What is Intrinsic?

Intrinsic is an application runtime security technology for Node.js

“Intrinsic gave us the security technologies we needed to be comfortable using serverless architectures.”
Ben Kus
VP of Product Management, Box

Today's security solutions don't match today's threats

Securing your own code is hard—even worse, the vast majority of an average modern Node.js application is made up of untrusted open source code that unsafely interacts with your sensitive resources. Other security tools can't fully protect against malicious or buggy third-party code. They depend on pattern matching and heuristics which don't protect against the next generation of attack vectors.

A smarter way to secure your Node.js applications

Intrinsic allows you to run all code, even malicious code, safely. Intrinsic is an application runtime security technology which limits your application's privileges to exactly what is needed and nothing more. This enables you to reduce the attack surface of your application to exactly the bare minimum needed, protecting you from malicious code and zero-day attacks.

We don't monkey patch

Unlike many runtime security solutions, Intrinsic is secure by construction. Even actively malicious code can't bypass the security policies you've defined.

Deny by default

We allow you to define the exact attack surface of your application. Anything outside of those boundaries are strictly denied.

Serverless first

Intrinsic provides security guarantees on serverless functions that no other security tool can provide today.

Policies are just code

Policies are written in a simple JavaScript DSL that is deployed with the rest of your code.

Compatible with legacy applications

Intrinsic doesn't disrupt your workflow. It's compatible with legacy applications and easy to install.

We don't phone home

Your data stays with you. Intrinsic is a completely self-contained technology.

How it works

Unlike most runtime security solutions, which try to defend against application-level attacks by analyzing or monitoring behavior, Intrinsic protects against attacks by enforcing that your Node.js code only executes as expected.

Intrinsic is a new virtualization technology that lives in the Node.js language runtime. It blocks all privileged operations that are not whitelisted by your security policies.

Protecting your app is simple: include the Intrinsic library, write security policies, and Intrinsic makes sure your app runs safely.

Why Node.js?

Intrinsic is the only Node.js-specific security company. Node.js is interesting in particular because of its high level of adoption and extremely large attack surface due to the usage of third-party modules which can be malicious. We've created a technology which enables organizations and developers to truly run Node.js applications safely.

Intrinsic for AWS Lambda

Intrinsic is the best solution to secure AWS Lambda. Protect against bugs, exploits, and malicious code.

Traditional security tools aren't compatible with AWS Lambda functions and don't provide the level of security that you need.

Intrinsic enables you to define fine-grained policies that your AWS Lambda function must abide by at runtime.

We also support other serverless platforms: Azure Functions and Google Cloud Functions. Reach out to learn more.

Intrinsic for AWS Lambda code sample

Securing your AWS Lambda function is just a few lines of code!

Let's get started Get in Touch