Endpoints Don’t Have to be the Weak Cybersecurity Link!

Posted on November 1, 2018

What you are about to read could be straight out of a horror movie. You would hear the eerie voiceover intoning…”In a world where endpoints are under constant attack, how do you protect yourself? Your critical infrastructure? Your data? Your business?”

It’s a weighty question and a huge topic that probably does warrant an entire movie. The reality is, we live in a world where endpoints are always under attack. From mobile devices and wearables to the digital assistant sitting on your counter, anything with an internet connection is at risk.

Vulnerabilities, Exploits, and Breaches, Oh My…

Estimates vary widely, but it’s safe to say that the global number of internet-connected devices far outnumber people (by a ratio of about 3 to 1). From simple devices like a wireless module built into an industrial sensor to complex weapons control systems, almost all Internet of Things (IoT) devices have one thing in common: software vulnerabilities exposing them to exploitation. What’s worse, those exploits are probably for sale on the dark web for far less than the value of the damage they could do to your business.

According to Positive Technologies, the average cost of an exploit is anywhere from $2,200 – $5,300 across multiple OS environments. That amount is a far cry from the financial damage the purchased exploit could do to your business. The average cost of a breach is between $3 and $7 million, but it could go much higher. Equifax has spent nearly $242 million since it exposed the personal information of 148 million customers. For those bad actors who wish to disrupt business operations, exploits and endpoints are a match made in heaven.

All Endpoints Are Not Created Equal, But They All Need Protection

Not all endpoints are the same, obviously. Some are deployed in a complex network of interconnected systems in far flung geographies. Think of a temperature sensor on a refinery holding tank in remote West Texas. Others are in your pocket, or on your wrist nearly every moment of your waking life. The cybersecurity industry tends to focus on protecting routers, switches, servers and the like. But in an ultra-connected world, we have to consider protecting all our endpoints, including less obvious targets like insulin pumps, security cameras, TV monitors, printers, industrial sensors, light-switches, light bulbs, and power outlets. Each of these devices could be connected to your network and is definitely running some form of code.

Anywhere There Is Code and an Internet Connection, There’s Risk of a Cyberattack

What are we to do in the face of such a ridiculously large and ever-expanding attack surface? The current answer is to implement a defense-in-depth strategy comprised of a kaleidoscope of solutions involving firewalls, gateways, anti-virus, intrusion detection, data encryption (at-rest & in-transit), robust authentication, key management, code scanning, and other solutions. All these elements are critical in a modern and effective cybersecurity architecture, but (and there’s always a but), do they really have the necessary impact on protecting the endpoint from attack?

Addressing the Patchwork of Devices in Business Environments

Endpoints are by definition the most vulnerable element of your network, because they’re at the edge, more accessible than anything else in your environment. There are a myriad of ways that attackers can exploit them, through data-stealing trojans, RATs, ransomware, DDoS malware, Botnet creation malware, and zero days, among others.

With so many devices out there, companies need a solution that scales and can be applied to multiple environments despite the fact that every organization has devices running different applications on different operating systems using different processors. It’s a daunting task, but as the cybersecurity space evolves, the ability to deliver such a solution becomes possible.

Introducing RASP to Cyberharden Code

Today, there’s an accelerating category of cyber protection called RASP (Runtime Application Self Protection). The idea with RASP is to protect and harden the actual code running on an endpoint. We know an attacker has a plethora of exploit methods at their disposal. With RASP based solutions, attempts to exploit many common vulnerabilities – like memory corruption errors, and file-less attacks – are rendered useless. The techniques used by hackers on RASP protected endpoints simply won’t work. The device code itself has innate protections that deny the attacker the ability to make use of their malicious code.

RunSafe Security is a pioneer in the RASP category. Born out of a collaboration with DARPA (the Defense Advanced Research Projects Agency in the Department of Defense), the project operated under the assumption that the supply chain was compromised. Hardware and software were sourced from all over the world and DARPA had no ability to determine with 100% confidence that all third-party components were safe. They asked RunSafe, “how do we secure code in our supply chain? And by the way, we can’t provide source code.” RunSafe took on the challenge and developed a tool allowing DARPA to harden a software binary, without having access to source code and protect it against an entire class of cyberattacks.

This grew into RunSafe’s Alkemist, a modern transformation engine that puts the power of cyberhardening techniques into customers’ hands. It’s easily integrated via REST API’s into any development lifecycle through a cloud or on-prem instance. It doesn’t require any additional software agents, has minimal to no impact on code performance and adds zero security alert monitoring overhead. We now live in a world in which a scalable endpoint cybersecurity solution that actually prevents attacks, not just detects them, exists.

Finally, you have a way to protect yourself, your infrastructure, your data…and ultimately, your business. RunSafe Security’s proprietary self-service binary randomization technology actively prevents malware from causing harm by mitigating common attack techniques including:

  • Memory corruption attacks (buffer, stack, and heap)
  • Return/jump oriented programming (ROP/JOP) attacks
  • Compromised hardware and software supply chain attacks
  • Scaling of attacks

To learn more about how Alkemist can render threats to your endpoints obsolete, contact us today: https://runsafesecurity.com/contact-us/ or visit https://runsafesecurity.com/alkemist/.

Building Trust with Software Bill of Materials (SBOMs)

Building Trust with Software Bill of Materials (SBOMs)

Table of Contents: The Importance of Transparency SBOMs and Software Supply Chain Security RunSafe’s Unique Approach to SBOMs Building Trust with SBOMs Building Trust with Software Bill of Materials (SBOMs) The Importance of Transparency In our digitally connected...

read more