Snyk is a developer-oriented security startup that provides tools to help developers monitor and prevent security threats in their applications. It uses code instrumentation and machine learning to detect vulnerabilities in third-party code and dependencies. Snyk's approach is designed to be developer-friendly by integrating directly into development workflows and addressing the growing problem of insecure third-party code. The founders have extensive experience in cybersecurity and building security products for developers.
Snyk is a developer-oriented security startup that provides tools to help developers monitor and prevent security threats in their applications. It uses code instrumentation and machine learning to detect vulnerabilities in third-party code and dependencies. Snyk's approach is designed to be developer-friendly by integrating directly into development workflows and addressing the growing problem of insecure third-party code. The founders have extensive experience in cybersecurity and building security products for developers.
Snyk is a developer-oriented security startup that provides tools to help developers monitor and prevent security threats in their applications. It uses code instrumentation and machine learning to detect vulnerabilities in third-party code and dependencies. Snyk's approach is designed to be developer-friendly by integrating directly into development workflows and addressing the growing problem of insecure third-party code. The founders have extensive experience in cybersecurity and building security products for developers.
Snyk is a developer-oriented security startup that provides tools to help developers monitor and prevent security threats in their applications. It uses code instrumentation and machine learning to detect vulnerabilities in third-party code and dependencies. Snyk's approach is designed to be developer-friendly by integrating directly into development workflows and addressing the growing problem of insecure third-party code. The founders have extensive experience in cybersecurity and building security products for developers.
• Application Security Monitoring & Prevention • Based on code instrumentation & machine learning • Product per threat: 3rd party, AppSec, privacy… • “New Relic for Security” Developers Must & Will Own Security • Coders outnumber security people by est. 50-100x • In many cases (esp. small companies) security teams do not exist at all
• Security tools/vendors extremely not dev friendly
• Compare any Dev/Ops Tools companies to Security Tools companies…
• Security tools operate outside the app
• Whitelist policies are so hard to maintain they’re oft unused or too open
• Insight based on perimeter (eg HTTP, logs), app logic reverse-engineered
Why Now • Problem Is Getting Worse • Dev velocity is increasing, making security audit “gates” not viable
• Infra/Host Security is now owned by dev/ops, and is poorly handled
• Unchecked Third Party code & domains account for >90% of application
• Increasingly empowered to drive decisions (“The New Kingmakers”)
Snyk: Developer Oriented Security Tools Company • Modeled after Dev-Friendly companies • New Relic, Github, Heroku, PagerDuty, Travis CI, Fastly…
• Marketing Dev Relations & Community Participation
• Sales Team “Pull” Model (self-serve try, use, buy) • Security Events Developer Events • High Entry Price Free & Scaling Prices Third Party Code: A Massive Security Problem • Most of the code in today’s web apps is 3rd party • Backend Modules, Front-end domains, Underlying host software…
• Third Party Code is vulnerable too & often not tested
• Only 41% of reported vulns in open source are fixed, MTTR is 390 days
• Inventorying modules is hard; auditing is infeasible
• 3P domains are loaded dynamically, never tracked • And may be vulnerable, or malicious (e.g. malvertisements) Founders • Guy Podjarny Cyber work in Israel @ IDF (8200); Developed first WAF (AppShield) @Sanctum; created & led market leading DAST & SAST tools (AppScan) as Chief architect @Watchfire (sold to IBM), ; Founded Web Perf startup Blaze; sold to Akamai; CTO @Akamai for 3 years; ~18 patents in Security & Performance; Known speaker/blogger; Startup Investor/advisor
• Danny Grander CTO & Security Research Manager at Gita (acquired by Verint), a government/military cyber vendor; Lead dev in Collactive (social ranking startup) & Skybox (Security tools startup); Cyber work @ IDF (8200).
• Assaf Hefetz Led innovation group at Supercom, a digital identity company, including tech side of M&A activity; Researcher & developer in Skycure, a mobile security company; 6 years of Cyber work at Israeli Prime Minister Office (PMO); Completed his Computer Science degree at the age of 18. Market Size • Markets • Web Security: $2.5B, 5.7% CAGR
