Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Endor Labs Focuses on Reachability

    justmattgBy justmattgJuly 7, 2023No Comments4 Mins Read

    [ad_1]

    As the Log4j vulnerability demonstrated in a visceral way, open source code is inextricable from modern software. Developers incorporate components, snippets, and libraries from sources like GitHub when writing their own programs in order to keep from reinventing the wheel every time they build a cart. But that means that most software has dependencies even its developers don’t know about, which can lead to not realizing when a vulnerability report applies to your mission-critical application — or to scrambling to fix a severe vulnerability that is completely cut off from any source code and thus harmless.

    “With 90% of code in modern applications being open source, and 95% of vulnerabilities being found in transitive dependencies (the software packages automatically brought in by OSS), security teams struggle to prioritize the right risks for engineering to work on,” says Thuy Nguyen, Endor Labs director of demand generation. And that’s the focus of the company: prioritizing risk across open source software, CI/CD pipelines, and secrets.

    Endor does this using dependency lifecycle management, which takes into account a variety of metrics to calculate an overall risk score that a company can use to set security policies. It emphasizes how a dependency is used in the organization rather than the severity of a vulnerability. Even the worst vuln, the thinking goes, only matters if an attacker can actually get to it.

    Why Reachability Analysis?

    The company calls its approach reachability analysis. By building a complete inventory of software and then tracing every path to a vulnerability, Endor says it can determine which vulnerabilities need to be fixed right away and which can be set aside. Users can query the Endor Labs platform using DroidGPT, a chatbot that is now in beta, to figure out which open source package they can use in place of a more vulnerable one.

    Nguyen says that where Endor really stands out is in its staff, with a third of the R&D team having earned doctorates. The focus on specialization carries through to the company’s “decision to tackle one problem at a time to solve it in the right way,” as she puts it.

    DroidGPT search results for cryptographic packages in Go.
    DroidGPT search results for cryptographic packages in Go. (Source: Endor Labs)

    That first problem was open source dependencies. “We made the decision to start there and invest heavily in reachability analysis before we move forward into other solutions,” Nguyen says. The next focus areas, she says, will be prioritized secret scanning and supply chain management/configuration posture management.

    Return of the Contest

    The four finalists in the Black Hat Startup Spotlight — Endor Labs, Gomboc, Binarly, and Mobb — will present their business models to a panel of judges at the Mandalay Bay in Las Vegas. (Of the finalists, Endor Labs is the only one that also made the finals at the 2023 RSAC Innovation Sandbox.) Dark Reading’s editor-in-chief, Kelly Jackson Higgins, will host the awards on Wednesday, Aug. 9, at 4:30 pm.

    If you’re attending Black Hat in person, Endor Labs wants to lure you to its booth with a platform demo, a cute mascot, and Star Wars keychain/bottle-openers. You might also get an invite to Endor Labs’ event at the Topgolf driving range and sports bar.

    Speaking of Endor, the swag is a clue to the inspiration for the company’s name. No, it doesn’t refer to the Canaanite village where the biblical Saul consulted a witch; in this case, Endor is the forest moon in the Star Wars universe where Ewoks live. The company’s security research team is even named “Station 9” after a research station on Endor. As Nguyen says, “The story behind the name is simple — we’re just huge nerds.”

    Speed Round

    Website: https://www.endorlabs.com/
    Founded: 2022
    Funding stage: Seed
    Total funding raised so far: $25M
    Number of employees: 50
    If the company were a band, what would its band name be, and what kind of band would it be: “We would simply be named The Ewoks and play futuristic synth-rock.”
    Pineapple on pizza, yea or nay?: “We posted this question to the company Slack and it almost sparked a civil war, but the result was an exact 50/50 split, which our marketing team will break and decide YES on pineapple on pizza.”

    [ad_2]

    Source link

    Previous ArticleIranian Hackers’ Sophisticated Malware Targets Windows and macOS Users
    Next Article Close Security Gaps with Continuous Threat Exposure Management
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑