News
SentinelOne® enhances cloud security with Snyk
November 2023 by Marc Jacob
Prioritising which vulnerabilities to fix is a challenge for software developers, and the complexities of modern apps and the software supply chain have only made things more difficult. SentinelOne is partnering with Snyk, the leader in developer security, to ease the burden. The company today announced the integration of Singularity Cloud Workload Security, its real-time Cloud Workload Protection Platform (CWPP), with the Snyk Developer Security Platform.
The integration will correlate the cloud runtime threat detections identified by SentinelOne with vulnerabilities found by Snyk in container images, enabling cloud security, application security and developer teams to more effectively collaborate and address the root cause of these issues. Future enhancements to the integration will also give security teams the means to manage application risk in the cloud by further expanding on the combined code-to-cloud context of SentinelOne and Snyk, which will, in turn, simplify prioritisation and remediation focus for developers. This news was announced during OneCon, SentinelOne’s inaugural customer event currently taking place in Boca Raton, Florida.
Painting the full picture
Security teams typically have visibility into runtime threats, but lack context when it comes to vulnerabilities in code and container images. Conversely, developers have a view into code and build-time vulnerabilities, but no insight into runtime threats and deployed environments. These two disparate views need to be fused throughout the application lifecycle so that high-risk issues can be quickly eliminated and neither team wastes time on issues of little importance.
Take the case of a privilege escalation vulnerability in the Linux Kernel (CVE-2022-0492) that allows attackers to escape containers, establish persistence on the host and elevate privileges to execute malicious attacks. SentinelOne’s Behavioural AI engine detects such runtime container escapes, but typically, the same image is used to deploy multiple containers. As a result, it is essential for security teams to know which vulnerabilities are present in the images for proper root cause analysis so developers understand which vulnerabilities to fix first. The integration of SentinelOne and Snyk delivers these insights in a unified, contextual way that drives enhanced security outcomes.
Putting events in context
SentinelOne’s Singularity Cloud Workload Security product detects runtime threats, including ransomware, zero-day exploits, and fileless attacks in real-time, and automates response actions. Snyk helps developers find, prioritise, and fix vulnerabilities in their applications. Combining the two, security and application developers can now:
• Automatically correlate container vulnerabilities discovered by Snyk at build time to runtime threats in SentinelOne, so that CloudSec, AppSec, and developers can collaborate to find and fix vulnerabilities.
• More quickly identify the root cause of runtime threats associated with container images by identifying exploitable vulnerabilities associated with them.
• Remediate the root cause of threats at their source.
• Proactively hunt for threats and automate response actions to stop the spread.
• Leverage continuous feedback and monitoring to prevent vulnerabilities from reaching production and verify misconfigurations in runtime to build a more secure production environment.
– Availability
The Snyk integration is available to SentinelOne and Snyk customers today through the Singularity Marketplace
