Successfully reported this slideshow.

Snyk investor deck late 2015 short



Upcoming SlideShare
Resgrid Pitch Deck
Resgrid Pitch Deck
Loading in …3
1 of 8
1 of 8

More Related Content

Related Books

Free with a 30 day trial from Scribd

See all

Snyk investor deck late 2015 short

  1. 1. Snyk Web Security for Developers
  2. 2. Snyk: So Now You Know • Developer Oriented Web Security Tools • Application Security Monitoring & Prevention • Based on code instrumentation & machine learning • Product per threat: 3rd party, AppSec, privacy… • “New Relic for Security”
  3. 3. Developers Must & Will 
 Own Security • Coders outnumber security people by est. 50-100x • In many cases (esp. small companies) security teams do not exist at all • Security tools/vendors extremely not dev friendly • Compare any Dev/Ops Tools companies to Security Tools companies… • Security tools operate outside the app • Whitelist policies are so hard to maintain they’re oft unused or too open • Insight based on perimeter (eg HTTP, logs), app logic reverse-engineered
  4. 4. Why Now • Problem Is Getting Worse • Dev velocity is increasing, making security audit “gates” not viable • Infra/Host Security is now owned by dev/ops, and is poorly handled • Unchecked Third Party code & domains account for >90% of application • Developers are ready to take on Security • Increasingly writing Operable Software (via DevOps) • Security increasingly discussed in dev forums • Increasingly empowered to drive decisions (“The New Kingmakers”)
  5. 5. Snyk: Developer Oriented 
 Security Tools Company • Modeled after Dev-Friendly companies • New Relic, Github, Heroku, PagerDuty, Travis CI, Fastly… • Marketing Dev Relations & Community Participation • Sales Team “Pull” Model (self-serve try, use, buy) • Security Events Developer Events • High Entry Price Free & Scaling Prices
  6. 6. Third Party Code: 
 A Massive Security Problem • Most of the code in today’s web apps is 3rd party • Backend Modules, Front-end domains, Underlying host software… • Third Party Code is vulnerable too & often not tested • Only 41% of reported vulns in open source are fixed, MTTR is 390 days • Inventorying modules is hard; auditing is infeasible • 3P domains are loaded dynamically, never tracked • And may be vulnerable, or malicious (e.g. malvertisements)
  7. 7. Founders • Guy Podjarny Cyber work in Israel @ IDF (8200); Developed first WAF (AppShield) @Sanctum; created & led market leading DAST & SAST tools (AppScan) as Chief architect @Watchfire (sold to IBM), ; Founded Web Perf startup Blaze; sold to Akamai; CTO @Akamai for 3 years; ~18 patents in Security & Performance; Known speaker/blogger; Startup Investor/advisor • Danny Grander CTO & Security Research Manager at Gita (acquired by Verint), a government/military cyber vendor; Lead dev in Collactive (social ranking startup) & Skybox (Security tools startup); Cyber work @ IDF (8200). • Assaf Hefetz Led innovation group at Supercom, a digital identity company, including tech side of M&A activity; Researcher & developer in Skycure, a mobile security company; 6 years of Cyber work at Israeli Prime Minister Office (PMO); Completed his Computer Science degree at the age of 18.
  8. 8. Market Size • Markets • Web Security: $2.5B, 5.7% CAGR • SaaS portion: $600M, 10.8% CAGR • App Vuln Assessment: $838M, 16.6% CAGR • Automated SW Quality: $1B, 14.9% CAGR • Comparable Companies Valuations • APM: New Relic: $1.6B, AppDynamics >$1B • WAF: Imperva: $2.1B Source: IDC, 2018 Predictions