Apiiro, the industry’s first Code Risk Platform™, today announced the release of two groundbreaking, patent-pending offerings that enable organizations to detect and block attacks of the type used against SolarWinds.
One is a capability to protect against build-time code injection, which was a key element of the SolarWinds breach. The other is the ability to detect abnormal behavior in developer identities to identify compromised accounts and insider threats.
Coming on the heels of a $35M funding round from Greylock and Kleiner Perkins, these transformational technologies combine to solidify Apiiro’s position as a leader in reducing risk, from design to code to cloud. Whether or not customers have mature application and cloud security programs, Apiiro will help manage all risks in one place.
Apiiro has the innovative ability to identify, prioritize, and remediate material code changes at the design or early in the development process by analyzing numerous contextual factors, including code components, security controls, data models, developers’ knowledge, and business impact.
Combining Apiiro’s existing capabilities with the means to detect abnormal behavior in developer identities and changes between binaries and source code is a revolutionary advance that will help organizations of all types and sizes remediate risk before deploying application and infrastructure code to production.
According to Microsoft, the SolarWinds attackers compromised the build server in order to digitally sign binaries that contained 4,000 lines of malicious code. This helped the resulting files bypass existing security measures and remain undetected as they were deployed to the production environment.
Apiiro’s new capabilities enable organizations to detect changes between their executables and source code and trigger an automated remediation process that can block the attack as it happens.
“The techniques employed in the attack against SolarWinds were extraordinarily sophisticated,” said Idan Plotnik, co-founder and CEO of Apiiro, a pioneer in the User and Entity Behavior Analytics (UEBA) and cloud security space.
“Apiiro automatically identifies risky material changes by analyzing historical data across source code reposito.ries, ticketing systems, developers’ knowledge, 3rd-party security tools and cloud configurations. Adding the ability to detect abnormal code insertions and suspicious behavior is a natural extension of our platform.”
“What we’ve developed is a completely new way to make smart, behavioral aware comparisons between code flow in binaries, and in source code,” added Yonatan Eldar, co-founder and VP of R&D.
“When there are multiple risk factors to a mismatch, that indicates that the code has been tampered with. On the identity side, we’ve unified user behavior analytics with an in-depth understanding of developers’ code ownership, locations, time and expertise to create an entirely new level of suspicious behavior detection.”
Samir Sherif, the CISO of Imperva, added: “Defending against nation-state attacks is an extraordinary challenge. This is the first solution I’ve seen that can provide complete risk visibility across the SDLC and detect and block the build-time code insertion attack used against Solarwinds. This is a quantum leap forward for the industry.”
Read More: As attacks increase, leaders question API security strategies
“There are many security tools that are designed to look at completed software artifacts, but they only look narrowly at the code itself,” commented Larry Maccherone, DevSecOps Transformation Lead at Comcast.
“Apiiro looks at how the artifacts were created by taking into account developer experience and activities. The improvement in insight is huge. This level of analysis is essential for any organization looking to protect itself against SolarWinds-style attacks and reduce their overall security risk.”