KSOC's Verified Runtime Fingerprints help combat zero day software supply chain attacks

KSOC’s Verified Runtime Fingerprints help combat zero day software supply chain attacks

Using eBPF, the RAD security standard codifies the baseline behavior of a cloud native workload into a fingerprint, making it the first to offer development teams a transparent, verifiable defense against the next wave of zero day software supply chain attacks.

By Monika Chauhan January 31, 2024333 views

KSOC has released the first standard for fingerprinting the behavior of cloud native workloads, with a free online catalog containing open source, popular container image fingerprints. An effective way to validate the integrity of software against the next SolarWinds, Codecov or nation state software supply chain attack has remained elusive, despite a litany of tools that secure the CI/CD process, find vulnerabilities, produce software bills of material (SBOMs) or perform image attestation. Using eBPF, the RAD security standard codifies the baseline behavior of a cloud native workload into a fingerprint, making it the first to offer development teams a transparent, verifiable defense against the next wave of zero day software supply chain attacks.

“The goal of the RAD security standard is to reverse the balance of power in software supply chain security. If development teams can compare a verified, clean runtime fingerprint against the same image running in their environment, they have a real chance in defending against the next zero day attack,” explains Jimmy Mesta, CTO and Co-Founder of KSOC.

Instead of looking for bad behavior, the RAD security standard uses eBPF to codify good behavior, understanding the clean, baseline runtime processes and patterns of a container image. This opens a way to detect novel attacks without false positives or opacity of the black box, by observation of divergence from the expected app behavior.

The RAD security standard is powered by eBPF, and comparing the fingerprint to new runtime activity can show:
– Is this process, program, file, or network activity expected based on the behavior that’s been represented in the fingerprint?
– Does the node appear at the expected location in the hierarchy?
– Do the node’s properties match the expected properties?
– Is the process opening the expected file?

Cloud native workload fingerprints for popular open source images, made with the RAD security standard, are accessible in the online catalog, and teams can sign up for early access to deploying RAD security in their own environment for validation of their software supply chain.

You may also like

Traceable AI secures $30M investment

Apiiro announces new integration program SHINE

Upbound delivers enterprise-ready Crossplane experience with new features

Einstein Copilot, Salesforce’s conversational AI assistant, improves sales productivity

CARV raises $10M Series A to empower gamers to own and monetize their data

Pulumi Deployments comes with new infrastructure lifecycle management capabilities