How to Address Threats with Security Monitoring

Posted on July 21, 2021
Author: RunSafe Security

RunSafe Security’s CEO Joe Saunders recently hosted a panel discussion on Monitoring Open-Source Software in SAAS Infrastructure. His panel included innovative business leaders in the software, technology, and security sectors:

  • Jonathan B Fishbeck, Founder and CEO of EstateSpace, LLC, a Managed Security Services Provider (MSSP) that helps people reduce risk, retain property assets, and protect wealth succession.
  • Christine Ray, the Chief Information Security Officer at Unqork, a private company specializing in computer software.
  • Aaron Smith, Co-founder of Savi, a financial technology solution that works with partners and individuals looking to manage their student loan debt.

Our Current Security Monitoring Tools Are Not Working

It’s clear from the recent attacks on big business that cybercriminals are escalating their attacks and exposing our weaknesses. From malware to ransomware, malicious actors are finding their way through our defenses.

SolarWinds Network Data Breach

This information technology firm experienced a massive cybersecurity attack that spread to its clients in 2020, affecting the U.S. Department of Homeland Security and the Treasury Department. In a nutshell, the bad actors added malicious code to SolarWinds’ software system, Orion, which is used by about 33,000 of their customers. When they sent out software updates, they included the exploited code and created a backdoor to their customer’s IT systems, where the bad actors installed more malware that allowed them to spy on the companies and agencies.

Colonial Pipeline Co. Security Breach

In 2021, the DarkSide, a ransomware gang, managed to shut down the pipeline and disrupt the fuel supply to the U.S. Southeast. The attack occurred using a legacy Virtual Private Network (VPN) system that had only single-factor authentication. The company ended up paying the gang almost $5 million to regain access, some of which hasn’t been recovered.

JBS Paid to Resolve a Cyber Attack

This was followed by a ransomware attack on the nation’s food supply. The cyber criminals, REvil, breached JBS’s computer networks and encrypted their files, shutting down meat plants in the U.S., Australia, and Canada for about a day. The company, the number one beef supplier in the world, paid the intruders $11 million.

Of course, those are just a few of the thousands of cyber attacks that occur annually. Even more disheartening is that 80% of IT security leaders believe their organization lacks sufficient protection against these types of attacks.

So, what’s gone wrong?

Current scanning and patching technology miss 50% of vulnerabilities, and we inherit these vulnerabilities from third-party software code and open-source software. “The current application performance monitoring doesn’t see the data signals indicating instability, unreliability, or vulnerability in your infrastructure,” says Saunders. In addition to significant financial damage, these types of attacks threaten a company’s reputation, commerce, and society at large.

The Panelists Reveal Why Security Is Important to Their Company

All guests stressed the importance of security in their business model. Ray noted that customer interaction means that they’re collecting information and learning about their clients daily. Ensuring this interaction is private, confidential, and secure is their number one priority at Unqork.

According to Ray, everybody’s bringing code to the party, which is why it’s so important to have a multi-layered approach with good details, good tracking, and continuous searching. She doesn’t worry about the latest vulnerabilities like SolarWind, because RunSafe gives them their own builds so they know that no one can tamper with the code.

Smith sells software to channel partners that helps their constituents manage student loan debt. Some of these partners include large financial institutions and employers that demand top security in their partners. Borrowers must know their information is safe and that their software is not putting their partners’ security at risk. He also noted that while they use security management tools like intrusion detection, penetration testing, and encryption, older institutions sometimes ask for antiquated security tools that don’t make much sense. In these instances, it’s about getting partners up-to-date on the latest technology.

Fishbeck’s clients at EstateSpace have significant means and assets that they want to know are safe and invulnerable. The company focuses on protecting everyone in its network, including providers and customers. He was quick to point out that it’s no longer just about U.S. compliance—but global compliance. With the use of RunSafe’s technology, he’s no longer worried when someone gets through the wall, because when they get to where they’re going, they’ll either head down a black hole or can’t see anything.

All the professionals report building customer trust by earning compliance certification such as Cloud Security Alliance, performing penetration testing, audits, and external validation—steps that let their partners and clients know they’re doing everything possible to protect them and their information. And all of them use RunSafe.

RunSafe’s Answer to Security Monitoring for SAAS Providers

RunSafe provides a three-way approach to security monitoring by immunizing software and monitoring its health:

  1. Alkemist Code: Cyberhardens software code that you can incorporate into your build process.
  2. Alkemist Repo: Pre-hardened versions of open-source software.
  3. Alkemist Flare: A continuous monitoring service looking for software crashes that may indicate vulnerabilities in your software. It’s designed to capture software crashes and analyze to determine if it’s a potential bug, vulnerability, or cyber attack and then allows you to route that through your SIEM to your security operations or your development team.

According to Saunders, monitoring software crashes indicate instability, whether application weaknesses or potentially compromised data, and are sources of leaked information. Software crashes may also indicate software bugs.

They also indicate unreliability and a problem with third-party software or a bug in the open-source library or a component you’re using to drive software across your platforms. Finally, they may indicate vulnerability, such as an attacker probing for an attack vector or an exploit in process.

In today’s world, it’s all about using the latest technology to ensure security. To delve deeper into the panel discussion and learn more about providing secure software to your customers, click here.

RunSafe Security’s 2025 Product Security Predictions

RunSafe Security’s 2025 Product Security Predictions

Product security has come a long way since  the early 2000s to the current iterations we’re seeing today. From CISA’s focus on Secure by Design to the growing emphasis on software supply chain security, software manufacturers, software buyers, and regulatory...

read more