Application security Synopsys relies on the channel
From his previous positions, Tom Herrmann brings a lot of Knowledge about the ICT Channel. And the AppSec specialist Synopsys can use this very well, because he wants to do business mainly via the channel from now on.
Companies on the topic
In order to expand its market presence in DACH, Synopsys is investing in the ICT channel.
(Image: areebarbar – stock.adobe.com)
What is the point of locking the front door of the house and all the windows if the back door remains open? Because despite the security measures, it makes it very easy for an intruder to get into the house. According to Tom Herrmann, vice president Channels and Alliances at Synopsys, this kind of scenario plays out in many corporate security breaches. Traditional IT security priorities, such as infrastructure, network and endpoint security, would no longer be enough to close all vulnerabilities.
Tom Herrmann has been head of channel sales in DACH at Synopsys since this year. (Picture: Synopsys)
That’s why Synopsys focuses on the security of applications. These are now the main target of cyber attackers. With the solutions, the American manufacturer now wants to increase its presence on the roof market and expand its channel sales.
Added value for Synopsys partners
So far, indirect sales at Synopsys still account for a comparatively small share, as Herrmann says. In the long term, this should change and the channel should account for a significant share of total revenue. Nevertheless, the manufacturer still wants to handle a certain percentage of the business directly with the customers.
The channel is an even new way for the company. “That’s why we’re in a comfortable position to set things right from the start and avoid problems that we’ve seen with other IT providers on the market,” says Herrmann. “Many channel programs focus on what’s best for the provider and miss the perspective from the outside to the inside. In other words, you pay too little attention to what kind of channel program really benefits a partner.”Herrmann already brings a lot of channel experience from his previous activities at Tanium, VMware and Oracle. He wants to focus primarily on local partners, because according to him, they not only have the best relationships with local companies, but also understand the regional challenges, legal requirements and regulations and other nuances in a particular industry or region better than any other partner. “In addition, companies tend to enjoy a higher level of trust working with local channel partners.“
We build our program, together with our partners and heed what they tell us and from us.
The manufacturer wants to make cooperation as easy as possible for the partners. To this end, there is a new partner program that supports resellers in day-to-day business activities such as deal registration, pipeline management and lead distribution. In addition, the partners will find training, marketing material and campaign kits on the portal. Herrmann adds: “What is most important from my point of view is that we are predictable in terms of our joint market presence. Partners do not have to fear that we will try to take over business directly if we have committed to working together.“
AppSec tools from Synopsys
Synopsys wants to rely more on resellers and system integrators for application security solutions in the future. But also to law firms and auditors. According to the manufacturer, the detection of legal, security and quality problems in software should be included in the offer in these industries.
One of Synopsys ‘ core products is Coverty. With the analysis solution, development and security teams can resolve defects in applications in terms of quality and security early in the software development cycle. On the other hand, the manufacturer offers Black Duck. The solution supports teams in managing security, quality and licensing risks arising from the use of open source and third-party code in applications and containers.
Does open source endanger application security?
In the Open Source Security and Risk Analysis Report 2021, Synopsys found that the average number of open source components per app has increased from 84 in 2016 to 528 in 2020. As the manufacturer explains in the report, this increase can lead to more vulnerabilities.
In general, the more lines of code are developed, the higher the risk of errors. Open source code in itself is no different from classic code, but according to Herrmann brings additional complexity. “There are many independent developers working in the community who do not have the tools to conduct extensive application tests in all cases. It can also happen that code is no longer developed or updated on the basis of the latest known security vulnerabilities. Here, an additional analysis of the open source code within an application can identify potential problems and mitigate risks.“
Synopsys also offers the analyses as a managed service. For this purpose, the manufacturer of trains, the partners, so that they are able to provide the services to the end customer. In addition, there is a team of support technicians who work either directly with the customer or with the partner.