Knowledge Base

Invary's approach to Runtime Integrity is built on unique intellectual property developed by the NSA, which enables our technology to provide a higher level of assurance than traditional runtime integrity services that use simple techniques like hashing. Unlike these services, Invary's technology is designed to understand the complex structure and interactions of a kernel at runtime, and to validate that the system is behaving within its intended invariance as defined by its underlying code.

What's more, our approach is non-intrusive and does not require the installation of any extraneous kernel modules or customized kernels. We recognize that your systems are performing critical tasks with demanding performance requirements, so our software is designed to operate with minimal impact on your workloads.

With Invary, you can be confident that your system is functioning exactly as intended, and that it is protected from a wide range of potential threats, without compromising your system's performance or stability.

Invary validates the Runtime Integrity of operating systems by efficiently taking measurements of your virtual or physical machines with the Invary Sensor at runtime then appraising those measurements against a predefined known good baseline on the Invary platform.   Check out this video to learn more. 

Invary offers two services:  

Our flagship Runtime Integrity Service provides advanced continuous protection of your operating systems, and retains a history of your system’s integrity.  It offers notifications of failed integrity appraisals as well as an API and Webhook to integrate our intelligence & alerts into your SIEM or monitoring solution.  

Our Runtime Integrity Score service allows you to spot check the Runtime Integrity of any system for free, providing a one-time appraisal.

Invary detects malware that changes the Runtime Integrity, or intended behavior, of your operating systems, and prevents them from undermining the rest of your security stack. Invary’s technology makes it possible to identify novel zero day attacks or attacks generated by AI because Invary focuses on validating intended behavior and has no need to “learn” new malicious behaviors before identifying them.

Watch Invary in action to learn more.

No, Invary can appraise your operating systems immediately and provide you with a clear and accurate view of your Runtime Integrity.  

Invary was designed for cloud native environments and runs on all major cloud platform providers including AWS, GCP, and Azure. In addition Invary supports both type 1 and type 2 hypervisors.  

Invary currently supports the following x86-64 distributions:

AlmaLinux
AWS Linux 2 and 2023 
CentOS 7 and 8 
Debian 9, 10, 11, and 12
Red Hat 7, 8, and 9
Rocky 9.x
Ubuntu LTS releases 18.04, 20.04, 22.04, 22.10, 23.04

Invary supports most kernels. Invary advocates you stay up to date on installing the latest kernels, and typically adds support for new kernel releases the same day.  Invary is continually adding support for additional distributions.

If you have a distribution or kernel that you wish to be supported please contact us at [email protected].

Invary is currently working on a version that supports Windows. For more information contact us at [email protected] 

Measurements typically take less than 10 seconds, and your appraisal is ready seconds after that.  Times may vary depending on the size and load of your system. 

Invary utilizes sophisticated algorithms to generate a detailed graph that accurately represents the current state of your system, including kernel data structures and their interdependencies. It's important to note that Invary is designed as a read-only service and does not modify, collect or store any of your personal data.  For more details please read our measurement specification. 

Invary is designed for seamless operation with minimal performance impact on virtual and physical machines, across cloud-native, hybrid, and on-premises environments.  

We are in the process of open sourcing the Invary Sensor, and expect to publish it in Q3 2023.  

To ensure the accuracy and reliability of its appraisals, Invary compares each measurement against a baseline stored in our inventory of pre-captured baselines. These baselines are generated from a wide range of distributions and kernel versions. By drawing on this diverse inventory, Invary can identify even subtle deviations from the norm and provide you with a more thorough and comprehensive appraisal of your system's integrity.  

See the Invary Sensor Guide for details. 

Invary’s Runtime Integrity Service offers a webhook to stream Runtime Integrity events to your system of choice.  Invary also offers an API to pull appraisals and endpoint information.  See our developer guide for more information. 

Invary’s Runtime Integrity Service supports: Invary authentication, Google authentication, or OIDC.

Invary was established through a collaboration between seasoned security researchers and highly experienced operators of internet-scale software platforms. With decades of combined experience in both the operational aspects of security at scale and research in the field of secure computing, our team brings a wealth of expertise and insight to the development of innovative security solutions.

Our unique blend of practical experience and cutting-edge research enables us to deliver highly effective solutions that address the real-world challenges faced by organizations today. By combining our extensive knowledge of the security landscape with our deep understanding of secure computing technologies, we're able to provide our customers with the confidence and peace of mind they need to protect their critical assets in a constantly evolving threat environment.