In the last two decades – and within a timeframe shorter than a single developer’s career – software development has transformed from a mostly independent, proprietary process of writing new, unique code into a dependent process of integrating existing open-source libraries and dependencies to create desired functionality with minimal custom code. This transformation hasn’t occurred at a constant rate. Rather, it has accelerated dramatically in recent years, with the use of open-source components in new applications increasing by 259% since 2016.
On the security side, pervasive open-source dependencies represent a radical extension and complication of the software supply chain. Open-source code now exists in 99% of codebases and exclusively constitutes more than 85% of enterprise codebases. When developers work with and deploy code that they mostly didn’t write, organizations become open to an unquantifiable host of upstream vulnerabilities.
Rise of Software Supply Chain Attacks
Cybercriminals have learned to target weak points in the supply chain for amplified effect. In 2021, software supply chain attacks tripled over 2020 totals and included some of the most far-reaching and potentially catastrophic attacks and exploits on record such as the SolarWinds attack and the exposure of the Log4j zero-day vulnerability. These incidents exposed data from tens of thousands of servers belonging to global enterprises, government offices, and even federal databases.
In 2022, the trend has only continued upward, with 62% of organizations reporting supply chain security incidents in the last 12 months. For organizations running multi-cloud environments and dozens of application instances scattered in vast container clusters, staying ahead of new vulnerabilities and exploits passed into the supply chain of open-source dependencies has become a near statistical impossibility. To put it in perspective, recent research has found that attacks against open-source repositories this year have spiked 633% over 2021 totals.
Shutting Down Supply Chain Attacks with Spyderbat’s Workload Behavior Monitoring
With the deck stacked against effective advance prevention, organizations need to tackle the challenge of supply chain security from a different angle. Spyderbat’s runtime security platform opens a radical, industry-first approach to securing complex, distributed environments in real time. Using eBPF, Spyderbat deploys a lightweight nano agent to capture a live record of all system activities in and between clouds and containers workloads.
With runtime visibility based on causal relationships, Spyderbat allows organizations not only to monitor their workloads live but also enables the codification of expected workload behaviors through “fingerprinting” historical workload runtime activities. Operators use Spyderbat like a DVR to track runtime behaviors and changes across builds and environments in Kubernetes or non-containerized services. With the ability to compare previous runtime execution process and network activity with every new instance, including their causal relationships and effective user rights, Spyderbat accurately recognizes runtime deviations.
Beyond detection, Spyderbat enables policy-as-code to enable automation throughout the software development lifecycle. Image developers authorizing new workload behaviors as a result of code changes early in the development of a new feature, with the ability to lockdown this workload to misconfgurations or other threat activities in subsequent staging and production environments. Rather than relying on Machine Learning which may result in false positives, Spyderbat enables organizations to define their runtime behavior expectations for themselves. When deviations occur, Spyderbat provides a live, log-free visual representation of activity that allows operators to quickly and confidently identify causal connections and root causes.