Reachability Analysis in Application Security
Comparative Study and an Evaluation of Recent Innovations and Approaches for AppSec Teams
The increasing complexity of cloud-native applications has elevated the importance of managing application security with precision. Among emerging solutions, reachability analysis stands out for its ability to contextualize vulnerabilities based on their exploitability. This blog evaluates three key methodologies—code-level, container-level, and runtime-level reachability—while introducing an integrated approach pioneered by Kodem Security. Kodem's unified model combines insights from all three layers, creating the most accurate and actionable Software Composition Analysis (SCA). By leveraging static data and runtime intelligence, Kodem accelerates remediation, reduces false positives, and builds robust application-specific security postures. We incorporate insights from recent industry research, including Latio Pulse's comparative static and runtime reachability analysis, to contextualize Kodem’s innovative methodology.
An Overview Reachability Analysis
The dynamic nature of modern applications has exacerbated the challenge of identifying and remediating security vulnerabilities. Traditional tools, such as static analysis (SAST), dynamic analysis (DAST), and Software Composition Analysis (SCA), have long been employed; however, they often fail to contextualize vulnerabilities effectively, leading to misaligned priorities and wasted resources.
Reachability analysis addresses this gap by assessing whether vulnerabilities are exploitable within specific system contexts. This blog examines the strengths and limitations of current reachability approaches and introduces Kodem Security’s unified framework, which integrates static and runtime insights to deliver unparalleled precision and efficiency.
Code-Level Reachability
Code-level reachability relies on static analysis to examine control flows and call graphs for potential vulnerability execution paths:
Advantages: Early-stage detection of vulnerabilities and comprehensive coverage of the codebase.
Limitations: High false-positive rates due to lack of runtime context and inability to account for dynamic application behavior (Latio Pulse, 2024; Oligo Security, 2024).
Container-Level Reachability
Container-level analysis evaluates dependencies and configurations within containerized environments:
Advantages: Insights into vulnerabilities from the software supply chain and risks related to container configurations.
Limitations: Limited to container-specific vulnerabilities and misses application-level or runtime dynamics (Endor Labs, 2024).
Runtime Reachability
Runtime reachability assesses vulnerabilities by observing actual application execution, focusing on what is actively reachable:
Advantages: High precision by correlating vulnerabilities with execution paths and context-specific insights into active threats.
Limitations: Requires monitoring in live environments and is limited to observed paths, potentially missing dormant vulnerabilities (Latio Pulse, 2024).
Static vs. Runtime Reachability
Recent research highlights the importance of distinguishing between static and runtime reachability:
Static Reachability: Offers breadth but lacks contextual precision. Useful for pre-deployment detection but struggles with false positives.
Runtime Reachability: Provides precise insights into active threats but requires operational monitoring. Complements static analysis by validating execution paths and narrowing focus to exploitable vulnerabilities (Latio Pulse, 2024).
Latio Pulse (2024) emphasizes that combining static and runtime analysis is essential for comprehensive vulnerability management. Static reachability ensures broad coverage, while runtime reachability contextualizes findings to prioritize remediation efforts effectively.
Kodem’s Unified Approach to Reachability Analysis
Cross-Layer Correlation
Kodem combines static, container, and runtime reachability to establish contextual relevance:
Integration: Links static vulnerabilities to runtime execution and container configurations.
Prioritization: Focuses on vulnerabilities actively reachable in runtime (Latio Pulse, 2024; Gartner, 2024).
Dynamic Observability
Using eBPF-based telemetry and AI-driven analytics, Kodem provides real-time data on active attack paths and execution paths for dynamically loaded and executed libraries (Kodem Security, 2024).
Accelerated Remediation
Kodem accelerates remediation by:
- Filtering out vulnerabilities irrelevant to runtime security contexts.
- Directing developer efforts toward high-impact threats, reducing triage time (Latio Pulse, 2024; Gartner, 2024).
Application-Specific Security Posture
Kodem’s comprehensive approach builds an application-specific security posture by $integrating insights from static, container, and runtime layers. This enables organizations to proactively manage their attack surface.
Conclusion
Reachability analysis is critical for modern application security, transforming how vulnerabilities are prioritized and remediated. Kodem’s integrated approach synthesizes static, container, and runtime reachability and delivers superior precision and efficiency. Kodem’s methodology sets a new standard for application security by accelerating remediation and minimizing false positives.
References
Endor Labs. (2024). 5 types of reachability analysis (and which is right for you). Retrieved from https://www.endorlabs.com.
Gartner. (2024). Hype cycle for application security, 2024 (ID G00811587).
Latio Pulse. (2024). Comparing static and runtime reachability. Retrieved from https://pulse.latio.tech.
Oligo Security. (2024). Loaded vs. executed libraries. Retrieved from https://www.oligo.security.
More blogs
.png)
.png)
A Primer on Runtime Intelligence
See how Kodem's cutting-edge sensor technology revolutionizes application monitoring at the kernel level.
Platform Overview Video
Watch our short platform overview video to see how Kodem discovers real security risks in your code at runtime.