Virsec announced its Deterministic Protection Platform (DPP), ensuring better protection against all known and unknown threats to software workloads, and reducing threat actor dwell time from minutes to milliseconds, with true protection and runtime observability. Combining the broadest attack coverage and highest accuracy in the industry, DPP by Virsec protects server workloads across the entire runtime stack, eliminating false positives, when deployed on bare metal, virtual machines (VMs), containers, or in the cloud.
DPP by Virsec is the next evolution of the company’s flagship and award-winning Virsec Security Platform (VSP), which was the first solution that could truly eradicate threats to the software workload at runtime in real-time. DPP by Virsec makes security response obsolete by improving the protection that conventional, probabilistic solutions simply cannot:
Full application stack protection at runtime, automatically protecting vulnerable workloads covering all facets including applications, files, processes, and memory space that are typically targeted by attackers.
Only trusted execution is allowed, ensuring zero adversary dwell time and stopping an attacker’s malicious actions within milliseconds against both known and unknown threats—specifically protecting against ransomware, remote code execution, supply chain poisoning, and memory-based attacks.
Uniquely detects advanced attacks at the web, host, and memory levels that bypass Extended/Endpoint Detection and Response (X/EDR), Web Application Firewall (WAF), Intrusion Detection and Prevention System (IDPS), Endpoint Protection Platforms (EPP), and Antivirus (AV) solutions. It can reduce, or entirely negate, the need for patching.
With its read-only approach to mapping the software workload, DPP by Virsec does not harm applications while providing true protection. This unique approach also allows for fast deployment, performance maintenance, and automation at scale.
“Security practitioners are exhausted at the failed promise of ‘protection’ when many vendors merely offer alerts after an attack on their applications. As we’ve seen with Log4j, PrintNightmare, and other recent attacks, this approach is not working,” said Dave Furneaux, Cofounder and CEO of Virsec. “When we founded Virsec, we took a ‘first principles’ approach to protect software, regardless of the attacker’s preferred exploit or attack method. Now, the name of our platform says it all–we can determine what your software is supposed to do and immediately stop any attack.”
Attacks continue to increase exponentially. In 2020, the FBI saw more than 2,000 ransomware incidents, and more than a 200% jump in ransom demands in 2021. Software vulnerabilities continue to plague legacy and modern systems and the commonality among these events is that they target – and in many cases hide within – software at its fundamental levels on hosts and in memory. In fact, on its 20th Anniversary, OWASP updated its top 10 most critical risks to applications and added a new category, Software and Data Integrity Failures. Attackers are constantly changing their techniques. EDR and other traditional tools don’t protect against the “attack-of-the-week.” A new approach is needed.
DPP by Virsec secures the full-application stack – web, host, and memory – at runtime, regardless of application type or environment. This deterministic approach to security ensures precision protection for legacy unpatched workloads, consolidated VMs and containers, and provides runtime web application protection and application control. The platform’s coverage for all of these use cases helps organizations achieve better protection, reduce the cost of operations, and ensures continual compliance, aiding their overall business outcomes.
Today, Virsec has public sector and commercial customers around the world, including the healthcare, financial services, retail, energy, and insurance sectors.
DPP by Virsec is available now via an annual subscription. To learn more about how DPP can benefit your organization, request a demo or download the Enterprise Strategy Group (ESG) Report, ‘Deterministic Protection with Virsec’ https://www.virsec.com/resources/learning-center/esg-report-deterministic-protection-with-virsec.
Virsec is on a mission to make security response obsolete. Taking a ‘first principles’ approach to protection, Deterministic Protection Platform (DPP) by Virsec automatically and consistently maps exactly what your software is supposed to do and stops, in milliseconds, any deviations — preventing attackers from leveraging vulnerabilities to execute control and run malicious code. DPP by Virsec is a proven technology that enables leading government and commercial organizations around the world to protect their server workloads, at runtime, against ransomware and other known and unknown threats, reduce operating costs and meet key compliance requirements. Virsec is headquartered in San Jose, California, with offices all over the world.
John Chambers, Former Chairman & CEO, Cisco, and CEO, JC2 Ventures said, “The world has been far too patient with security vendors who claim to protect against the unyielding ransomware and remote code execution attacks crippling our businesses. Traditional approaches simply do not work. Any CISO or CIO needs to be able to walk into the CEO’s office or the boardroom and confidently say that they can not only protect against these attacks but can stop them, within milliseconds, before they do any damage. Virsec is the only company that can give these tech leaders the confidence to say, yes!”
“Deterministic protection is a game-changing paradigm to reliably protect the software workloads from known and unknown security threats, in contrast to probabilistic methods, security alerts and post-damage delayed response systems. Virsec’s pioneering innovation in DPP can be the next standard-of-care for an organization’s critical software workloads.” — Rehan Jalil, CEO, Securiti and Board Member at Virsec.
“A rule of thumb when it comes to defending your organization from advanced threats is that trust is simple, and deception is complex, and Virsec has built a platform that understands this. They have applied what advanced reverse engineers do with malware analysis, but in real-time, to understand what the expected response should be for a trusted environment and identify the difference when a threat tries to breach that trust. We talk about NextGen EDR quite often, but if there is a word that is beyond NextGen, DPP is it.” – Lance James, CEO Unit 221B
“Conventional, probabilistic security tools that require prior knowledge like signatures, make it hard for organizations to detect and prevent attacks and even harder to investigate and remediate attacks after they occur. Virsec technology protects critical application workloads from the inside against advanced attacks that often bypass conventional security. Deep application awareness and automated deterministic protection at runtime can derail advanced attacks instantly across the entire attack surface. In its evaluation of Deterministic Protection Platform by Virsec, ESG observed first-hand how Virsec’s technology automatically maps acceptable execution across workloads, without the need for signatures, tuning, or learning to deliver security that is effective and easy to manage, and that simplifies compliance.” — Tony Palmer, Principal Validation Analyst, ESG
“For the past year, SHBC has used the deterministic platform by Virsec to protect more than 100 servers from ransomware, SQL injections, and other threats. When our applications begin to deviate from their intended actions, the Virsec platform immediately detects the change and provides real-time notifications so we can remove the threats. In addition to providing a critical layer of security, the deterministic protection platform also gives our servers more power and helps them run more efficiently. Based on the success of the tool, we hope to add additional servers this year.” — Adnan Masri, IT Manager, SHBC.
“Servers are among the most critical targets for cyberattacks. We have collaborated with Virsec to leverage their runtime protection solutions to add advanced protection capabilities for our customers.” – James M. / Raytheon Intelligence & Space
“There are a set number of conditions or outcomes that can take place when your software runs: sometimes that’s a high number, but it is finite. That means we can always know what the software should do, or what ‘known good’ looks like. Virsec learns what your software should do and knows if your code attempts to do something outside of ‘known good’. When you can map and track your ‘known good’, you are automatically protected and can respond quickly. However, not knowing can allow attacks to persist and the business impact can increase. With Virsec, you always know.” — David Reilly, Former CIO Bank of America, Global Banking and Markets
“All entities (enterprises and commercial software companies) must improve their practices to protect the software supply chain vulnerabilities, and this includes adding deterministic protection to the software itself in runtime across all workloads. I chose the most mature software protection capability available today, Virsec, and the results are impressive.” — Jim Routh, Former CISO/CSO many Fortune 100 companies in Healthcare & Financial Services