Wendy Moore, VP Product Marketing, Trend Micro & Geva Solomonovich, CTO, Global Alliances, Snyk virtually connect with Lisa Martin for AWS re:Invent 2020.
#theCUBE #reInvent #AWS
https://siliconangle.com/2020/12/02/managing-open-source-risk-means-bridging-the-gap-between-security-operations-and-devops-reinvent/
Managing open-source risk means bridging the gap between security operations and DevOps
BY SILVIA FREGONI
With the popularization of open-source software, the risks of malicious people exploiting their vulnerabilities have also increased. The result is more threats to companies that use these codes and their customers.
The solution is bridging a gap between developer operations and security teams within the enterprises so they can work together to mitigate the risks, according to Wendy Moore (pictured, left), vice president of product marketing at Trend Micro Inc.
“There are some organizations who do this really well; they’re very mature, and their security operations teams and their DevOps teams work very closely together,” Moore said. “Whereas we see some other organizations where dev is at one side of the pipeline and you’ve got security at the other, and they don’t tend to converse or meet — and those are the organizations where there tend to be more challenges.”
Moore and Geva Solomonovich (pictured, right), chief technology officer of global alliances at Snyk Ltd., spoke with Lisa Martin, host of theCUBE, SiliconANGLE Media’s livestreaming studio, during AWS re:Invent. They discussed the risks of ransomware in open-source codes, the need to allow security teams to have visibility into these codes, and how Trend Micro and Snyk are working together to deliver solutions to this problem. (* Disclosure below.)
Increasing the visibility
There are many reasons why open source can be vulnerable to ransomware, according to Solomonovich. “One [is that] the source is open, so just finding the vulnerabilities is much easier than trying to find the vulnerability in proprietary code,” he said.
Another reason, which is the most critical, according to Solomonovich, is that an agent who finds a vulnerability in a well-known open source package can attack not only one company, but thousands, since what makes this software popular is the fact that it is widely used.
“Hackers want to spend their hacking hours where they’re more likely to get a reward, able to get that ransom, or to have the data or do whatever they can,” Solomonovich said. “And open source actually makes it much easier for them than a lot of these other alternatives.”
The difficulty in solving the problem is that the code repository and open-source software have largely been the domain of DevOps, while the security team, which is tasked with managing the organization’s risk, has little or no visibility into what vulnerabilities might exist, according to Moore.
Faced with this challenge, Trend Micro and Snyk have teamed up to develop a technology focused on providing code scanning capability right in the code repository. Through the Trend Micro Cloud One platform, the tool is delivered as a service to the security operations team so they can see anything in the repository and take actions from there.
“The idea with this new solution is it’s going to give the security teams visibility of basically the scale and scope of their open-source situation so that they’ve actually got some data to go have conversations with the DevOps teams and start going in that direction of making those teams work more seamlessly together,” Moore concluded.
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of AWS re:Invent. (* Disclosure: Trend Micro Inc. sponsored this segment of theCUBE. Neither Trend Micro nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
AWS re:Invent 2020 . If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For AWS re:Invent 2020
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for AWS re:Invent 2020 .
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
AWS re:Invent 2020 . If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to AWS re:Invent 2020
Please sign in with LinkedIn to continue to AWS re:Invent 2020 . Signing in with LinkedIn ensures a professional environment.
Wendy Moore, VP Product Marketing, Trend Micro & Geva Solomonovich, CTO, Global Alliances, Snyk virtually connect with Lisa Martin for AWS re:Invent 2020.
#theCUBE #reInvent #AWS
https://siliconangle.com/2020/12/02/managing-open-source-risk-means-bridging-the-gap-between-security-operations-and-devops-reinvent/
Managing open-source risk means bridging the gap between security operations and DevOps
BY SILVIA FREGONI
With the popularization of open-source software, the risks of malicious people exploiting their vulnerabilities have also increased. The result is more threats to companies that use these codes and their customers.
The solution is bridging a gap between developer operations and security teams within the enterprises so they can work together to mitigate the risks, according to Wendy Moore (pictured, left), vice president of product marketing at Trend Micro Inc.
“There are some organizations who do this really well; they’re very mature, and their security operations teams and their DevOps teams work very closely together,” Moore said. “Whereas we see some other organizations where dev is at one side of the pipeline and you’ve got security at the other, and they don’t tend to converse or meet — and those are the organizations where there tend to be more challenges.”
Moore and Geva Solomonovich (pictured, right), chief technology officer of global alliances at Snyk Ltd., spoke with Lisa Martin, host of theCUBE, SiliconANGLE Media’s livestreaming studio, during AWS re:Invent. They discussed the risks of ransomware in open-source codes, the need to allow security teams to have visibility into these codes, and how Trend Micro and Snyk are working together to deliver solutions to this problem. (* Disclosure below.)
Increasing the visibility
There are many reasons why open source can be vulnerable to ransomware, according to Solomonovich. “One [is that] the source is open, so just finding the vulnerabilities is much easier than trying to find the vulnerability in proprietary code,” he said.
Another reason, which is the most critical, according to Solomonovich, is that an agent who finds a vulnerability in a well-known open source package can attack not only one company, but thousands, since what makes this software popular is the fact that it is widely used.
“Hackers want to spend their hacking hours where they’re more likely to get a reward, able to get that ransom, or to have the data or do whatever they can,” Solomonovich said. “And open source actually makes it much easier for them than a lot of these other alternatives.”
The difficulty in solving the problem is that the code repository and open-source software have largely been the domain of DevOps, while the security team, which is tasked with managing the organization’s risk, has little or no visibility into what vulnerabilities might exist, according to Moore.
Faced with this challenge, Trend Micro and Snyk have teamed up to develop a technology focused on providing code scanning capability right in the code repository. Through the Trend Micro Cloud One platform, the tool is delivered as a service to the security operations team so they can see anything in the repository and take actions from there.
“The idea with this new solution is it’s going to give the security teams visibility of basically the scale and scope of their open-source situation so that they’ve actually got some data to go have conversations with the DevOps teams and start going in that direction of making those teams work more seamlessly together,” Moore concluded.
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of AWS re:Invent. (* Disclosure: Trend Micro Inc. sponsored this segment of theCUBE. Neither Trend Micro nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
