Israel-based startup Oligo Security exits stealth mode with the release of its eponymous software, bringing new challenges to library-based application security monitoring, observability, and remediation. A technology called Extended Berkeley Packet Filter (eBPF) can be utilized to provide agentless code security coverage.
Given the prevalence of open source code in modern software (Oligo claims it’s around 80% or 90%), a software composition analysis solution that can check your code for potential vulnerabilities is required. However, according to Oligo, current generation solutions are “noisy”. It tends to generate a lot of false positives and doesn’t contextualize alerts within a specific runtime. The latter trend does not help set remediation priorities.
eBPFPrograms, on the other hand, can run within the operating system and act as in-kernel virtual machines that enable data collection from applications and network resources, providing a granular level of data collection. observability Allows creation of dynamics SBOM (Software Bill of Materials).
“So the main advantage of the Oligo solution is that it is agentless and leverages eBPF,” says Mercer. “A traditional drawback of RASP technology is that the agent introduces some overhead to the application.”
Oligo contextualizes security alerts
In addition, agentless eBPF-based Oligo products operate at the operating system level, allowing alerts to be placed in context and prioritizing vulnerability remediation that is an active deviation from a specific code library’s permission policy. You can rank them, the company says. This saves development time by focusing on the actual attack surface rather than just known potential vulnerabilities.
However, Mercer says Oligo’s approach is not without potential pitfalls. For one thing, while designed only to detect known vulnerabilities, some types of RASP-based systems, both natively written and open source code, are new Identify security issues. Additionally, more selective warning systems can miss potentially serious problems if they are unfamiliarly configured.
“I think the key here is sound policy management. Oligo might be a good fit to provide content that helps organizations create secure and non-intrusive policies,” said Mercer. I’m here.
Nevertheless, Mercer said Oligo’s approach is likely to appeal to a wide variety of potential customers, given the aforementioned ubiquity of open source code, and for searching for vulnerabilities in commercial software. It states that it can even be used for
“whole, [Oligo’s more selective approach] We might use open source libraries that have vulnerabilities, but we’re not using them in a vulnerable way, so this is probably a good thing,” he said.
The company’s technology is already being used by companies in computing, analytical software, and real estate markets, but current pricing and availability data weren’t immediately available.
Other cybersecurity companies also use eBPF. For example, last August Traceable AI has added eBPF to its security platform for deeper API observability and visibility.
Copyright © 2023 IDG Communications, Inc.
https://www.csoonline.com/article/3687617/cybersecurity-startup-oligo-debuts-with-new-application-security-tech.html#tk.rss_all Cybersecurity startup Oligo debuts with new application security tech