Cookie Consent by Free Privacy Policy Generator Update cookies preferences

Why Invary: A Cybersecurity Veteran's Perspective

By
Scott Fuhriman
,

Cybersecurity has been both my passion and profession for decades. I have fond memories of my early years, devouring technical books and earning challenging certifications. I thrived on digging into details, experimenting in labs, and uncovering how technology truly worked. That passion has never faded.

Over the years, I’ve watched the security industry evolve from simple antivirus solutions to sophisticated AI-driven threat detection. Yet, one thing has remained constant: attackers always find a way to get ahead due to continual vulnerabilities in software and people. The most dangerous threats don’t just bypass defenses; they burrow deep, hiding where even the best security tools can’t see them.

That’s why I joined Invary. I believe in the power of a revolutionary security mechanism known as Runtime Integrity Measurement, sometimes called Kernel Integrity Measurement. For simplicity, I’ll refer to it as Runtime Integrity throughout this article.

A Career of Chasing Hidden Threats

My unplanned career in infosec and cybersecurity has been shaped around finding and stopping threats that evade detection. I’ve designed Computer Forensics programs, built and led Security Operations Centers (SOCs), performed security audits, ran compliance efforts, and created and sold Managed Security Service offerings. I’ve architected and deployed network segmentation strategies, firewalls, VPNs, IDS/IPS, SIEM, IAM, endpoint protection, and many other technologies to address technical controls.

Despite these layers of defense, one fundamental problem persists:

What if the system itself is deceiving you?

This is the blind spot that Runtime Integrity solves.

Why Runtime Integrity?

I’ve evaluated countless security solutions, but Runtime Integrity stands apart. Unlike tools that rely on logs, signatures, or behavioral analytics, methods attackers can manipulate, Runtime Integrity directly measures, validates, and attests to the integrity of a system’s core functions. It analyzes over a million data points, mapping the kernel’s data structures, code sequences, memory, and hardware interactions.

This changes everything.

Detecting the Undetectable

Advanced threats like rootkits, fileless malware, and kernel-level attacks have long been cybersecurity’s Achilles’ heel. Traditional security tools assume the operating system is trustworthy, but attackers manipulate the OS itself, feeding false or no information to security stacks.

A few recent examples of these stealthy and evasive attacks:

  1. Exploited Linux Kernel Flaw CVE-2024-53104; first reported Dec. 02, 2024, by CISA
  2. PUMAKIT Linux rootkit; first seen Sept. 4, 2024, by Elastic Security Labs
  3. Exploited Windows Kernel CVE-2024-21338; first reported Feb. 13, 2024, by CISA

Runtime Integrity doesn’t ask the OS what’s happening like existing technologies do, it verifies the system itself. It continuously and independently validates that no unexpected changes have occurred, instantly exposing stealthy intrusions. Regardless of which security tools you’re using today, a compromise at the kernel of the OS can and does undermine everything. This can be easily demonstrated to be a fact.

Security Without the Bloat

One of my biggest frustrations with security tools is the trade-off between effectiveness and system performance. We aren’t talking about any one vendor here; many solutions are complex, resource-intensive, and often even introduce stability problems. Invary breaks that cycle.

Its technology is highly optimized, consuming minimal system resources while providing real-time integrity verification. There’s no need for complex model training, heavy log parsing, or waiting for known events to trigger—just clear, verifiable truth about a system’s integrity and maintaining a state of invariance.

Real-Time Incident Response and Root Cause Analysis

I have managed countless incident response efforts of many different types. Incident response is often a race against time. Identifying patient zero, or the initial point of compromise, and ensuring complete remediation is critical. Many teams resort to what seems like the “easy button” by restoring systems, sacrificing valuable forensic data missed by existing tools. It is so easy and fast! <said with sarcasm> I have seen plenty of times where the business decided during the incident that restoring wasn’t an option. For example, the organizations didn’t know how far back they had to go to ensure the compromise wasn’t restored back into the environment and they couldn’t afford the restore time of over 100 servers. Instead, they chose to bring me in and a third-party response team to manually clean the environment which consisted of over 100 infected servers that continually re-infected themselves. How do you know you are clean, or are you holding your breath and crossing your fingers and toes?

Runtime Integrity accelerates this process by showing not just that something has changed, but when, where, and how. Security teams receive alerts without sifting through logs, trying to discover evidence, or piece together what has happened. AI has its place in cybersecurity, but when attackers move and shift the proverbial needle in the haystack, traditional detection methods often fail. Runtime Integrity provides undeniable evidence of tampering, allowing immediate action and decision making.

The cost savings alone can be significant with fast detection, impact containment, smarter decision-making, and reduced dwell time and cleanup efforts.

The Unspoken Hero of Zero Trust

Zero Trust Architecture (ZTA) has transformed cybersecurity, significantly improving security postures when properly implemented. However, a critical gap remains:

If an attacker compromises the kernel, they can manipulate everything.

Runtime Integrity closes this loophole by ensuring what should be considered a foundational layer of Zero Trust, the system itself, remains uncompromised. Without appraised runtime integrity, Zero Trust is only as strong as its weakest link. With Runtime Integrity, ZTA becomes stronger, reinforcing trust across the entire security stack.

Future-Proofing Cybersecurity

Runtime Integrity isn’t new. Our technology was initially developed by the NSA in collaboration with academia and industry partners, and it has been adopted in some of the most critical systems you can imagine. It wasn’t just built for today’s threats; it’s designed for the future.

With active work to expand into eBPF monitoring, another growing attack vector, and work on Windows, Invary is positioned to become the standard for runtime security across all platforms, and is already deployed and deployable for Trusted Computing, AI, Embedded Systems, and custom kernels. Further efforts will include moving into user space integrity measurement and validation and adding prevention capabilities to prevent the hidden changes advanced malware makes.

Looking Ahead

Many organizations still believe they aren’t targets for advanced threats. A recent poll I conducted showed that 71% of 103 respondents felt their current security stack of XDR, EDR, and/or SIEM could detect stealth malware like rootkits and APTs in real-time. While a small sample, it highlights a common bias: overconfidence in existing tools.

Reality tells a different story. Advanced attacks often go undetected for months, sometimes years. As AI accelerates malware development, sophisticated attack techniques will become more accessible to less sophisticated attackers. Cybercrime, geopolitical conflicts, and nation-state warfare will only intensify the stakes. Even those who aren’t primary targets can become collateral damage.

Joining Invary wasn’t just a job choice, for me it was a commitment to solving one of cybersecurity’s biggest challenges. The industry has spent decades reacting to threats, investing untold resources into chasing attackers. With Runtime Integrity, we can finally proactively ensure that systems remain in a trusted state, establishing an enhanced foundation of trust to help in identifying and shutting down attackers.

This is the missing piece in modern cybersecurity, and I’m thrilled to be part of the team bringing it to the world.

©2025 Invary. All rights reserved.
Privacy PolicyTerms & ConditionsInvary Linkedin