Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Snyk investor deck late 2015 short

Snyk short investor deck, late 2015

  • Loggen Sie sich ein, um Kommentare anzuzeigen.

Snyk investor deck late 2015 short

  1. 1. Snyk Web Security for Developers
  2. 2. Snyk: So Now You Know • Developer Oriented Web Security Tools • Application Security Monitoring & Prevention • Based on code instrumentation & machine learning • Product per threat: 3rd party, AppSec, privacy… • “New Relic for Security”
  3. 3. Developers Must & Will 
 Own Security • Coders outnumber security people by est. 50-100x • In many cases (esp. small companies) security teams do not exist at all • Security tools/vendors extremely not dev friendly • Compare any Dev/Ops Tools companies to Security Tools companies… • Security tools operate outside the app • Whitelist policies are so hard to maintain they’re oft unused or too open • Insight based on perimeter (eg HTTP, logs), app logic reverse-engineered
  4. 4. Why Now • Problem Is Getting Worse • Dev velocity is increasing, making security audit “gates” not viable • Infra/Host Security is now owned by dev/ops, and is poorly handled • Unchecked Third Party code & domains account for >90% of application • Developers are ready to take on Security • Increasingly writing Operable Software (via DevOps) • Security increasingly discussed in dev forums • Increasingly empowered to drive decisions (“The New Kingmakers”)
  5. 5. Snyk: Developer Oriented 
 Security Tools Company • Modeled after Dev-Friendly companies • New Relic, Github, Heroku, PagerDuty, Travis CI, Fastly… • Marketing Dev Relations & Community Participation • Sales Team “Pull” Model (self-serve try, use, buy) • Security Events Developer Events • High Entry Price Free & Scaling Prices
  6. 6. Third Party Code: 
 A Massive Security Problem • Most of the code in today’s web apps is 3rd party • Backend Modules, Front-end domains, Underlying host software… • Third Party Code is vulnerable too & often not tested • Only 41% of reported vulns in open source are fixed, MTTR is 390 days • Inventorying modules is hard; auditing is infeasible • 3P domains are loaded dynamically, never tracked • And may be vulnerable, or malicious (e.g. malvertisements)
  7. 7. Founders • Guy Podjarny Cyber work in Israel @ IDF (8200); Developed first WAF (AppShield) @Sanctum; created & led market leading DAST & SAST tools (AppScan) as Chief architect @Watchfire (sold to IBM), ; Founded Web Perf startup Blaze; sold to Akamai; CTO @Akamai for 3 years; ~18 patents in Security & Performance; Known speaker/blogger; Startup Investor/advisor • Danny Grander CTO & Security Research Manager at Gita (acquired by Verint), a government/military cyber vendor; Lead dev in Collactive (social ranking startup) & Skybox (Security tools startup); Cyber work @ IDF (8200). • Assaf Hefetz Led innovation group at Supercom, a digital identity company, including tech side of M&A activity; Researcher & developer in Skycure, a mobile security company; 6 years of Cyber work at Israeli Prime Minister Office (PMO); Completed his Computer Science degree at the age of 18.
  8. 8. Market Size • Markets • Web Security: $2.5B, 5.7% CAGR • SaaS portion: $600M, 10.8% CAGR • App Vuln Assessment: $838M, 16.6% CAGR • Automated SW Quality: $1B, 14.9% CAGR • Comparable Companies Valuations • APM: New Relic: $1.6B, AppDynamics >$1B • WAF: Imperva: $2.1B Source: IDC, 2018 Predictions