DPP by Virsec protects server workloads across the entire runtime stack and eliminates false positives when deployed on bare metal virtual machines (VMs), containers, or in the cloud.
It makes security response obsolete by improving the protection that conventional, probabilistic solutions simply cannot:
• Full application stack protection at runtime, automatically protecting vulnerable workloads covering all facets including applications, files, processes, and memory space that are typically targeted by attackers.
• Only trusted execution is allowed, ensuring zero adversary dwell time and stopping an attacker’s malicious actions within milliseconds specifically protecting against ransomware, remote code execution, supply chain poisoning, and memory-based attacks.
• Detects advanced attacks at the web, host, and memory levels that bypass Extended/Endpoint Detection and Response (X/EDR), Web Application Firewall (WAF), Intrusion Detection and Prevention System (IDPS), Endpoint Protection Platforms (EPP), and Antivirus (AV) solutions. It can reduce, or entirely negate, the need for patching.
• With its read-only approach to mapping the software workload, DPP by Virsec does not harm applications while providing true protection. This allows fast deployment, performance maintenance, and automation at scale.
“Security practitioners are exhausted at the failed promise of protection when many vendors merely offer alerts after an attack on their applications. As we’ve seen with Log4j, PrintNightmare, and other recent attacks, this approach is not working,” points Virsec co-founder and CEO Dave Furneaux.
“When we founded Virsec, we took a ‘first principles’ approach to protect software, regardless of the attacker’s preferred exploit or attack method. Now, the name of our platform says it all–we can determine what your software is supposed to do and immediately stop any attack.”
Attacks continue to rise. In 2020, the FBI saw more than 2,000 ransomware incidents, and more than a 200% jump in ransom demands in 2021. Software vulnerabilities continue to plague legacy and modern systems and they share a commonality: they target – and in many cases hide within – software at its fundamental levels on hosts and in memory.
In fact, on its 20th anniversary, OWASP updated its top 10 most critical risks to applications and added a new category, Software and Data Integrity Failures. EDR and other traditional tools don’t protect against the “attack-of-the-week” as attackers change their techniques often. A new approach is needed.
DPP by Virsec secures the full-application stack – web, host, and memory – at runtime, regardless of application type or environment. This deterministic approach to security ensures precision protection for legacy unpatched workloads, consolidated VMs and containers, and provides runtime web application protection and application control.
Today, Virsec has public sector and commercial customers around the world, including the healthcare, financial services, retail, energy, and insurance sectors.
“The world has been far too patient with security vendors who claim to protect against the unyielding ransomware and remote code execution attacks crippling our businesses. Traditional approaches simply do not work. Any CISO or CIO needs to be able to walk into the CEO’s office or the boardroom and confidently say that they can not only protect against these attacks but can stop them, within milliseconds, before they do any damage. Virsec is the only company that can give these tech leaders the confidence to say ‘Yes!’” says JC2 Ventures former chairman and CEO John Chambers.
“Deterministic protection is a game-changing paradigm to reliably protect the software workloads from known and unknown security threats, in contrast to probabilistic methods, security alerts and post-damage delayed response systems. Virsec’s pioneering innovation in DPP can be the next standard-of-care for an organisation’s critical software workloads,” says Securiti CEO and Virsec board member Rehan Jalil.
“A rule of thumb when it comes to defending your organisation from advanced threats is that trust is simple, and deception is complex, and Virsec has built a platform that understands this. They have applied what advanced reverse engineers do with malware analysis, but in real-time, to understand what the expected response should be for a trusted environment and identify the difference when a threat tries to breach that trust. We talk about NextGen EDR quite often, but if there is a word that is beyond NextGen, DPP is it,” says Unit 221B CEO Lance James.
“Conventional, probabilistic security tools that require prior knowledge like signatures, make it hard for organisations to detect and prevent attacks and even harder to investigate and remediate attacks after they occur. Virsec technology protects critical application workloads from the inside against advanced attacks that often bypass conventional security. Deep application awareness and automated deterministic protection at runtime can derail advanced attacks instantly across the entire attack surface. In its evaluation of Deterministic Protection Platform by Virsec, ESG observed first-hand how Virsec’s technology automatically maps acceptable execution across workloads, without the need for signatures, tuning, or learning to deliver security that is effective and easy to manage, and that simplifies compliance,” says ESG principal validation analyst Tony Palmer.
“For the past year, SHBC has used the deterministic platform by Virsec to protect more than 100 servers from ransomware, SQL injections, and other threats. When our applications begin to deviate from their intended actions, the Virsec platform immediately detects the change and provides real-time notifications so we can remove the threats. In addition to providing a critical layer of security, the deterministic protection platform also gives our servers more power and helps them run more efficiently. Based on the success of the tool, we hope to add additional servers this year,” says SHBC IT manager Adnan Masri.
“Servers are among the most critical targets for cyberattacks. We have collaborated with Virsec to leverage their runtime protection solutions to add advanced protection capabilities for our customers,” says Raytheon Intelligence & Space systems engineer James M. Cox.
“There are a set number of conditions or outcomes that can take place when your software runs: sometimes that's a high number, but it is finite. That means we can always know what the software should do, or what ‘known good’ looks like. Virsec learns what your software should do and knows if your code attempts to do something outside of ‘known good’. When you can map and track your ‘known good’, you are automatically protected and can respond quickly. However, not knowing can allow attacks to persist and the business impact can increase. With Virsec, you always know,” says Bank of America, Global Banking and Markets former CIO David Reilly.
"All entities (enterprises and commercial software companies) must improve their practices to protect the software supply chain vulnerabilities, and this includes adding deterministic protection to the software itself in runtime across all workloads. I chose the most mature software protection capability available today, Virsec, and the results are impressive,” attests former CISO/CSO Jim Routh.
“We were looking to secure our legacy environments and had the option to leverage multiple tools across the stack, resulting in complex architecture and deployment model. Above all, we wanted to avoid any performance impact on user-facing applications i.e. compromising user experience for security. Virsec’s value proposition of delivering deterministic protection across host, memory, and application runtime as a package deal was exciting for us to evaluate while driving simplicity and performance. Above all, Virsec provided capabilities that worked out-of-box without requiring much configuration and tuning, keeping the TCO lower,” says Cognizant associate director corporate security Gaurav Sood.
“Getting involved with up-and-coming startups that will change the world is why Talons Ventures exists, and I look to revolutionary teams that will change the way we are securing organisations’ most sensitive systems and data. Enter Virsec, and their new, and correct, design. Virsec’s deterministic approach enumerates what software is supposed to be doing and stops it from doing what it is not supposed to do. It is literally what we should have always done, and it’s finally here,” says Talons Ventures president and former senior vice president chief security and trust officer John Stewart.
“Clearly, we have to approach protection against cyberattacks in a different way; the tools and techniques that were used for the last decade are not going to provide real-time protection against today’s attacks like Log4j, PrintNightmare and SolarWinds. Virsec’s new approach to protecting server workloads with their Deterministic Protection Platform (DPP) really strengthens protection in a new way that changes the game,” says Wayfair global head of security and IT risk management Marnie Wilking.