Plugging the gaps
Rahil Ghaffar, Regional Director, MEA at Virsec, on why it is important to detect and stop attacks during runtime
What is Virsec’s approach to cybersecurity?
Virsec has been creating a lot of buzz globally, primarily because of our approach to making cyber threats irrelevant. We make sure we understand the enterprise software running within enterprises at all levels – host, memory, or Web. As a result, we can ensure that existing vulnerabilities – both known and unknown ones – don’t get exploited. This is why customers have started adopting us and realise the legacy approach to cybersecurity isn’t working. They need a solution that can detect and prevent attacks that occur during runtime.
How do you define runtime protection?
Today, if you look at the recent breaches, cybercriminals exploit runtime in the application infrastructure and corrupt legitimate processes. Most of the other cybersecurity tools can’t see threats at this level and protect you from the deep, vulnerable, blind spots in your applications or software. What makes us fundamentally different from others in this space is we look at it in real-time when the application is executing in process memory. We can look at the code execution in memory, control-flow integrity and ensure it does not get detailed. I will give you an example of a large government organisation here. They were dependent on legacy solutions and got breached even after having multiple layers of security. They reached out to us after the attack and wanted a solution to protect against unknown zero-day attacks. Today’s fileless attacks make memory the new battleground, and bad guys are trying to exploit vulnerabilities during runtime. The other security vendors treat this runtime – process memory- as a black box. In our case, due to our patented technology, we can look into memory, focus on what applications should be doing, and catch any deviation to the execution flow of legitimate code in milliseconds.
How does your platform work? Do you deploy agents?
We would like to call them memory sensors, not agents, because it is so lightweight and reside on memory, protecting system software from memory-based, binary attacks. At the same time, it does look at the file system. Our approach is to focus on the good rather than the bad. So the signatures are basically formed within the customer environment and tailor-made for that particular customer. It’s all automated in real-time. This lightweight agent can detect threats in real-time during runtime because we primarily know the application’s DNA and anything outside of it such as files, MSI, libraries, and scripts.
If users have a solution like an XDR, do they still need a platform like Virsec’s?
XDR is definitely good for endpoint protection, but it is not meant for servers. XDR was extended to servers because of the lack of solutions tailor-made for servers – and it can’t protect against memory-level attacks, which happen now and then. However, we can complement XDR and provide front-line protection for mission-critical apps and infrastructure. Even if you don’t have an XDR, the Virsec platform alone is enough server security.
Are you seeing more and more server-side attacks?
There might be more than a million threats being created every day. But most of these are commodity, and what makes news is primarily those few hundreds, which are going undetected. These are primarily fileless attacks that launch malicious code directly from memory and get in without placing any malware on the system. Cybercriminals are spending weeks and months crafting such malicious code and are not going to target endpoints. Instead, they are targeting the crown jewels of the organisation; they use very sophisticated methods to move laterally to infiltrate the most high-value server assets. And this is where you need security the most.