2. Snyk: So Now You Know
• Developer Oriented Web Security Tools
• Application Security Monitoring & Prevention
• Based on code instrumentation & machine learning
• Product per threat: 3rd party, AppSec, privacy…
• “New Relic for Security”
3. Developers Must & Will
Own Security
• Coders outnumber security people by est. 50-100x
• In many cases (esp. small companies) security teams do not exist at all
• Security tools/vendors extremely not dev friendly
• Compare any Dev/Ops Tools companies to Security Tools companies…
• Security tools operate outside the app
• Whitelist policies are so hard to maintain they’re oft unused or too open
• Insight based on perimeter (eg HTTP, logs), app logic reverse-engineered
4. Why Now
• Problem Is Getting Worse
• Dev velocity is increasing, making security audit “gates” not viable
• Infra/Host Security is now owned by dev/ops, and is poorly handled
• Unchecked Third Party code & domains account for >90% of application
• Developers are ready to take on Security
• Increasingly writing Operable Software (via DevOps)
• Security increasingly discussed in dev forums
• Increasingly empowered to drive decisions (“The New Kingmakers”)
5. Snyk: Developer Oriented
Security Tools Company
• Modeled after Dev-Friendly companies
• New Relic, Github, Heroku, PagerDuty, Travis CI, Fastly…
• Marketing Dev Relations & Community Participation
• Sales Team “Pull” Model (self-serve try, use, buy)
• Security Events Developer Events
• High Entry Price Free & Scaling Prices
6. Third Party Code:
A Massive Security Problem
• Most of the code in today’s web apps is 3rd party
• Backend Modules, Front-end domains, Underlying host software…
• Third Party Code is vulnerable too & often not tested
• Only 41% of reported vulns in open source are fixed, MTTR is 390 days
• Inventorying modules is hard; auditing is infeasible
• 3P domains are loaded dynamically, never tracked
• And may be vulnerable, or malicious (e.g. malvertisements)
7. Founders
• Guy Podjarny
Cyber work in Israel @ IDF (8200); Developed first WAF (AppShield) @Sanctum; created
& led market leading DAST & SAST tools (AppScan) as Chief architect @Watchfire (sold
to IBM), ; Founded Web Perf startup Blaze; sold to Akamai; CTO @Akamai for 3 years;
~18 patents in Security & Performance; Known speaker/blogger; Startup Investor/advisor
• Danny Grander
CTO & Security Research Manager at Gita (acquired by Verint), a government/military
cyber vendor; Lead dev in Collactive (social ranking startup) & Skybox (Security tools
startup); Cyber work @ IDF (8200).
• Assaf Hefetz
Led innovation group at Supercom, a digital identity company, including tech side of M&A
activity; Researcher & developer in Skycure, a mobile security company; 6 years of Cyber
work at Israeli Prime Minister Office (PMO); Completed his Computer Science degree at
the age of 18.