppRisk Pro, an enterprise-focused offering that’ll work with Synk and non-Snyk developer security tools. Automating asset discovery, security controls, and risk prioritization Snyk AppRisk combines the existing capabilities of the Snyk developer security platform — including telemetry and security controls — with an ASPM workbench and a set of new abilities for the DevSecOps teams. AppRisk offers the ability to automate application asset discovery, which allows security teams to configure the ASPM workbench to discover application assets and classify them by business context continually. This context-based classification combined with Snyk’s existing controls to analyze and quantify risks powers the new risk prioritization engine. Additionally, the new offering allows the DevSecOps teams to define and manage appropriate security and compliance requirements, while verifying applications have the correct controls in place, according to Snyk. Visualization and context for prioritization are key According to Marks, Snyk will have to focus on two key areas for the new offering to be effective. These include the ability to have a granular visualization of the application assets and an effective quantification of risks with a focus on the context used. “Vulnerability management is challenging with cloud-native applications because there are multiple layers to test and scan to effectively manage risk, including infrastructure as code, custom code, container images, third-party code, and other dynamic and often ephemeral elements,” Marks said. “It’s necessary to scan to catch possible issues, but the number of alerts can be overwhelming to prioritize remediation in time to prevent incidents or reduce the impact of a breach. These types of solutions that help provide the context of how the applications are built and the connections to the resources that they are making help application security teams understand what needs attention so they can work efficiently, prioritizing what needs urgent attention.” Snyk’s consolidation of application security controls could be comfortably termed as a cloud-native application protection platform (CNAPP) offering instead of an ASPM offering, Marks remarked adding that, “application security is a growing area for overall security risk management with the increased adoption of cloud services, and we can expect to see organizations consolidating their tools to optimize efficiency for their security teams.” Related content news AT&T suffers critical breach impacting 73 million customers Data released on the dark web impacts 7.6 million existing account holders and 65.4 million past subscribers. By Shweta Sharma 01 Apr 2024 4 mins Data Breach feature Recruit for diversity: Practical ways to remove bias from the hiring process Changing the wording on job descriptions and introducing a diverse hiring panel are some of the ways to remove bias when hiring cybersecurity professionals. By Aimee Chanthadavong 01 Apr 2024 8 mins Careers feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff 01 Apr 2024 17 mins Technology Industry IT Skills Events news Top cybersecurity product news of the week New product and service announcements from Bedrock Security, GitGuardian, Legit Security, Nametag, and Cybereason and Observe By CSO staff 29 Mar 2024 70 mins Generative AI Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe