Back to blog

From our CTO: Introducing Agentless Runtime Monitoring 

Shlomi Boutnaru June 14, 2023
6 minute read
Rezilion's CTO announces the new agentless runtime monitoring capability

At Rezilion, we believe that too much time is being spent on security – especially when it comes to software. 

From our very beginning, we’ve focused on a mission to enable teams to spend less time fighting security fires and more time innovating and working on business-critical projects. Today, with the release of our new agentless runtime monitoring capability, we deliver a solution that helps our customers get closer than ever to that goal.

The Backlog Burden is Real, and Runtime Context Is the Answer

An increasing dependence on third-party and OSS components today introduces many security risks – risks that frequently make their way through to production, despite an organization’s best efforts to patch or mitigate them before they are sent live. 

And is it any wonder patching is so difficult? Many current methods of patch management are too noisy. Teams receive information about vulnerabilities, but lack meaningful context on how to prioritize what to patch. This process is time consuming, gets in the way of innovation, and also leaves organizations open to exploit while backlogs grow out of control. Rezilion first aimed to change this with our first-in-class runtime analysis capability: a way to validate software vulnerabilities in runtime to confirm their exploitability based on the users’ distinct environment, and prioritize remediation work accordingly. Using runtime validation, our customers eliminate on average 85% of the security fixes that have to be done, returning build time back to developers.

Until now, monitoring one’s runtime environment required an agent.  While some organizations feel comfortable with agents, for others they can take longer to deploy or can slow the performance of the very software one is seeking to secure.

With Rezilion, now you are free to have the best of both worlds: deterministic runtime context into the actual exploitability of your software risks, without the operational burden of an agent. Our new agentless solution has the ability to peer into the runtime execution of software without deploying an agent in runtime, and not only identifies the vulnerable components but also discerns whether they are exploitable in their runtime context. 

The Agentless Runtime Monitoring Revolution

Achieving true runtime analysis without an agent was only possible after years of research and significant breakthroughs by the Rezilion team. Our new agentless runtime monitoring solution is revolutionary for Rezilion because it allows us to deliver value to customers much faster – allowing them to connect their entire cloud environment in just a few clicks. At the same time, this solution is revolutionary for our industry because it helps teams to effectively eliminate both security and operational risk at the same time. 

The challenge at the core of this innovation was how to provide the same insights into the code being used without access to the runtime data. By default, there are no built-in logging mechanisms that keep track of or indicate which files have been loaded at the operating system or runtime environment level. We needed to infer which files are loaded while also not running at the same time that the OS and the applications are running. We did this by utilizing filesystem information. This method of operation allows us to leverage an agentless deployment because it reads only a snapshot of the filesystem of the compute we want to scan.

In order to tackle this challenge, Rezilion’s researchers applied techniques from the field of computer forensics to extract artifacts that allow reconstruction of the chain of loaded files and libraries in the OS, as well as for different runtime environments, effectively allowing for the same level of granular insight into which components are loaded to memory, yet in an agentless manner.

Rezilion Agentless Runtime Monitoring: Easy Deployment, Full Visibility

An added benefit of our agentless solution is the ease of deployment. From a customer perspective, all that is needed to apply a IaC Template that creates an IAM role and a dedicated compute that will scan the filesystem snapshots of monitored entities. That’s it.

From that point onward, the drives of the monitored entities are mounted and a Software Bill of Materials (SBOM) is created by parsing the files and the package manager’s database from the filesystems. Next, by parsing forensics artifacts of the operating system, a Dynamic SBOM is created based on the files that were loaded. Lastly, the Dynamic SBOM information is correlated with Rezilion’s Next-Generation Vulnerability Database, as well as with security advisory and threat intelligence metadata in order to produce a prioritized list of vulnerabilities that needs to be addressed so that security teams will be able to focus on attending to the truly exploitable vulnerabilities that pose the most amount of risk. Using Rezilion’s Smart Fix capability, users can also get actionable remediation recommendations that take into account both security, and operational risk.

With Rezilion, organizations can immediately benefit from the following features:

  • No maintenance overhead or operational risk – Detect, aggregate, prioritize and remediate and with no maintenance overhead. No additional code or agent execution on customer machines means no interference with product performance. 
  • Dynamic SBOM gives you real-time visibility  – Unlike other agentless solutions that only offer a static understanding, Rezilion provides a Dynamic SBOM, which reveals both software components AND how they’re being executed in runtime, providing organizations with the tools to know where bugs exist – and also whether or not they could be exploited by attackers. 
  • Faster and easier deployment – Rezilion can now be deployed through a seamless workflow managed entirely from Rezilion’s platform UI. Simply connect in a cloud provider account and run.

An Easier Path Forward for Supply Chain Security is Here

A new chapter in software supply chain security has arrived with Rezilion’s Agentless Runtime Monitoring solution. We are proud to continue leading the way forward with innovative solutions that will transform how security and developers approach and manage software risk, without an agent to slow them down.

We’d love to show you how it works and how easy it is to get started. Schedule a free risk assessment today at https://info.rezilion.com/lp/demo-agentless-runtime-free-risk-assessment to see the difference for yourself.

About the author: Shlomi Boutnaru is the co-founder and CTO of Rezilion.

Keep reading

The CVE-2023-5217 Deja Vu – Another Actively Exploited Chrome Vulnerability Affecting a WebM Project Library (libvpx)
Blog

The CVE-2023-5217 Deja Vu – Another Actively Exploited Chrome Vulnerability Affecting a WebM Project Library (libvpx)

Read Now
What Exactly Is Application Security Posture Management?
Blog

What Exactly Is Application Security Posture Management?

Read Now
Rezilion Researchers Uncover New Details on Severity of Google Chrome Zero-Day Vulnerability (CVE-2023-4863)
Blog

Rezilion Researchers Uncover New Details on Severity of Google Chrome Zero-Day Vulnerability (CVE-2023-4863)

Read Now

Reduce your patching efforts by
85% or more in less than 10 minutes

Get Demo