Snyk Acquires Helios for Runtime Visibility

Developer-focused security company Snyk said it has acquired Helios, a startup focused on helping developers troubleshoot applications in runtime and production. The acquisition enhances Snyk's "cloud-to-code risk visibility" by combining Helios' full-stack runtime data collection and insights with the Snyk Developer Security Platform, Snyk said in a statement.

While security testing, such as static analysis and software composition analysis, are important for identifying vulnerabilities in applications before they reach production, runtime context provides information on how the application is actually behaving in production. The Snyk-Helios combination will provide security teams with a comprehensive perspective of application risk spanning the entire software development life cycle, from code to cloud, wrote Manoj Nair, Snyk's chief product officer, in a memo announcing the acquisition. For example, external configurations in the deployment environment could influence an application's behavior, and Snyk will be able to provide insights into how the application is interacting with the environment.

The combination of the two companies would provide Snyk customers with improved asset discovery, issue identification, and risk prioritization. Snyk will integrate Helios' end-to-end application discovery service and OpenTelemetry-based runtime data collection tools into its AppRisk service. AppRisk is designed to help application security teams work together with developers to govern their security programs. With this integration, customers will have security context from all phases of code development, Snyk said.

Snyk customers will have access to end-to-end application discovery to gain a holistic visibility of their organizations' entire application environment, risk-based prioritization to determine where to focus remediation efforts, and full-stack runtime data collection to provide a comprehensive picture of all applications in runtime. The runtime data collection techniques will allow Snyk to build a framework for collecting and incorporating runtime data into AppRisk, Nair said.

"Snyk will harness Helios' expertise in runtime collection techniques and extensive experience in complex customer development environments," wrote Eli Cohen, co-founder and CEO of Helios, in a memo announcing the acquisition.

This marks Snyk's second acquisition in the area of developer-led application security posture management, following its $32.7 million acquisition of Enso Security for $32.7 million back in June. The Enso Security acquisition added prioritization and remediation capabilities to Snyk's platform.

Terms of the acquisition were not disclosed. The entire Helios team is expected to join Snyk's research team.