Snyk has purchased Cloud Security Posture Management (CSPM) vendor Fugue to help organizations manage compliance and security throughout the software development lifecycle.
The Boston-based application security vendor said its acquisition of Frederick, Md.-based Fugue will help developers protect their cloud environments by connecting cloud posture back to configuration code using just a single set of policies. The deal comes on the heels of four acquisitions over the past 18 months by Snyk and marks the company’s entry into the fast-growing cloud security market.
“Welcoming the talented Fugue team as our newest Snykers is a fantastic way to kick off 2022,” Snyk CEO Peter McKay said in a statement. “Together, we’ll collectively reimagine what cloud security can and should look like for today’s modern DevSecOps teams, ensuring more secure innovation can flourish worldwide.”
Terms of the acquisition weren’t disclosed, and Snyk executives weren’t immediately available for additional comment. Fugue was founded in 2013, employs 48 people, and has raised $85 million in eight rounds of outside funding, according to LinkedIn and Crunchbase. The company most recently closed an $8 million venture round in May 2021, according to U.S. Security and Exchange Commission (SEC) filings.
“As we join forces with Snyk today, our founding mission – security by and for developers – doesn’t change but expands exponentially with the scope of the opportunity in front of us,” Fugue co-founder and CEO Josh Stella said in a statement. “We’re excited to now reach more developers in more places, helping them to not only build our future, but also successfully secure it.”
By integrating Fugue into Snyk, developers will be able to secure their code before deployment, maintain its secure integrity while running, and better understand the precise places to provide fixes back in the code. Fugue’s technology will help extend the Snyk Developer Security Platform, making it the first CSPM platform designed by and for developers, according to the company.
Snyk said it will in the near-term have an offering that combines its Infrastructure as Code (IaC) with Fugue’s cloud security capabilities to better serve DevSecOps teams. Developer-first CSPM is expected to effectively detect security vulnerabilities in modern cloud workloads and automate into developer workloads to capture and test any issues that arise earlier in the development lifecycle, Snyk said.
A comprehensive visualization of the cloud landscape will interpret cloud resources, showing details as well as connections/relationships with other resources to provide the context that enables effective risk assessment, triaging and prioritization. Plus security insights in deployed applications are connected to developer security workloads to enable improved vulnerability prioritization based on exploitability.
Snyk said fully integrated insights are expected to lower the signal to noise ratio by highlighting the biggest risks and deprioritizing issues that already have a mitigation in place. The Fugue acquisition comes five months after Snyk closed a $530 million Series F funding round led by PE firms Sands Capital Ventures and Tiger Global on an $8.5 billion valuation to fuel product innovation and development.