The modern day application is a collage of code written by tens if not hundreds of developers by way of open source code. This exponentially increases the pace of innovation and furthers the capabilities of applications, which ultimately leads to better products overall. Through the use of open source code, developing applications has never been easier and more effective.
As the pace of application development advances, so do the security implications. Applications now trust millions of lines of code written by third-parties. Companies implicitly accept potentially buggy or even malicious third-party code into their applications. More attackers are moving to the application layer as it becomes an easier attack vector to compromise sensitive data. We've seen many incidents of malicious open source modules such as eslint-scope as well as developer mistakes leading to massive data breaches which cost companies potentially millions of dollars in fines.
A new approach to security
Security products today depend on pattern matching and heuristics and can't fully protect against buggy or malicious code. To truly secure applications from the next generation of attack vectors, application code must be considered untrusted. In order to secure untrusted code you must enforce that the application can only perform its job and nothing else. This brings us to a more principled form of security than the leading security products today. Intrinsic's approach to security is to reduce an application's attack surface to the bare minimum needed, by enforcing that an application only has access to a fine-grained set of privileged resources.
Intrinsic: A principled security product
Intrinsic's goal is to provide superior principled security at the application layer without hindering the pace of innovation. To do this we've spent years in research to figure out how to make enforcement security easy and practical enough for anyone to use.
The Intrinsic product is a Node.js library that wraps Node.js applications. Application developers write policy files whitelisting the privileges of an application and Intrinsic enforces that the application abides by them. Policies are fine-grained and give access to resources such as the network, file system, child process, databases, and more. For example, a developer may write a policy that allows the application to make a GET request to a specific Twitter API. To learn more about the product, visit our product page.