Who wants to immunize their software to catch vulnerabilities scanning tools miss?
RunSafe immunizes your software from cyber attack at run-time without slowing down developers, reducing the attack surface and thus avoiding system downtime of embedded systems, enterprise IT, cloud workloads, open source software, and IoT Devices. Because testing tools miss more than 50% of vulnerabilities, scanning and patching are not enough and disrupt both your teams and your customers.
RunSafe takes a different approach, using streamlined automation and sophisticated mitigation techniques rather than brute force find and fix methods. RunSafe’s approach means your systems are protected and monitored against both known and unknown vulnerabilities exposed at run-time that scanning tools miss at testing time. Our Alkemist software suite has three unique product offerings serving distinct phases in the DevOps software development lifecycle.
Alkemist automated software eliminates the entire class of memory corruption vulnerabilities, reducing your attack surface by 40% (the lowest number in the examples above). Alkemist is also easily implemented, without changing the functionality of the original software or existing build, deploy, and monitoring processes.
Alkemist provides run-time protection to a wide range of systems. Alkemist application makes each instance of software functionally identical but logically unique, meaning attackers can’t access vulnerabilities. Target software includes in-house developed, COTS, GOTS, and open source running on IT enterprise equipment, OT and IoT devices, and specialized embedded systems. Alkemist protected software components are immunized against memory corruption attacks, including zero-days. Alkemist disrupts memory exploitation by varying the attack surface (the layout of your code). This entropy makes writing reliable exploits extremely difficult for hackers.
The three Alkemist offerings serve different constituencies and have different associated use cases as follows:
For developers who want to insert protection into their code at build time without disrupting release schedules.
Scanning tools are known to miss vulnerabilities, so adding a runtime prevention layer on top of those solutions provides a defense in depth strategy.
Typical use case: DevSecOps C/C++ pipeline.