Run Security Leverages eBPF to Strengthen Application Security
Run Security today launched an application security platform that leverages extended Berkeley Packet Filtering (eBPF) to secure application runtime environments.
Company CEO Gene Fay said RS Prevent makes use of telemetry data collected directly from the kernel of a Linux operating system using eBPF to respond to cybersecurity threats in real time.
The overall goal is to enable cybersecurity teams to more accurately identify actual threats versus generating a long list of potential threats that turn out to be false positives, he added.
That’s crucial because at a time when most software engineering teams have limited resources, the number of issues they can actively investigate and remediate is limited. Using the telemetry data collected via eBPF makes it possible to identify threats more precisely, without having to deploy agent software on every platform to collect it from across a distributed computing environment, noted Fay.
That approach enables security teams to consolidate observability, detection, testing and management of application vulnerabilities via a single platform, he added.
While DevSecOps teams are working toward improving the security of software before it is deployed, responsibility for application security after it is deployed still resides with cybersecurity teams. Unfortunately, many of those teams regularly identify vulnerabilities without the appropriate level of context. DevSecOps teams are then asked to investigate vulnerabilities, only to discover the code that might be affected isn’t actually accessible in the first place.
The arrival of eBPF, however, provides the visibility needed to enable cybersecurity platforms such as RS Prevent to more accurately assess the level of risk those vulnerabilities represent before they are shared with a DevSecOps team, noted Fay.
Run Security, formally known as ThreatX, is launching RS Prevent after selling its web application firewall (WAF) platform to A10 Networks earlier this year.
Historically, managing application security has always been challenging because cybersecurity teams have focused more of their time and effort on securing network perimeters and endpoints, However, as cybercriminals have become more adept at bypassing those defenses, they are better able to exploit weaknesses in applications that occur when, for example, an application developer doesn’t realize a known vulnerability has inadvertently found its way into a production environment.
The challenge is determining which of those many potential vulnerabilities might represent a critical threat that needs to be addressed as quickly as possible. That inability to rank those risks is at the heart of a longstanding disconnect that exists between cybersecurity teams and the application developers they count on to create the patches required to remediate a vulnerability. An application development team only has so much time it can devote to fixing vulnerabilities at the expense of writing new code. Every time there is a vulnerability that turns out to not actually be impacting the code running in a production environment, the cybersecurity team that identified it loses credibility. Before too long, application development teams are ignoring vulnerability reports altogether.
In contrast, RS Prevent ensures that the vulnerabilities identified do, in fact, require immediate attention, said Fay.
The level of application security being achieved and maintained will, naturally, vary depending on the complexity of the environment and the skills of the application development team. The one certain thing is that as more code is developed using artificial intelligence (AI) tools, the chances that mistakes are going to be made in runtime environments are only going to increase exponentially.
