RunSafe enables the transition from DevOps to DevSecOps
Who wants to immunize their software to catch vulnerabilities scanning tools miss?
RunSafe immunizes your software from cyber attack at run-time without slowing down developers, reducing the attack surface and thus avoiding system downtime of embedded systems, enterprise IT, cloud workloads, open source software, and IoT Devices. Because testing tools miss more than 50% of vulnerabilities, scanning and patching are not enough and disrupt both your teams and your customers.
RunSafe takes a different approach, using streamlined automation and sophisticated mitigation techniques rather than brute force find and fix methods. RunSafe’s approach means your systems are protected and monitored against both known and unknown vulnerabilities exposed at run-time that scanning tools miss at testing time. Our Alkemist software suite has three unique product offerings serving distinct phases in the DevOps software development lifecycle.
Alkemist automated software eliminates the entire class of memory corruption vulnerabilities, reducing your attack surface by 40% (the lowest number in the examples above). Alkemist is also easily implemented, without changing the functionality of the original software or existing build, deploy, and monitoring processes.
Alkemist provides run-time protection to a wide range of systems. Alkemist application makes each instance of software functionally identical but logically unique, meaning attackers can’t access vulnerabilities. Target software includes in-house developed, COTS, GOTS, and open source running on IT enterprise equipment, OT and IoT devices, and specialized embedded systems. Alkemist protected software components are immunized against memory corruption attacks, including zero-days. Alkemist disrupts memory exploitation by varying the attack surface (the layout of your code). This entropy makes writing reliable exploits extremely difficult for hackers.
The three Alkemist offerings serve different constituencies and have different associated use cases as follows:
For developers who want to insert protection into their code at build time without disrupting release schedules.
Scanning tools are known to miss vulnerabilities, so adding a runtime prevention layer on top of those solutions provides a defense in depth strategy.
Typical use case: DevSecOps C/C++ pipeline.
For teams using open source software who want to download pre-hardened versions of those same software packages.
Vulnerabilities are inherited through the supply chain, so use pre-hardened versions of open source applications (web servers, databases, etc.). Just pull from our repo instead of the open source repo.
Typical use case: NGiNX, Node.js, etc.
For operators and product owners who want instant alerts of runtime software crashes that existing security tools miss.
Key indicators of lurking threats go undetected, so add run-time application failure alerts as key indicators of attack attempts with no runtime overhead.
Typical use case: Added alerts to an existing SOC (security operations center).