Runtime security startup Oligo Security has launched Runtime Exploit Blocking, a new feature designed to halt exploit attempts at the application layer in real time. This technology operates without disrupting running containers, processes, or applications.
The move addresses a critical gap in current application security practices. Attackers increasingly use repeatable exploit techniques for initial access, a trend confirmed by recent cybersecurity reports. Oligo argues that traditional security programs often focus on vulnerability prioritization rather than active attack prevention.
Instead of defending against individual Common Vulnerabilities and Exposures (CVEs), Oligo’s new offering protects against entire classes of attack techniques. This means a single protection rule can safeguard against numerous vulnerabilities, including zero-day exploits.
"Modern attacks are built on repeatable techniques that execute at runtime, which means the only way to stop them effectively is by observing code execution at runtime," stated Nadav Czerninski, co-founder and Chief Executive of Oligo Security. "With this capability, we’re enabling customers to stop advanced exploits with first-of-its-kind precision and without disrupting uptime."
Runtime Exploit Blocking functions by correlating application-layer function calls with system-level activities. It identifies exploit attempts by recognizing specific sequences of actions that, while individually appearing normal, indicate malicious intent. Once an exploit is detected, Oligo blocks the underlying system call, allowing the application to continue operating without interruption.
The new system provides four key functions: real-time visibility into code execution via call stacks, function calls, and data flows; exploit detection by correlating application and system-level activity; nondisruptive blocking; and technique-based protection covering vulnerability classes rather than specific CVEs.
This approach aims to bridge the gap between theoretical vulnerability exposure and actual exploitation by focusing security efforts on the application runtime environment.