Snyk brings security to the software development life cycle

Get a free Techzine subscription!

Snyk offers an application security platform that is getting more popular. It has grown into a security vendor in six years with a valuation of almost 4 billion euros (4.7 billion dollars). We spoke to CEO Peter McKay after the recent Series E financing of hundreds of millions.

Snyk was founded in 2015 and has since built a reputation. Large companies such as Google and Salesforce are now using the security technology. This in a market with quite some competition, given the number of security vendors that also want to help companies secure applications. However, McKay indicates that Snyk does distinguish itself from the competition. The basis is a Cloud-Native Application Security Platform, which promises visibility and automatic recovery for every component of modern applications.

From traditional to modern

McKay explains Snyk wants to change the traditional way of application development and security. By traditional, he means developers who develop software and then task the security team with securing it. Security professionals assess the security by testing for vulnerabilities and problems in the applications. When they find code problems, the developers come into the picture again. This whole way of working is cumbersome, especially as organisations want to deliver software faster.

This approach has to be turned upside down, according to Snyk. “The traditional security approach is not scalable. You have to find a better way. A way that makes developers extremely creative, fast and secure,” says McKay. “That’s why we bring all the security components to the developer. So our solution focuses on developers, so they incorporate security controls into the software development life cycle.” McKay, therefore, speaks of a developer-first approach.

What does developer-first mean?

To achieve this, Snyk initially built technology to detect open source vulnerabilities. Snyk noticed that many open source components are used in software because it simplifies development. Think, for example, of the use of software libraries with code already written in them. This speeds up the development process and adds targeted functionality. These advantages make open source very popular but also vulnerable. It is not exactly clear what is in the code and who is modifying it. That is why testing must occur as early as possible, during the coding process and pull requests, for example, Snyk argues.

However, Snyk is now bringing more testing components to the early development life cycle. Static Application Security Testing (SAST) is an important method for evaluating your own application code. Many companies use SAST to test new software and use it to find vulnerabilities in their own code. However, according to Snyk, this takes a long time if you use services from Snyk competitors. In addition, those solutions are not always accurate (many false positives). Snyk says it can scan in real-time, so concrete results are immediately visible during coding and can be solved.

Also read: Software testing: nobody questions the need, but it’s not done enough

In addition, Snyk also saw that Kubernetes and Terraform were playing an increasingly important role in the development process. Therefore, it also offers targeted functionality for containers and Kubernetes, in the form of Snyk Container and Snyk Infrastructure as Code. The first solution focuses on finding and fixing vulnerabilities in container images and Kubernetes applications. The Infrastructure as Code solution, in turn, focuses on insecure configurations in Kubernetes and Terraform code.

Together, the solutions form the Snyk platform, which integrates as much as possible with developers’ tools. In this way, it should be as simple to use as possible. Questions such as ‘what goes wrong’ and ‘why is it a problem’ are quickly raised. The solution is also presented, although it is sometimes handled automatically.

Differentiate from competition

This approach appears to be attractive for many companies. We also asked McKay to specify how Snyk distinguishes itself because, as mentioned, there is competition. He emphasises the developer-first idea, but there is more. For example, Snyk has a huge database of vulnerabilities. “We have a team that does nothing but research vulnerabilities in all different languages and hacks. Many companies, even security companies, standardise on our database,” says McKay.

McKay also praises the intelligence of the platform. According to him, it is about finding problems and the right help towards the solution. McKay mentions finding thousands of vulnerabilities as an example. In that case, the platform can achieve speed by automatically installing available patches for vulnerabilities and prioritise the vulnerabilities that still require human attention.

Finally, McKay mentions the comprehensive nature of the Snyk platform. Some software testing vendors specialise only in SAST, while Snyk wants to offer a total approach and subsequently integrate with as many development tools as possible. As a result, companies ideally only need one platform for troubleshooting.

Valuation

The Snyk platform has attracted many companies. Millions of developers are now using the product, but other figures also show growth. McKay speaks about more than 100 per cent growth year-on-year, including in terms of revenue. In addition, the valuation is rising enormously. Whereas the valuation in September 2020 was still 2.6 billion dollars, an investment round in March resulted in a valuation of 4.7 billion dollars. Alphabet, Salesforce and Atlassian, among others, have now invested millions in Snyk.

The recent investment round of $300 million should eventually be spent in several ways. First, there is an expansion of the technology and platform. McKay says this can be done both organically and non-organically. After all, Snyk has also added technology in the past through acquisitions. In addition, the business and go-to-market should continue to grow thanks to the investment. “We have hired over 200 people in the last 12 months, and we will probably add another 250 people to the workforce in the next 12 months,” McKay says. He also sees opportunities to invest more in specific regions.

All in all, the investments and plans show that Snyk has a bright future ahead of it. We look forward to seeing how it develops.