RunSafe Security, a vendor of cyberhardening technology for embedded systems across critical infrastructure, announced on Monday the launch of its newest innovation, the RunSafe Risk Reduction Analysis, which analyzes total exposure to Common Vulnerabilities and Exposures (CVEs) and memory-based zero days in software. Designed for cybersecurity professionals and embedded systems developers, the solution provides much-needed insight into system vulnerabilities as well as data on how runtime mitigations can drastically reduce software exposure.
Critically, the RunSafe Risk Reduction Analysis, part of the company’s Identify solution, focuses on the identification and mitigation of memory-based vulnerabilities, which are one of the most exploited classes of security flaws in modern embedded systems. Memory safety flaws leave software susceptible to attacks such as arbitrary code execution, privilege escalation, denial-of-service (DoS), and data theft.
The Risk Reduction Analysis reveals total exposure to these critical flaws while measuring the risk reduction achieved when applying advanced runtime protections.
“Memory safety issues continue to account for nearly 70% of vulnerabilities in embedded systems,” said Joseph M. Saunders, founder and CEO of RunSafe Security. “With the Risk Reduction Analysis, we’re giving organizations the tools and insights to eliminate an entire class of vulnerabilities, significantly improving their resilience against remote code execution attacks and other exploits.”
The Risk Reduction Analysis works by analyzing a software binary or an SBOM to calculate the risk to embedded systems. The tool’s ability to quantify memory-based zero days is developed out of novel research from Linköping University and calculates the number of binary attack vectors, or return-oriented programming (ROP) chains, within software. In an example analysis, the tool revealed that the software was exposed to 1.6 million potential ROP gadgets, but with runtime protections applied, there was a risk reduction of more than 98.28 percent.
As part of the launch, organizations will be able to access a live walkthrough of the Risk Reduction Analysis with sample data.
Last September, RunSafe Security announced the completion of a $12 million Series B financing round. The investment round, which includes participation from new and existing investors, will accelerate new product development and market expansion to EMEA and APAC. The investment round led by Critical Ventures and SineWave Venture Partners also includes BMW i Ventures, Working Lab Capital, Lockheed Martin Ventures, HyperLink Ventures, Iron Gate Ventures, Alsop Louie Partners, and NextGen Venture Partners.
