Oligo Security, a leading open source cybersecurity platform, is revolutionizing application security with its proactive and effective runtime solution. The company recently conducted a study that revealed a staggering 85% of vulnerabilities identified by software composition analysis (SCA) tools are irrelevant and cannot be exploited. These vulnerabilities are part of libraries that are not running in the application, resulting in security teams receiving an overwhelming number of alerts that are not actually exploitable.
This discovery has significant implications for security teams who are already facing a deluge of vulnerability alerts. Traditional solutions often flag theoretical threats, leading to a backlog of alerts that are not prioritized and lack application context. Consequently, only 15% of the Common Vulnerabilities and Exposures (CVEs) scanned with these solutions pose a real risk. This waste of resources and the decreased trust in alerts hampers the security operations of organizations.
To address this open source security challenge, Oligo Security has developed an innovative platform powered by eBPF technology. This platform enables security teams to accurately assess the risk of vulnerabilities, both in pre-deployment and post-deployment environments. By focusing on real vulnerabilities that can be exploited, Oligo helps organizations streamline their security processes and reduces the overwhelming backlog of alerts. The platform provides context and prioritizes vulnerabilities, allowing security teams to take prompt and targeted action.
One of the key differentiators of Oligo Security’s platform is its ability to provide adequate runtime protection. Traditional solutions are limited in their ability to detect deviations from normal actions and only address generic attacks and documented vulnerabilities. Oligo breaks down the application into its individual library components and monitors their behavior at runtime using advanced eBPF technology. This comprehensive approach ensures that any unexpected actions taken by open source libraries are promptly detected and mitigated.
The founders of Oligo Security were inspired to develop this solution after identifying a significant gap in the market’s treatment of open source security. Gal Elbaz, the co-founder and CTO of Oligo, discovered a way to hack into Instagram by exploiting a weakness in an open-source library. This incident highlighted the need for a more comprehensive approach to open source security, prompting Oligo to develop its runtime solution.
The effectiveness of Oligo Security’s platform is evident in the experiences of its customers. OpenWeb, one of Oligo’s customers, reported a 70% decrease in total vulnerabilities within the first three months of implementing the platform. Additionally, they were able to act promptly on real threats, significantly reducing their exploitable attack surface. Another customer reduced the total number of vulnerabilities by 87% in just a few months and saved an estimated 300 hours in manual triage time per year.
The impact of Oligo’s platform extends beyond the technical aspects of security. Alex Plotnikov, a DevOps Team Lead at OpenWeb, highlighted the efficiency and morale benefits of implementing Oligo. With a reduction in false positive alerts and non-exploitable vulnerabilities, the team could focus more on core development tasks while maintaining a strong security posture. This transition resulted in improved security and efficiency for the organization.
In conclusion, Oligo Security is transforming the way organizations approach open source security. By accurately assessing the risk of vulnerabilities, providing context and prioritization, and offering comprehensive runtime protection, Oligo’s platform is streamlining security processes and increasing the productivity of security teams. With its innovative approach and proven results, Oligo Security is poised to make a significant impact in the cybersecurity industry.
About the Author:
Gary Miliefsky is an internationally recognized cybersecurity expert, bestselling author, and keynote speaker. As a Founding Member of the US Department of Homeland Security and a member of the National Information Security Group, he has extensive experience in the field. Gary is also the Publisher of Cyber Defense Magazine, a leading publication in the cybersecurity industry.