First Platform to Integrate Advanced Runtime Security Controls into the CI/CD Pipeline
SAN JOSE, CA, FEBRUARY 20, 2020 -- Virsec, a cybersecurity company delivering a radically new approach to protect applications against advanced attacks, today announced it has extended its award-winning Virsec Security Platform with integrated attack simulation, automated vulnerability detection, and continuous security monitoring during application runtime.
The new solution will be demonstrated at the RSA Security Conference 2020, in the Virsec booth, Moscone South #1653, February 24-27, in San Francisco.
Developers are constantly challenged by an explosion of vulnerabilities in complex code stacks, third-party tools and libraries. In January 2020, over 700 new vulnerabilities per day were reported in open source and COTS applications into the US-CERT National Vulnerability Database.
“We’re seeing a tsunami of vulnerabilities and businesses that rely on conventional scanning, penetration testing and patching simply can’t keep up,” said Atiq Raza, CEO of Virsec. “You can’t expect developers to deliver perfect code and need assurance that compensating security controls are always protecting your applications from any vulnerabilities - known or unknown.”
Virsec is the first security vendor to combine advanced CI/CD application testing with continuous monitoring during runtime, delivering unprecedented accuracy, time savings, and real-world attack prevention. Built on the world’s most advanced application security platform, Virsec has integrated automated attack simulation, intelligent fuzzing, and context-sensitive instrumentation to deliver a new level of end-to-end security at all stages of the SLDC. This extends the capabilities of the Virsec Security Platform which instantly detects when developer code is subverted by attacker code. Virsec proactively stops malicious code from executing within an application, without relying on exploit signatures, heuristics or behavioral rules.
“The new security model is to shift left – embedding security in the software development process, but conventional testing tools are far too slow and tedious, and lack a feedback loop from real-world threats,” said Satya Gupta, founder and CTO of Virsec. “We’re changing the game by putting comprehensive security controls in the hands of developers, while using the same platform to protect applications continuously during runtime.”
The new Virsec solution combines these key components:
- Web Attack Simulation
Launches specialized payloads that map to CAPEC standards. These are combined with multiple obfuscation techniques to test applications against the widest range of simulated attacks.
- Intelligent Fuzzing
Automatically injects thousands of combinations of URLs, parameters, obfuscation techniques, and OWASP threats, stress testing every user input of the HTTP packet.
- Application Runtime Protection
Embedded runtime instrumentation instantly detects if an application is generating attacker-influenced code for execution by downstream interpreters.
- Compensating Controls During Runtime
Virsec is the first solution to apply the same advanced attack detection during testing, and production. This continuous monitoring effectively delivers compensating controls for zero-day vulnerabilities that cannot be remediated before code is released.
Based in San Jose, California, Virsec was founded on the belief that a new approach is required to counter today’s advanced threats. The company is led by industry veterans who have driven one of the world’s top processor teams, and created innovative technology in network security, embedded systems and real-time memory systems. The team has broad leadership experience at companies including AMD, Cisco, Palo Alto Networks, Juniper, Dell, NextGen, BMC Software, and ForcePoint, as well as long list of high-growth startups. More information and demos are available at www.virsec.com.