Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Oligo Security Takes Aim at Open Source Vulnerabilities

Oligo Security launched out of stealth on Wednesday with its runtime application security platform for detecting vulnerabilities in open source components. Oligo generates a dynamic bill of materials (BOM), identifies vulnerabilities in packages, and prioritizes fixes for vulnerabilities based on application context.

Some of the most damaging cyberattacks in the past couple of years originated in open source packages included within large, complex systems. For example, Log4Shell attacks continued throughout most of 2022 because many organizations didn’t even realize they were running a vulnerable version of Log4j. Oligo generates a dynamic BOM that shows all the components that are actually running, which helps prioritize which vulnerabilities to fix first.

Oligo profiles the legitimate behavior of each library and creates a knowledge base of libraries’ profiles. The platform fires alerts when the library activity deviates from the profile, as that would indicate suspicious activity.

“Only 15% of CVEs scanned with traditional solutions are posing a real risk, and the other 85% are irrelevant, resulting in lots of false positives and noise,” wrote Avshalom Hilu, co-founder and chief product officer of Oligo, in a technical blog post. Reducing false positives and targeting mitigation more tightly can help security staff close the most dangerous flaws first and reduce alert fatigue.

The company bases its product on extended Berkeley Packet Filter (eBPF), which allows programs to run in a sandbox within the Linux operating system kernel. This means developers can extend the operating system to improve visibility, networking, security, and other capabilities to make using containers in the cloud more secure.

With the dominance of cloud computing and expanding use of containerization tools like Kubernetes, eBPF is seeing traction. The overall container security market is expected to rise from $714 million in 2020 to $3.6 billion by 2026, and up to $8.2 billion by 2030. Besides Oligo, other eBPF startups in the cybersecurity space include Araali Networks, which offers an eBPF-based firewall; Cilium, an open source Kubernetes connectivity tool; Falco and Aqua, which make Kubernetes runtime security tools; and Calico, a cloud-native security company.

Oligo raised its $28 million funding from Lightspeed Venture Partners, Ballistic Ventures, and TLV Partners, along with several angel investors.

Related News

New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails

New Backdoor Attack Uses Russian-Ukrainian Conflict Phishing Emails

The primary targets of this phishing campaign are located in the Ukrainian regions of Crimea, Donetsk, and Lugansk, which were…
CyberSecure Announces Strategic Alliance

CyberSecure Announces Strategic Alliance

BETHESDA, Md., March 24, 2023 /PRNewswire/ — Cybersecure IPS and LockDown Inc. jointly announce that they have entered a strategic alliance to…
Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Researchers from France-based pen-testing firm Synacktiv demonstrated two separate exploits against the Tesla Model 3 this week at the Pwn2Own…