RunSafe Security, a leader in immunizing software from cyberattacks through a patented, frictionless process, has officially announced the release of its RunSafe Security Platform, which arrives on the scene bearing an ability to automate risk identification, exploit prevention, and facilitate runtime software monitoring.
According to certain reports, the stated platform will make it possible for developers to generate a high-fidelity software bill of materials (SBOM) at build time, and by doing so, it will ensure the highest level of accuracy in identifying software components and related vulnerabilities.
More on the same would reveal how such a setup, at launch, can be expected to provide authoritative, build-time C/C++ SBOM generation for embedded systems, and at the same time, enhance a system’s resiliency by automating the remediation of memory safety vulnerabilities in compiled code.
To understand the significance of such a development, we must take into account the fact that, with regulations such as the Cyber Resiliency Act and the FD&C Act in place, building and including SBOMs is quickly becoming a critical need for businesses across the board. These requirements are also conceived largely on the back of software supply chain security concerns that pose critical need for SBOMs to identify risks and stay ahead of potential threats.
In response, RunSafe Security Platform leverages 400-plus vulnerability data sources to deliver comprehensive cybersecurity solutions for embedded systems deployed across critical infrastructure. You see, by generating an SBOM with complete visibility into software components, the platform is able to reveal software dependencies, identify vulnerabilities, and quantify risks.
In essence, the platform delivers at your disposal the insights that might come in handy to exploit paths and enhance security posture. Complementing this would be the presence automated tools that can help spread these benefits throughout the development lifecycle.
“RunSafe’s platform is timely given the new EU Cyber Resilience Act’s product liability,” said Joao Carreira, CEO of Critical Software. “Not only can organizations generate a complete SBOM, they can immediately mitigate vulnerabilities and future-proof against zero days using automated tools freeing developers to focus on new feature development.”
Talk about the given solution on a slightly deeper level, we begin from a feature in RunSafe Identify, which allows the user to generate SBOMs for embedded systems at software build time. Furthermore, you can identify software vulnerabilities, as well as quantify available risk reduction technologies for those vulnerabilities.
Leveraging insights into software components, vulnerabilities, and effective mitigation strategies, RunSafe guides an organization big time in enhancing their software’s resilience against evolving cyber threats.
Next up, we have a RunSafe Protect facility in place that is designed to mitigate cyber exploits. This it does by relocating software functions in memory every time the software is run. The idea behind that is to achieve a unique memory layout to prevent attackers from exploiting memory-based vulnerabilities. The stated approach, on its part, can help you maintain system performance and functionality without modifying the original software. In case that wasn’t enough, then we must mention that RunSafe also offers a repository of pre-hardened open-source packages and containers, providing immediate protection against attacks in open-source software..
Then, there is RunSafe Monitor which effectively provides you with real-time crash data and heuristics to determine whether a crash was a software bug or the result of a cyber attack. This capability facilitates precise triage, minimizing time and effort wasted on false positives.
Among other things, we ought to mention that RunSafe’s passive monitoring also accounts for software crashes, collecting data on stability, reliability, and potential vulnerabilities. Hence, when a crash occurs, this data is swiftly directed to incident response teams for accurate and efficient triage, enhancing overall software security and resilience.
“Software is complex, often utilizing third-party components and open-source code, which leads to vulnerabilities that can compromise an entire system,” said Shane Fry, CTO of RunSafe Security. “Today’s organizations are challenged in managing scarce resources due to the constant need for software patching, minimizing operational disruptions, and enhancing security compliance to remain competitive. With our new platform, we are addressing these critical challenges by proactively protecting embedded software to enhance an organization’s security.”