Episode #34 - A trace-based approach to runtime security
Spyderbat continuously records ALL runtime context in an environment (from Kernel to Cloud) while providing causal linkage (recording both good & bad events alike). Alerts can then be traced along the resultant causal chain that's created. Normal behaviors can then be safely ignored, allowing practitioners to focus on more toxic combinations ONLY (i.e., Alerts-to-Traces).
Practitioners can then group behaviors for another order of magnitude reduction in alerts.
To do this, Spyderbat has developed the following algorithms:
Guardian - Records context to determine and visualize aggregate event significance in the environment. Guardian is the backbone that surfaces risk while addressing drift by comparing running applications against prior versions
Flashback - Replays the sequence of activities within/across containers at the earliest warning signs of trouble
Scout - Maps to Mitre Attack Matrix and Kubernetes Threat Matrix and identifies attacks based on suspicious behaviors.
Interceptor - Acts as automatic guardrails to protect known-good processes, extracts attackers, and rolls back misconfigurations.
Collectively this delivers on the value chain from causality through enforcement.
About Spyderbat
Founded in 2019 by serial entrepreneurs Brian Smith, CTO & Co-Founder, and Marc Willebeek-LeMair, CEO & Co-Founder, Spyderbat continuously captures runtime context to surface risk for containerized environments. With a focus on toxic combinations that map to Mitre Attack Matrix and Kubernetes Threat Matrix, Spyderbat provides automatic guardrails to protect known-good processes and to reduce overwhelming alerts. To date, they have raised $14.2M as Series A and are protected via patent regarding how they derive causal connections.
Please Reach Out
Please reach out and let us know what your own perspective is on this topic!
Satbir Sran - satbir@ink8r.com, (202)-431-0558
Darren Boyd - darren@ink8r.com, (408)-204-9779
