Atomicorp is a cybersecurity startup focused on providing security to small, medium and enterprise customers for almost any platform – Linux, Windows, MacOS, Bsd, Solaris, AIX, HP-UX, VMS – with solutions available across the system from the operating system’s core all the way to the application layer. Unlike other cybersecurity firms that focus on edge products, centralized management services, and consulting to cybersecurity professionals, Atomicorp seeks to help those who may not have any experience in the discipline or whose technology experience is outside the cybersecurity field.
Atomicorp’s founders, CEO Michael Shinn and CTO Scott Shinn, also take a unique approach to human behavior and decision making. Many organizations – regardless of their size, industry or internal composition – presume success is defined by perfection and the cybersecurity industry fosters this framing of reality. Systems are always perfectly patched, edge devices are perfectly configured, and cyber tools are always working in harmony together. When situations are otherwise – that is failure. Correcting this abnormality demands accountability and remediation.
Yet every technology system is flawed as are the teams who build them. Perfection is a dream. Atomicorp assumes the technology and human capital are flawed and will continue to make mistakes. Embracing this reality – the way the world really works – has led Atomicorp to build solutions that place human decision making at the center of their design thesis. Their focus is taking corrective action – not generating alerts or notifications for evaluation. Their solution is security for everyone.
For example, Atomicorp has rewritten much of the linux kernel for Redhat and Ubuntu platforms with drop-in replacements that run in parallel with the original modules. Rebooting a device after activating one or more modules is not necessary. As a former systems engineer, who worked to reboot several thousand devices after security patching and updates, this is significant. During my interview, we discussed a number of Atomicorp’s modules. I will focus on one and expand upon it for context.
A long standing, common attack computer systems face is heap exploitation or buffer memory overflow. In brief, computer memory is divided virtually into dedicated areas – kernel and user – with a small third section for threading and return addressing. The purpose behind these divisions – the kernel gets the top half and user applications get the bottom half – is to maintain order and manage resources efficiently. Kernel software can read user program memory, but program memory (in theory) cannot read kernel memory. When a user program loads into memory it contains executable files, necessary libraries for those executables, and data. Each needs a spot in memory and stack threads to tie all of these components together sequentially. This paradigm allows for gaining and yielding memory space efficiently.
In a buffer overflow attack, a user application will write more information to a location in memory than there is available space with a file that is very large or where there are a growing number of variables. In these cases, thread data gets destroyed – such as return addresses – and this allows for executable code to be inserted and with it the potential to accomplish many nasty actions – such as destroying files or encrypting data for ransom.
Linux kernel producers – such as Redhat and Oracle – and open projects – such as CentOS – have incentives to provide security and the Linux environment is among the most secure. But with competing market pressures, large and diverse installation bases, including billions of IoT devices, and user applications that can break after a kernel upgrade in the field, the reality for stakeholders is more complicated. In addition, much of the Linux kernel and third party libraries are written in C language, C++, or Objective C. C language is old and has well known limitations, where addressing one area leads to issues in others. Security Enhanced Linux (SELinux) was designed to address these challenges, but its Mandatory Access Control (MAC) system is very challenging to implement and maintain. Many organizations do not use it as a result.
Therefore, Atomicorp’s focus has been to enhance security at the foundational level in ways that are easy for technical teams to implement using approaches and tools they already know and understand. So, whether a team’s focus is development, devOps, or systems engineering in the cloud, Atomicorp’s Kernel modules can be added with ease and provide security at the very core of Linux.
For buffer overflows, the firm enhanced the functionality around managing memory allocation in the both the kernel and user spaces. Data – regardless of velocity and size – cannot be read from user memory space. Their solution pads memory space and has a progressive punishment scheme whereby a particular application, user, or service will be throttled and kicked off the system completely. In this environment, an application may load into memory but it won’t be able to run.
Atomicorp is so confident in their approach they do not use firewalls to protect their systems. Only their endpoint modules provide enterprise level security – cloud and local. Thus, there is no need to define cybersecurity by edge device, centralized management, or systems integration and force technology teams into burdensome, never-ending cycles of reaction.
As a strategist, I like Atomicorp’s approach for several reasons. First, their initial focus was on a market segment with greater security awareness – Linux systems – and this community’s proactive ethos. As a former Unix/Linux systems engineer, security was never thought of a delegated task but an activity to be on top of systematically. They now have expanded to include most OSes at the request of their customers as most have heterogeneous environments.
Second, they assume hackers will gain access to a computer device or network and that any system is a mound of flawed human decisions and compromises. They never assume systems will ever be perfectly patched or that everyone cares about security.
Third, their solutions default settings are to take an action – prevent a service from running or lock a user out of a system or device – instead of providing alerts, reports, or leads for future investigation. A system administrator can always turn an Atomicorp kernel module down, but that is an explicit action not a default set of procedures. The company’s security stance is forward looking and proactive. Atomicorp seeks an outcome.
Fourth, they have a clear sense of who they are selling to – technology professionals responsible for security. However, these same technologists may not be particularly familiar with the core functionality of every OS on their network. So, a simple implementation solution running in parallel with their existing setup is of enormous value. To emphasize this point, they had 1,000 customers before they hired their first sales professional and a current major challenge is finding the right human capital to meet their growing customer base. Growing demand for their products reflect the firm’s understanding of its buyers and solving their immediate pain points means significant demand for security additional solutions.
Finally, and philosophically, Atomicorp embraces human fallibility and places it front and center as an opportunity. Bruce Schneider is well know for stating, “Amateurs hack systems, professionals hack people.” Atomicorp is also hacking people. However, they are doing so in ways that foster genuine security at a base level to shape desirable outcomes, with actions based on how the world really works. In the cybersecurity industry, this thesis is unusual. But, as the scope of threats expand and existing solutions fail to achieve desired end goals rethinking the way cybersecurity is defined will be critical for everyone.
I look forward to watching how Atomicorp grows over the next eighteen months and getting back in touch for an update on their progress.
Stay tuned.
