CEO Joe Saunders- “Although regulation is helpful, compliance does not mean a system is secure forever,” Joe Saunders, founder and CEO of RunSafe Security, told Utility Dive. “Technology changes faster than regulations adapt, so the best companies will adopt a culture that values security. … It is also important to rethink software development and deployment practices, aligning development with operations and building security into products while not just relying on perimeter defenses.”
In The News
According to recent research, open source vulnerabilities rose by almost 50% in 2019 over the previous year.
by Doug Britton, CTO, RunSafe Security
Given the blossoming of attacks on organizations — from energy to health care firms — the need for robust critical infrastructure cybersecurity has expanded.
Quantifying that risk is possible using a two-by-two matrix that weighs the likelihood of a vulnerability’s impact and potential severity, according to Joe Saunders, CEO of RunSafe.
Building a risk profile for each system is rarely straightforward. Interviews with asset owners and operators are key to understand the impact if a given system were to crash.
RunSafe Security has added integration support for Yocto Project distributions to Alkemist, a security solution that leverages remotely deployable binary protection mechanisms to defend against memory corruption exploits. Yocto developers can now simply add a layer into their build environments to support Alkemist without ever modifying a line of code or delaying releases.
Alkemist helps reduce the attack surface of Yocto-built embedded systems, which contain identical images that mean a single vulnerability could potentially impact thousands of systems. Alkemist does this through a procedure called load-time function randomization (LFR), which restacks functions in memory before a process starts to execute in order to create a higher degree of memory diversity.
Doug Britton is the CTO of RunSafe Security, a cybersecurity firm that offers tools to protect critical infrastructure industries such as military systems, healthcare and data centres.
Founded in 2015, the US firm’s Alkemist tool “hardens software against memory corruption errors and buffer overflow exploits”. As chief technology officer, Britton is responsible for charting RunSafe’s technology roadmap.
In this Q&A, the 18th in our weekly series, Britton talks about starting his career as an Army interrogator, why he’s excited about optical computing and how PacMan got him into programming.
Dr. Gary McGraw, Dr. Avi Rubin, and John N. Stewart among university professors and cybersecurity executives from Cisco, Cigital, and Virgil Security set to provide guidance and strategic counsel
RunSafe Security, the pioneer of a patented process to immunize software from cyber attacks without developer friction and a member of Oracle PartnerNetwork (OPN), today announced the launch of their Enterprise Software Protection (ESP) program on the Oracle Cloud Marketplace, the premier platform for one-click deployment of top tier partner-built applications.
BYOD on steroids. That’s the best way to describe the sudden shift to a remote working posture that occurred in response to COVID-19. Organizations of all sizes made an immediate pivot to support employees’ new work from home arrangements, with very little preparation and no opportunity for a gradual rollout. Before coronavirus, working from home was the exception, but in an instant, it became the norm and the working world immediately felt the impact.
Teleconferencing companies like Zoom went from a high-tech favored product to a mainstream tool for students, families, governments, and companies of all sizes. Wall Street traders at Goldman Sachs and other firms prepared for remote trading by quickly setting up special video conferencing setups to run all day. And it wasn’t just the private sector — even the UK Prime Minister and the Pentagon turned to Zoom to make remote work possible during a time of global crisis. With a high profile and perhaps a bullseye on its back, Zoom’s security practices quickly came under the spotlight.
Initially developed by Richard Stallman in 1983 and popularized by Linus Torvalds in the early 1990s, open source software has evolved tremendously over the last 37 years. Although it started out as a niche practice, it became more mainstream in the 2000s. Its value was initially verified by Sun Microsystems’ $1 billion acquisition of MySQL in 2008, and more recently by IBM’s purchase of Red Hat for $34 billion last year. Now the most popular open source software, GNU/Linux runs on nearly 70% of web servers and is maintained by more than 15,000 unique programmers around the world. However, there remains an ongoing debate within the tech industry on both the pros and cons of open source software. We’ve taken a look at a couple of each and discussed below.
A ransomware attack shut down a natural gas compressor station for two days causing a “loss of productivity and revenue,” according to an alert last week from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The disruption represents a growing threat to the domestic energy sector, with more sophisticated attacks beginning to target the industrial control systems (ICS) which help to run electric grids and pipeline systems. The compressor station attack began on the information technology (IT) side of a pipeline company’s operations, but spread to the operations technology (OT) side because of a lack of system segmentation, experts say.
“Most utilities don’t have IP enabled smart grid at any scale and SCADA is a little harder to attack,” RunSafe CEO Joe Saunders said. “But as they shift, they need protection in this area. Older operating and information systems need to be protected or upgraded.”
Industry’s favorite skeptics are meeting in San Francisco this week for the RSA Conference. The drama is palpable. Last week the Dell Technologies sold the conference’s parent company RSA Security to a consortium for just over $2 billion. So, what keeps security leaders up at night? CIO Dive asked RSA Conference attendees, including RunSafe Securit CEO Joe Saunders what they are most eager to see and what they want their peers to learn.
Tysons cybersecurity firm RunSafe Security Inc. has closed an initial $6.3 million funding round as it seeks to build out its customer base and expand its sales efforts, CEO Joe Saunders said in an interview. That first close leaves room for an additional strategic investor to join the round, Saunders said. The company has already gotten backing from a number of notable firms, including San Francisco-based Alsop Louie Partners, local venture capitalist Justin Label’s Inner Loop Capital, the Center for Innovative Technology’s GAP Funds and Renegade Ventures.
The vicious cycle of imbalance between cyber attackers and defenders seems never-ending. Defenders continue to develop and implement new tools to prevent, detect, monitor and remediate cyber threats while attackers simultaneously develop new attack techniques to thwart defenses, which for all intents and purposes gives them the upper hand.
“Cyberhardening IoT systems to reduce vulnerabilities can protect risky systems already in the field.” This is just one of many reasons why Network World recently named RunSafe Security as one of 10 Hot IoT Startups to watch this year.
Defense contractors have a clear opportunity today to impel the DoD to increase the cyber resilience of weapon systems by making incremental, measurable, bottoms-up cultural changes. Dave Salwen, VP of Federal, explains more in his recent article for Defense Systems magazine.
CEO Joe Saunders spoke with CSO Magazine on the emerging cybersecurity threat known as AI Fuzzing. The article details why this may be the next big threat facing the security industry – and why nation-states and sophisticated cybercriminals are likely using it.
At RSA, Cyberscoop spoke with CEO Joe Saunders on the Securiosity podcast about the the RunSafe Pwn Index™, a proprietary score and methodology to help enterprise security teams reduce risk by tracking the average price of cyber exploits targeting enterprise and government agency software assets.
In order to give enterprises a better look at what attackers are paying for, CyberScoop has teamed up with RunSafe Security to bring you the RunSafe Pwn Index. Think of it as the Dow Jones Industrial Average for dark web exploits.
As companies increasingly rely on third-party software applications, many are losing control over their software supply chain. As globalization continues to scale and geographic constraints loosen, a strong supply chain is all but necessary to compete in the worldwide marketplace.
Solution providers will have to contend with a multitude of security-related challenges in 2019 ranging from nation-state and supply chain attacks to increased activity around biometrics and cryptomining. Here’s how we think they’ll do it.
Off-highway vehicles are now loaded with an ever-growing array of software-driven, interconnected, semi-autonomous devices, such as smart sensors, variable speed fan drives and monitors. Telematic is more prevalent and supply chains are becoming increasingly complex.
Here’s a nightmare scenario: hackers gain access to a healthcare service network, affecting 40 hospitals and health facilities, locking staff out of their computers, denying access to patient medical records, appointment schedules, and email.
Like all sectors of critical infrastructure, the oil and gas industry has emerged as a top target for cyberattack, yet most companies are not doing nearly enough to mitigate the risks. Demand for business insight and device monitoring has led many oil and gas companies to merge OT (Operational Technology), such as their control systems, with enterprise IT systems.
Cloud computing is now a primary driver of the world’s digital economy. Governments, large corporations and small businesses are increasingly implementing cloud-based infrastructures and solutions to store their sensitive data and manage their operations.
An average hospital room can house as many as 20 medical devices, and almost all of them will be networked – either wired or wirelessly.
With the many reported attacks on utilities, SCADA systems, and operational technology, I’d have to say that the level of cybersecurity awareness – especially within IIoT and ICS – is increasing.
Have you heard the one about the fish tank in the casino? A smart device in the lobby aquarium of a North American casino had been remotely monitoring temperature, salinity, and automatic feedings.
RunSafe’s Alkemist prevents scaling attacks, fileless attacks, and compromised supply chain attacks. Since it cuts down whole attack surfaces, it is well positioned to stop zero-days that depend on them.
The problem with traditional cybersecurity solutions is that they focus more on detecting symptoms rather than on addressing the underlying causes.