Software supply chain security provider, Rezilion, has unveiled a groundbreaking agentless solution for vulnerability management. This new solution allows security teams to monitor exploitable software attack surfaces in real-time without the need for an agent. By eliminating the use of an agent, Rezilion aims to reduce the time and resources required for traditional runtime-based software vulnerability analysis. The solution is compatible with all versions of Windows and Linux across multiple programming languages.
The prioritization and remediation of software vulnerabilities can prove challenging for organizations, particularly as attackers increasingly target software supply chains to exploit weaknesses. A recent report, titled “State of Vulnerability Management in DevSecOps”, highlighted that many organizations are losing significant time and productivity due to backlogs of vulnerabilities. These backlogs often consist of more than 100,000 vulnerabilities, with an average of 1.1 million vulnerabilities in organizations’ backlogs overall.
Furthermore, the 2023 Unit 42 Network Threat Trends Research Report revealed a 55% increase in the exploitation of vulnerabilities in 2022 compared to the previous year. In a recent incident, a software vulnerability in MOVEit Transfer, a managed file transfer service, was widely exploited by hackers to target organizations worldwide.
Rezilion’s agentless solution addresses these challenges by leveraging cloud APIs to enable non-agent-based runtime analysis. The use of runtime data allows organizations to prioritize vulnerabilities based on their exploitability in the user’s unique environment. This approach helps reduce the “noise” of vulnerability management by identifying the specific components that require patching.
Traditionally, an agent was required to gain visibility into runtime execution, which often presented operational risks and overheads. Rezilion’s agentless solution eliminates the need for an agent, providing customers with the ability to ensure software security in production and continuous integration from a single platform. This approach does not interfere with product performance, additional code, or agent execution.
According to Shlomi Boutnaru, co-founder and CTO at Rezilion, the development of this agentless solution required years of research. Rezilion discovered that true, non-agent-based runtime analysis could be achieved by leveraging cloud APIs’ indirect access to instances. This approach enables the reconstruction of code execution history without the need for an agent to be physically present.
Rezilion’s agentless solution marks a significant advancement in vulnerability management and software supply chain security. By streamlining the vulnerability analysis process, organizations can prioritize and remediate vulnerabilities more effectively, reducing the potential for exploitation by malicious actors. With the prevalence of software vulnerabilities on the rise, solutions like Rezilion’s agentless offering are critical for ensuring robust and secure software systems across industries.