<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1462084720533760&amp;ev=PageView&amp;noscript=1">
Read our latest blog post to learn how Virsec protects legacy workloads like Windows Server 2012 when support ends.

How It Works

Stop Threats Instantly at Runtime.

Proactively protect your enterprise: stop attacks in milliseconds, eliminate dwell time and prevent exploitation that leads to lateral movement.

Virsec-Homepage-Zero Day-Icon@2x

Eliminate
Zero-Day Threats

Protect workloads from zero-days and other unknown attacks.
Virsec-Homepage-Zero Dwell Time-Icon@2x

Take Attacker Dwell Time to Zero

Put an end to long-term data damage and loss.
Virsec-Homepage-Zero Noise-Icon@2x

Embrace
Zero Noise

Give your analysts low false positives, high accuracy

Zero-Trust Protection for Application Workloads

Today's endpoint detection and response security technology still relies on pattern patching or behavioral analysis of known vulnerabilities.

Organizations need protection that delivers a proactive security posture—a true zero trust workload solution that verifies first, then allows—that doesn't rely on pattern matching. They need a solution that prevents dwell time and can protect legacy and current workloads.

Virsec's approach to securing workloads protects against attacks — from the everyday to the most sophisticated targeted ones.

Virsec Enables Critical Use Cases 

  • Script-based attack prevention
  • Living-off-the-land attack prevention
  • Protection against defense evasion techniques
  • Critical data collection
  • Lateral movement prevention
  • Protection against persistence
  • Remote-code execution

How Virsec strengthens your security posture:

  • Continuous runtime protection. Protect workloads from the inside.
  • Stop known and unknown attacks instantly — including web, file, and memory based attacks.
  • Take dwell-time down to near zero and streamline your security stack.

The Virsec Playbook

Virsec Map and Virsec Enforce provide provenance, integrity, and authority of the software bill of materials (SBOM) assets such as files, scripts, and libraries at runtime for application workloads. With patented technology, Virsec allows only authorized files and scripts to execute, any deviations are treated as malicious behavior and are safeguarded against by zero trust execution.
Virsec-Slider-Discover@2x
Discover
Virsec Map ensures system integrity by scanning all workload executable files without needing access to any source code.
Virsec-Slider-Analyze@2x
Analyze
Virsec Map then verifies every executable’s reputation and dependencies, creating a known-good positive security model.
Virsec-Slider-Map@2x
Map
Finally, Virsec Map processed an automated allow-listing, including executable memory mapping. Know what’s trusted and what’s not.
Virsec-Slider-Enforce@2x
Enforce
Virsec Enforce provides full-time runtime protection of workloads by ensuring only approved and trusted processes, files, scripts, and libraries are used.

System Integrity and Runtime Protection with Virsec's Capabilities

Deliver zero trust execution and extend existing security controls to enable application workload self-protection, providing both provenance and integrity of authorized files, scripts, and libraries. Virsec's Security Platform (VSP) reduces the attack surface and enforces a zero-trust model that ensures workloads cannot be compromised during runtime and that only safe and trusted software can perform their intended functions free from manipulation.

VSP consists of the Central Management Systems (CMS) and a software probe with different capabilities:

Executable Allow Listing

Virsec’s Executable Allow Listing defines all the processes and associated libraries allowed to execute.
  • Trustworthiness is established by verifying a workload is untouched based on trusted publishers and reputation based on our reputation database
  • Establish and enforce system-wide allow-listing for processes, libraries, and scripts based on trustworthiness
  • Monitor deviations in run-time and mitigate any instance of execution executables that have been added or modified
Virsec-How it Works-Executable Allow Listing
Virsec-How it Works-File Integrity Assurance

File Integrity Assurance

Virsec’s File Integrity Assurance monitors application and system-critical folders for malicious changes and aids in detecting and stopping ransomware attacks.
  • Monitors critical application folders for the creation, modification, permission change, and deletion of files in the monitored regions of the file system
  • Reports any changes in access privileges and file ownership in the monitored folders
  • Supports explicit inclusion and exclusion of specified file extensions (like .tmp, .log) and folders within the monitored folders of the file system

Application Control Policy

While Executable Allow Listing and File Integrity Assurance capabilities of VSP ensure only the processes and libraries that are pristine, trusted, and safe can run on the application workloads, Application Control Policies ensure that malicious actors cannot leverage advanced defense evasion techniques to compromise a workload.
Virsec’s Application Control Policies
  • Enforce dynamic execution control on allow-listed processes to stop living-off-the-land attacks.
  • Block malicious activities from the otherwise trusted operating system-related process. 
  • Enforce parent-child process controls to stop RCE and lateral movement.
  • Add additional runtime controls to allow/disallow binary applications to spawn child processes within the scope of the binary application.
  • Enforce additional access controls on binaries via allow or deny list for processes so that either only a certain set of users are allowed to run a defined set of applications, or a specific set of users are always denied running a defined set of applications.
  • Enforce specific command-line arguments and flags are allowed, or some risky command-line arguments and flags are denied during the execution of a defined set of binaries
  • Block binary applications from running under all circumstances, even if they are generally trusted
Virsec-How it Works-Application Control Policy
Virsec-How it Works-Memory Exploit Protection

Memory Exploit Protection

Virsec Memory Exploit Protection stops attempts to inject and run malicious code from memory by targeting trusted processes.
Virsec Stops:
  • Process injection techniques including, but not limited to, Code Injection, Process Hollowing, and Process Doppelgänging.
  • OS credential dumping from the memory of key processes like LSASS (Local Security Authority Subsystem Service).
  • Privilege escalation attacks like and in-memory attacks.
Exploit techniques are detected and stopped in real time without the need for any signature, learning, or customization.

Memory Exploit Protection provides protection covers major Windows and Linux exploits or vulnerabilities:
For Windows:
  • Reflective DLL (Dynamic Link Library) Injection (Reported as Process Injection Incident)
  • Process Hollowing
  • PE (Portable Executable) Injection (Reported as Process Injection Incident)
  • Process Doppelgänging
  • PowerShell Exploit (Reported as Process Injection Incident)
  • Atom Bombing
  • Thread Local Storage (Reported as Process Hollowing Incident)
  • Thread Execution Hijack
  • Credential API (Application Programming Interface) Hooking
For Linux: 
  • DirtyCoW (Copy on Write)
  • tmp-fs exploit
  • DirtyPipe

Buffer Overflow Protection

Virsec Buffer Overflow Protection ensures application control flow integrity by uniquely distinguishing trusted execution flow, control data, and user data from malicious events during runtime without dependencies on access to source code.
  • Detects memory-based attacks such as buffer overflows, return-oriented programming, and other blind attack schemes on program flow, memory stack, and return addresses.
  • Protects runtime execution of pre-compiled applications by automatically extracting the control flow for every executable, and enforces any deviation during runtime.
Virsec-How it Works-Buffer Overflow Protection
Virsec-How it Works-Web Protection

Web Protection

Virsec Web Protection monitors user-provided inputs, the execution of inputs, and the application response with complex HTTP filtering, interpreter syntax mapping, and strict runtime controls to detect and prevent attacker-provided inputs to a web application.
  • Provides Web Application & API Protection for attacks coming via http/https channels.
  • Detects OWASP Top 10 Attacks on protected web applications using deep instrumentation of applications frameworks and/or web servers.
  • Blocks Web-based attacks by examining the HTTP payloads and resulting transactions in the application.

Even when software vulnerabilities exist, Virsec protects server workloads from breaches by cyberattacks that bypass other security tools.

Experience continuous integrity and reliability in your application workloads.

© Copyright 2023 Virsec                                                                                                                                                                                                                      Terms & Conditions | Privacy Policy

© Copyright 2023 Virsec                                                                                                                                                                                                                      Terms & Conditions | Privacy Policy