Oligo Security Mitigates Open Source Vulnerabilities at Runtime
Oligo Security today launched a runtime application security and observability platform that enables cybersecurity teams to detect and prioritize open source code vulnerabilities based on severity without affecting performance.
Fresh from raising $28 million in funding, Oligo CEO Nadav Czerninski said the Oligo platform makes use of dynamic library-level analysis and behavior monitoring software to instantly identify vulnerabilities in running packages and prioritize fixes based on application context. That approach eliminates the need to rely on software composition analysis (SCA) tools that adversely impact application performance, he said.
In addition, Oligo is designed to run on top of an engine based on the extended Berkeley Packet Filter (eBPF) subsystem originally developed for the Linux kernel.
By inspecting each open source library, Czerninski said it then becomes possible to create a knowledge base of legitimate behavior profiles that can be used to either generate an alert or block any suspicious activity, he added.
Czerninski also noted the Oligo platform reduces cybersecurity fatigue because it only generates an alert when there is a deviation from the permission policies defined in its library.
There’s been a lot of focus on open source vulnerabilities as concern over how this code is developed increased in the wake of the discovery of zero-day vulnerabilities that impacted, for example, the Log4j tool for capturing logs from Java applications. Most of that focus has been on providing maintainers of open source software with the tools and skills required to write more secure software.
However, not every maintainer of an open source software project is going to be equally vigilant. It’s up to cybersecurity teams to ensure that the runtime environments where that code eventually runs is as secure as possible, regardless of how many vulnerabilities might have been inadvertently included.
In general, cybercriminals are getting more proficient at injecting malware into software components as part of an effort to infect downstream applications that have dependencies on those components. Most of the applications deployed today depend on components that developers downloaded from a repository that may not be as secure as it should be. Developers tend to place too much trust in those components, so the chances they may aggregate components containing malware into an application is high.
The Oligo platform is designed to give cybersecurity teams the level of observability needed to discover those vulnerabilities and give application developers enough context to prioritize remediation efforts, noted Czerninski. That’s critical, because in the absence of any context, most developers will allocate a comparatively small amount of time to fixing applications when there is so much pressure to continue to develop new ones, he added.
The divide that exists between cybersecurity teams and application developers is not going to be closed overnight. Many application development teams, fortunately, are embracing DevSevOps best practices to improve application security. In the meantime, cybersecurity teams need to find ways to verify the integrity of the application code deployed in runtime environments that they are responsible for.
