What are you showcasing at GISEC this year?
We are exhibiting our new protection platform. And that is the keyword – it is all about protection. In cybersecurity, what we need more than ever before is protection. We have a lot of detection and a lot of response. But in between these two is the attack. So, we launched a product that we call deterministic protection, which protects applications in runtime.
Why is runtime protection important?
Well, it’s important because no matter how secure you develop software, you always have to move it into production. And the minute you move it into production, it’s vulnerable to unknown attacks. And so we had to come up with something that the industry hasn’t done before – to protect workloads from being attacked while it is running. But to do that, you have to do it a little differently because you can’t analyse its behaviour. You have to know the software’s intention based on how the developer has developed it. And so we created the ability to map software and then fully protect it while it’s running.
Why do you think EDR or EPP is insufficient to protect application workloads?
There’s been an increasing number of reports that EDR and endpoint protection products have inherent limitations. One of the limitations is they can’t protect your environment in real-time. They can only detect threats if it is something they’ve seen before and respond once they see a pattern emerging. But what’s happening in the middle is that attacks are getting through these EPP or EDR products. Sometimes they’re getting through because the products had never seen it before because they’re based on analytics. Or the attacks are getting through because it takes a while for these products to respond. So there’s a gap there. Our deterministic protection that we call DPP is based on the premise that you need to protect your applications or software by detecting anomalous behavior in real-time and then blocking it.
What kind of threat vectors should we watch out for this year?
The number one threat is remote code execution attacks, which is really a fancy word for an attacker to insert malicious code into the software they want to attack. And the problem is these attacks this year are coming in deeper into an area called the memory or the user space in applications. And that, unfortunately, is completely unprotected.
Do you see supply chain attacks as well?
Supply chain attacks and ransomware attacks are probably the top two. As you know, ransomware attacks are skyrocketing and gaining prevalence worldwide. And they are usually remote code execution attacks that weaponises ransomware or supply chain poisoning attacks. The most famous one was, of course, the SolarWinds breach. But if you think about it, any company has hundreds of suppliers, customers, and relationships. If you look at how vulnerable the interaction is between their own systems and the software of all their suppliers. It’s a very challenging place.
Are you leveraging AI and ML?
In our portfolio of products, the core of our technology is called determinism. It’s a departure from artificial intelligence and analytics because analytics might probably protect you. That’s why you hear the word probabilistic. Deterministic is determining if you’re being attacked and then protecting you. So it is a stronger approach.
Discussion about this post