ActiveState Platform Demo: Python Runtime Security

Get a short demo of our agentless python runtime security solution that allows you to:

  • ensure security at runtime: Security is built-in, embedded in the language interpreter.
  • minimize attack surface: Use the packages you need. Identify what you don’t need.
  • get a key risk indicator dashboard: See all security & compliance issues at a glance in real-time.
  • profile risk: profile vulnerability & usage. Gain better triage at runtime.
  • reduce time to detection: Track & update vulnerabilities in real time.

Learn more and see how you can also manage dependencies in this webinar.

What we’re doing is having a plug-in that plugs into you, that’s integrated with the Python interpreter, and then can basically monitor import statements, report those to the platform, which is on your dashboard, and asynchronously report back to you whether you have a vulnerability or not. And there’s no performance impact to your program whatsoever, really. We called it the no-discipline, zero-discipline approach to runtime security because it’s not done just at build time, and it’s not just done at test time – it’s done at runtime, all the time. And you can integrate it during development, so you can install this plugin – like I have it on my machine here – and it can basically just be constantly scanning. But you don’t have to be thinking about it, and it’s not slowing down your your application at all, so it’s something that we think is a unique solution here.

These are the questions that you need to consider – what do we do when there’s security vulnerabilities in one of your dependencies? This is definitely a problem, where you might not really know all of the dependencies, or it might not be front of mind, so you’re not super conscious that NumPy has 15 dependencies or something like that. Or some other program – if you were working in Node.js world, it might have 50 or 100 dependencies, and so there’s a lot of code that you aren’t directly auditing and maybe don’t have eyes on directly because it’s kind of hidden from you. Also, how many times – especially in a large organization – have you had an application that’s deployed, that sits live in the production server, but isn’t necessarily updated very frequently? It gets deployed, it sits there, it’s working, but it’s not getting regular patches and regular updates. And it was secure when you built it, but is it still secure when it’s running out there live in the world? So this is something where, if you have the runtime security plug-in, then essentially every time it hits that code path –  which, in the case of imports, is generally speaking anytime somebody hits the server and it executes the script – then it will be scanned and you will get a report on that, so that you can get live reports when it’s in the wild. Those are things to consider when you’re thinking about the difference between runtime security and build time security.

Again, this is one component of this evolving ActiveState Platform. This is the zero-discipline runtime check, and so right now, let’s take a look at how we can configure that and what kind of results it can give us. It’s really really simple to configure and get working in your part.