A deeper level of protection with

Zero Trust Runtime Defense

Extending Zero Trust to Application Runtime Environments

Virsec Security Platform (VSP) is your defense-in-depth solution for application and host workloads. VSP extends zero trust to server environments with automated allow-listing of authorized processes, scripts, and libraries to secure applications at runtime.

Expanding Our Understanding of Zero Trust

First and foremost, zero trust is a security model that eliminates implicit trust and uses a “verify first, then allow” stance. Most organizations apply this in cybersecurity to identity and authentication, but stop before their applications because the existing solutions claim "Zero trust" yet don't follow the "verify first, then allow" model for application workloads.

Agencies like the Department of Defense and the Cybersecurity and Infrastructure Security Agency (CISA) have expanded their definition of zero trust to encompass more than identity, authentication, and network traffic.

“Never Trust, Always Verify.

Deny access by default. Every device, user, application/workload, and data flow are authenticated and explicitly authorized using least privilege, multiple attributes, and dynamic cybersecurity policies.”

DoD Zero Trust Reference Architecture - V2 July 2022

Zero Trust “Pillar #4" Application Workload

Applications and workloads include agency systems, computer programs, and services that execute on premise, as well as in a cloud environment. Agencies should secure and manage the application layer as well as containers and provide secure application delivery.

CISA Zero Trust Maturity Model - Pre-decisional Draft June 2021

Foundation of Zero Trust

Foundation of Zero Trust

Defense in Depth -
Zero Trust Protection
for Application Workloads

 Continuous protection of application and host workloads stops cyber criminals and nation-state cyber threats.

Defense in Depth

Virsec’s Benchmark Model

Trust Nothing that isn’t Trusted

Virsec’s unique approach creates a trust-benchmark — a map of known-good application workload behavior, memory processes, files, etc., and leverages this allow-list to ensure that any unexpected processes or workflow activity is stopped in milliseconds. This prevents any modified code, remote code injection or execution, or memory corruption from occurring — effectively eliminating the chance of any zero-day exploits, even in unpatched or legacy environments.

Virsec Map ensures system integrity by scanning all workload executable files without needing access to any source code.

Virsec Map then verifies every executable’s reputation and dependencies, creating a known-good positive security model.


Finally, Virsec Map processes an automated allow-listing, including executable memory mapping to know what’s trusted and what’s not.


Virsec Enforce provides full-time runtime protection of workloads by ensuring only approved and trusted processes, files, scripts, and libraries are used.

Guilty until proven innocent.
Deny all unauthorized code.

Most solutions attempt to stop known bad code and unknown code that looks suspicious, but very few stop everything except what's trusted. Legacy approaches ignore the first principle of zero trust — verify then allow — and open the door to novel malware or zero-days. Virsec, by default, blocks any known OR unknown threat in milliseconds.

Virsec Default=Allow

EDR Default=Allow
Known Good Dependencies
Finite set of tested and verified deployed code
Visibility and Control

Virsec Default=Deny

EDR Default=Deny
Known Bad Attack Behaviors
Large, fast growing set of malicious code that has failed reputation score

Virsec Default=Deny

EDR Default=Allow
Unclassified Dependencies, Scripts, Repositories
Largest and fastest growing set that has not undergone either static or dynamic analysis
Risk and Exposure

Only Virsec can eradicate software threats in real-time before they can cause any harm, making security responses obsolete.

Zero Trust Protection vs. Probabilistic Protection

Some solutions adopt a probabilistic approach to compensate for their lack of visibility against unknown or unclassified threats. By attempting to project or evaluate behavior on the fly, they often rely on prior knowledge or machine logic to make risk assumptions. Ultimately, this approach produces a lot of false positive activity or interferes with workload performance and eventually permits attackers to compromise workloads until their presence is detected.

Virsec Workload Security ties application workload trust to its known-good allow list and instantly and efficiently stops anything out of the ordinary. That’s true zero trust as applied to application workloads.

Virsec Security = Zero Trust"> Virsec Security = Zero Trust

  • Protects full attack surface
  • Only allows correct execution
  • Automated runtime protection
  • Read-only probe
  • Zero attacker dwell time
  • Works with any server

Conventional Security = Probabilistic

  • Relies on prior knowledge
  • High false positive rates
  • Heavy agent required
  • Significant performance impact
  • Too much attacker dwell time

Reducing Panic Patching by Applying Zero Trust Protection to Workloads

Watch this webinar replay to learn what you can do to successfully protect your application workloads (including legacy and unsupported) and reduce panic patching, even with the volume and velocity of security patches you face. 

— David Lee, Director of Infrastructure & IT, Lumicell

"Our critical data application from our human trials runs in Windows OS Server workloads has to be secure to pass compliance audits and our own security commitments to customers. Virsec was deployed to fully protect our environment quickly and now we have automated protection."

Stop Zero-Days. Achieve Zero Dwell Time. Embrace Zero Noise.