Polyverse Reduces Time to Market for Proactive Cybersecurity Solutions Using Amazon ECS

2021

Polyverse provides proactive cybersecurity solutions for Linux customers. Today, cyberattacks are more frequent and sophisticated: events such as the attack on the Colonial Pipeline in May 2021, which cut off nearly half of the US East Coast’s fuel supply, have made cybersecurity a top issue for many companies.

Polyverse’s cloud-native solutions, built on Amazon Web Services (AWS), revolutionize cybersecurity by helping prevent cyberattacks. The company uses a container-based architecture run by Amazon Elastic Container Service (Amazon ECS), a fully managed container orchestration service that helps companies easily deploy, manage, and scale containerized applications. Using Amazon ECS and other AWS services, Polyverse has decreased time to market, cut costs, and empowered staff to focus on innovation. “Had it not been for our use of AWS, we would likely only be at half of what we are today,” says Chris Hanaoka, head of engineering at Polyverse.

701029600
kr_quotemark

Using AWS Batch, we can throw millions of jobs at the queue, and it handles all the resource allocation and scheduling.” 

Ian Childress
Principal Engineering Manager, Polyverse

Searching for Compute to Power Proactive Security

About 70–80 percent of successful cyberattacks are memory based, and cloud-native cybersecurity solutions provider Polyverse mitigates known and unknown memory-based attacks inside Linux operating systems by recompiling the systems with a scrambled structural code. This polymorphic process means that Polyverse solutions prevent cyberattacks and alert administrators to the attempted breach. “Polymorphing eliminates 70 percent of vulnerabilities that need an immediate patch and significantly reduces the risk of being exploited during a patch gap,” says Shaina Raskin, marketing director at Polyverse. “With this preemptive defense in place, organizations can deploy security patches and protect legacy systems within standard change processes to prevent attacks.”

Polyverse’s custom compiler tool for the polymorphic process requires scalable compute capacity that spikes at random. Instead of relying on physical data centers, the solution is cloud native so that it can scale on demand. The company initially used a third-party container orchestration tool for load balancing, but the tool’s high-volume workloads repeatedly exceeded capacity limits. Next, Polyverse tried writing its own solution, but that took 5 months and still couldn’t reach the required scale. In 2017, Polyverse discovered and migrated its build jobs to AWS Batch, which helps developers, scientists, and engineers run hundreds of thousands of batch computing jobs simply and efficiently on AWS. In January 2020, AWS Batch was made available in AWS GovCloud (US) Regions, which are designed to host sensitive data and regulated workloads while addressing the most stringent US government security and compliance requirements. Polyverse began to use AWS GovCloud (US) so that it could better serve its government customers.

Exponentially Reducing Time to Market on AWS

Polyverse takes nearly all available Linux package sources and compiles and scrambles them into machine code. Its customers download these scrambled Linux packages, which function just like the original packages but look foreign to hackers. To change the configuration, the code must be fed into Polyverse’s compiler tool. Polyverse initially hoped to create one CentOS Linux 7 repository per day, but by pairing its compiler tool with the flexibility of Amazon ECS, it can comfortably create 50 per day. The company can build a Linux distribution in 2 hours or less, compared to 3,700 hours previously. “Using AWS Batch, we can throw millions of jobs at the queue, and it handles all the resource allocation and scheduling,” says Polyverse principal engineering manager Ian Childress.

That speed has significantly decreased Polyverse’s time to market, which has helped it acquire more customers and employees. From 2020 to 2021, the company’s customer base has doubled, and it is expected to double again from 2021 to 2022. Using AWS Batch also helps Polyverse maintain its Cybersecurity Maturity Model Certification, the standard for the implementation of cybersecurity across the defense industrial base. “We can partially offload security and compliance to the AWS Batch environment,” says Mike Sahari, software engineer at Polyverse. “We make sure that we have all the permissions in place so that only certain AWS resources can talk.” One of Polyverse’s customers, a US Department of Defense agency, has hundreds of applications, with multiple systems on each application. Polyverse’s solutions remove 70 percent of the attack vectors against those applications.

To run its jobs, Polyverse uses AWS Batch to scale to 16,000 Amazon Elastic Compute Cloud (Amazon EC2) Spot Instances. Amazon EC2 is a web service that provides secure, resizable compute capacity in the cloud, and Spot Instances let companies take advantage of unused Amazon EC2 capacity at up to a 90 percent discount. This compute combination has saved 50 percent in costs per build job for Polyverse, helping it deliver lower prices to its customers. Now Polyverse teams can prioritize improving products over performing low-level tasks. “We are able to focus on what makes us stand out rather than trying to be experts on all the infrastructure,” says Childress. “The customer gets a much better product.”

To help make its solutions simple for customers to install and use, Polyverse uses AWS Fargate, a serverless, pay-as-you-go compute engine that lets companies focus on building applications without managing servers. “We use AWS Fargate to run our application containers without having to manage the underlying resources needed to run them,” says Childress. “This solution provides a load balancer for our public-facing services and APIs and will scale out automatically to meet demand. Now we don’t have to worry about keeping our services highly available for our customers and can solely focus on our applications.”

Polyverse has also launched its Polymorphic Build Farm for Open Source, a collection of services built on AWS that its customers can use to build and serve polymorphic operating systems—basically, to do what Polyverse does. “We wanted to get to the heart of the software supply-chain issue and provide an ability for all our customers to control exactly what they’re building and running within their infrastructure,” says Raskin. “Polymorphic Build Farm for Open Source is one of the only solutions available that gives users the ability to own, run, build, and operate all these services.”

Bringing Polyverse Security to Hybrid Infrastructures

By running on AWS, Polyverse has become faster, has cut costs, and can focus on developing innovative new services for its customers. It expects to take advantage of Amazon ECS Anywhere—a feature of Amazon ECS that lets users easily run and manage container workloads on customer-managed infrastructure—to better serve customers who want full autonomy. Using Amazon ECS Anywhere will also make it simpler for Polyverse to retain AWS services and on-premises workloads simultaneously.

Polyverse’s proactive approach to cybersecurity and infrastructure makes it an effective solution for Linux systems. Childress says, “We’re a company with limited resources and a small team. By using AWS, we were able to deliver this product.”


About Polyverse

Founded in 2015, Polyverse provides cybersecurity solutions that protect government and security-conscious organizations from zero-day memory exploits, script injections, supply-chain attacks, and more for systems on the cloud and on premises.

Benefits of AWS

  • Reduced time to build a Linux distribution from 3,700 hours to 2 or less
  • Saves 50% in costs per build job
  • Simplified security and compliance
  • Removed low-level tasks for staff
  • Doubled customer base from 2020 to 2021

AWS Services Used

AWS Batch

AWS Batch enables developers, scientists, and engineers to run batch computing jobs.

Learn more »

AWS Fargate

AWS Fargate is a serverless, pay-as-you-go compute engine.

Learn more »

Amazon ECS

Amazon ECS is a fully managed container orchestration service.

Learn more »

Amazon EC2

Amazon EC2 provides secure, resizable compute capacity in the cloud.

Learn more »


Get Started

Organizations of all sizes across all industries are transforming their businesses and delivering on their missions every day using AWS. Contact our experts and start your own AWS journey today.