Virsec RSA

Thanks for joining us. I’d like to give you a brief introduction to Virsec and explain why applications need to be protected from the inside – not just with perimeter security. You can’t stop what you can’t see – and if you’re a Mall Cop like me, stuck on the outside, what you can see is pretty limited. I really have no idea what’s going on inside. Frankly, most of your current security tools like WAF, IPS or EDR are really just Mall Cops. You might see something suspicious…. {Shines flashlight in the eyes of a couple audience members} …like this guy… if I don’t like the way you look, I can hit the Alarm button…

 

Unfortunately, people seem to get upset when I sound the alarm and complain that I’m interfering with business with {air quotes} “False Positives” – But how am I supposed to know what really happens on the inside? And without this context, your security decisions are just guesswork. So, what’s behind those closed doors? Well, if it’s critical applications or data – it’s the crown jewels of your business, but security tools on the outside have no idea what’s happening on the inside. At Virsec, we believe that security needs to come from the inside, based on knowledge of what applications are supposed to do, while they’re live and running. In fact, runtime has becoming the new battleground for security.

 

Attackers increasingly know how to get around the Mall Cops with fileless, in-memory techniques that weaponize at runtime and don’t leave clues behind. Virsec is the first solution to protect applications comprehensively during runtime, enabling us to precisely detect and stop attacks during execution… before damage is done. Attackers are also good at finding your blind spots – gaps in security coverage that leave you exposed. To protect your critical apps you really need to cover the whole stack – from Web to Memory to Host. If you just cover the Web layer with a WAF, or the Host with endpoint protection, attacks will always go where you DON’T have defenses. Virsec has you covered from top to bottom, with full connected context across the application stack.

 

So how does this work? Well, in order to know what your applications are supposed to be doing you really need a map. This is exactly what Virsec does – we create a comprehensive AppMap that automatically determines what files, processes, executables, input and memory usage are allowed, and instantly spots and stops any deviation during runtime.

 

Let’s look at some examples… Many attacks start by inserting illicit files, processes or libraries used by applications during runtime – through the software supply chain or malicious insiders. Here the attack swaps a DLL library to inject malicious code directly into a running application making it go off the rails without triggering any conventional security tools. Virsec instantly spots this unauthorized DLL, and changes it back to the original, before rogue code can execute.

 

Let’s look at some examples… here an attacker coming in directly through the web without any help from an insider, using benign-looking data that weaponizes during runtime. Here you can see different HTTP and SQL strings – most of them are benign and could trigger false positives, but this one is going to execute and download data directly from your database. Virsec can spot this instantly, because we’re instrumented inside the application, and can see what really executes, versus what just looks suspicious… And we instantly stop it before any damage is done.

 

Now, let’s look at a memory attack. If you’re not familiar with memory attacks, you should be. MITRE recently published a report on the 25 Most Dangerous Software flaws – and top of the list, are Memory Buffer Errors. These are dangerous because few security tools can detect, let alone stop them. Here the attacker runs a script that corrupts the code to jump to an incorrect memory address, where data can be stolen. Virsec monitors the memory Control Flow of the entire application and any illicit memory usage is detected and stopped within milliseconds.

 

Virsec can effectively replace multiple security solutions you currently use including:

– Application Control – with automated whitelisting

– System Integrity Assurance – preventing unauthorized processes from executing

– Web Protection – ensuring that malicious data can’t be weaponized into code during runtime, and

– Memory Protection – control flow that instantly detects and stops in-memory attacks

 

Because we protect during runtime, and see exactly what’s going on, Virsec is precise and fast. We virtually eliminate false positives, and deliver forensics that pinpoint exactly what happened, when, and where… And with this level of accuracy, we can surgically stop bad activity within milliseconds and eliminate real attacks before damage is done. And finally, Virsec makes all of this easy. We don’t need signatures, heuristics, policy updates, or the constant tuning and tweaking required from conventional tools. So, if you’re tired of security tools that act like Mall Cops and don’t know what’s going on inside, and want security that is Better, Faster, Less Expensive to operate and Easier to maintain, you need to look at Virsec.

 

Remember – DON’T BE LEFT OUT…

 

Please stop by our demo stations and we’ll show this to you live.