The integration will correlate the cloud runtime threat detections identified by SentinelOne with vulnerabilities found by Snyk in container images, enabling cloud security, application security and developer teams to more effectively collaborate and address the root cause of these issues.
Future enhancements to the integration will also give security teams the means to manage application risk in the cloud by further expanding on the combined code-to-cloud context of SentinelOne and Snyk , which will, in turn, simplify prioritization and remediation focus for developers.
“Developers are under increasing pressure to build applications faster, but they must also partner with their security teams to secure them across both their build and runtime environments,” said Ely Kahn, VP, Product Management for Cloud Security and AI/ML, SentinelOne.
“This integration of SentinelOne and Snyk provides consolidated visibility into vulnerabilities and threats from both platforms, which customers can use to better understand container security risks and take informed actions to resolve them,” Kahn added.
Security teams typically have visibility into runtime threats, but lack context when it comes to vulnerabilities in code and container images. Conversely, developers have a view into code and build-time vulnerabilities, but no insight into runtime threats and deployed environments. These two disparate views need to be fused throughout the application lifecycle so that high risk issues can be quickly eliminated and neither team wastes time on issues of little importance.
Take the case of a privilege escalation vulnerability in the Linux Kernel (CVE-2022-0492) that allows attackers to escape containers, establish persistence on the host and elevate privileges to execute malicious attacks. SentinelOne’s Behavioral AI engine detects such runtime container escapes, but typically, the same image is used to deploy multiple containers.
As a result, it is essential for security teams to know which vulnerabilities are present in the images for proper root cause analysis so developers understand which vulnerabilities to fix first. The integration of SentinelOne and Snyk delivers these insights in a unified, contextual way that drives enhanced security outcomes.
SentinelOne’s Singularity Cloud Workload Security product detects runtime threats, including ransomware, zero-day exploits, and fileless attacks in real-time, and automates response actions. Snyk helps developers find, prioritize, and fix vulnerabilities in their applications.
Combining the two, security and application developers can now:
- Automatically correlate container vulnerabilities discovered by Snyk at build time to runtime threats in SentinelOne, so that CloudSec, AppSec, and Developers can collaborate to find and fix vulnerabilities.
- More quickly identify the root cause of runtime threats associated with container images by identifying exploitable vulnerabilities associated with them.
- Remediate the root cause of threats at their source.
- Proactively hunt for threats and automate response actions to stop the spread.
- Leverage continuous feedback and monitoring to prevent vulnerabilities from reaching production and verify misconfigurations in runtime to build a more secure production environment.
“With software supply chains increasing in complexity, development and security teams need as much context as possible to be able to effectively address risk,” said Sarit Kozokin, VP of Product Management, Snyk. “Together, Snyk and SentinelOne provide complete visibility from code to cloud, ultimately empowering enterprises to achieve greater control and visibility into their security programs, facilitating improved management and the scaling of developer security initiatives.”