Professional Documents
Culture Documents
( So, what does the protection from inside means, okay at ano ang traditional security tools. Kung pano
sila nag reresponce at kung pano ung after effect pag katapos nilang hanapin ang root cause analysis,
and how was the Virsec re-define his approach )
//So, imagine these are your servers, it can be deployed anywhere, it can be on cloud or it can be on
prem it can be hybrid, it can be any anywhere. So, imagine whenever your servers are there, when the
traffic hits the servers, you have a security posture before the traffic hits the server
like: you have firewall you have IPS you have WAF you have EPP, which will hit the traffic
now, these technologies can stop only the known, because these are signature based or these are, or
you can say behavior based or a pattern matching. So, this can easily guess if there is any unknown, so,
this is a before posture of security,
( Let’s imagine eto ung mga servers mo, it can be deployed anywhere, it can be on cloud, on prem,
hybrid. So imagine whenever your servers are there when the traffic hits the servers, you have a security
posture before the traffic hits the server, like katulad ng meron kang FIREWALL, IPS(intrusion prevention
System), you have WAF(Web Application Firewall) and EPP(end point protection) which will hit the
traffic.
Now, etong mga techonoligies na eto can stop only the known, kasi sila are signature based or we can
say behavior base or a pattern matching. So this can easily guess if there is any unknown, so this a
before posture of security
So, you have tools like EDR (endpoint detection response), forensics, machine learning, analytics, what
happens is, etong mga tools na to, are good in detection and response
See, I was mentioning about an earlier slide of protection first platform. So we focus more on protecting
rather than detecting and responding and of course, detecting and response will be part of protection
itself, until unless we don't detect we cannot protect.
So, these tools are more reactive or look for clues after the fact after the fact if something happens, they
are good at doing a complete analysis and guess and react to late
Whereas these tools will take minutes, hours, days and months to find out an unknown attack, so you
need to have solutions, which can fix it in runtime,
[CLICK]okay, so imagine an unknown file is a fileless or a memory or a zero day attacks, sail through the
target code.
Kung gantong type of threat ung umatake sayo, kayang nilang pumasok sa system mo, why? Kasi etong
mga threats na to, wala silang signatures, or a behavior, and they can even bypass these technology
easily (LEFT SIDE)
And corrupt the code during execution, at kung yung application na on is nag rurun sa server mo, Pwede
itong macorrupt and pwede nila ma take over ung control ng system . And these types of attacks are
sophisticated, that they will not even touch the file system and they will get into a memory they will
take the control of memory and leave no evidence. Okay. So these sort of attacks should detect those
sorts of attacks from getting your application under control from the hackers.
So Virsec, it's inside your server and with a complete application awareness And it protects against any
of the zero day attacks or a fileless attacks with its own patented technology called App map, this is
how was VIRSEC works and it is does not depend upon any signatures or any past precedents, it protects
the servers in runtime in milliseconds. Okay. So this is how VIRSEC delivers its security to the crown
jewels of the organization, that is your servers and applications.
Due to the lack of focus and this outside-in approach to application security, there always remained gaps
that threat actors could exploit. In addition, accuracy was a big issue with this approach, as these
technologies were all very probabilistic in nature. They heavily relied on past precedence, either the
knowledge of the attack or vulnerability, using some sort of signature updated or behavioral analysis.
Also this approach falls short against Zero-day and advanced attacks like memory buffer overflows.
VIRSEC changes the game completely. VIRSEC provides protection inside-out. [click]VIRSEC protects the
servers, the applications inside the servers, from the inside. This approach provides deep visibility and
application awareness across the enterprise. These servers may be on cloud, on-prem, in a container,
applications can be legacy, common off-the-shelves, or custom, home-grown applications.
[click]
------------
VERSION 2
be also having a lot of security solutions already. They are designed to do or implemented to do certain
things in your environment like IPS, waf, Antivirus, all these are intended to protect the application. And
these are based on negative security model. That is, they have signatures and they are good at stopping
the known and they only get the unknown right and they do not have visibility into the server as well.
And there are other security solutions who come after the execution, after the runtime and try to do
some assessment of the attack, tried to give you some report on the damage done and how can you
control it rather than stopping from the damage from even happening in the first place. So that is why
we call the workload is a black box with these security solutions around because none of them have
visibility into what is happening inside of the system during runtime. And this deficiency will let
sophisticated attacks to go through. And these sophisticated attacks will also have
the capability to erase all the trails so that your forensic tools will be rendered useless. What's it comes
into play right there during run time, protects the complete stack, protects the operating system, critical
memory allotments, and even your web applications that are running against Web exploits like OS top
ten, much more, because it's really unknown all the zero day attacks without knowing the SQL injection
pattern, we can block the SQL injection from happening. That is why we claim to do a positive security
approach and complete protection against zero day attacks. Because we don't rely on signatures like
these solutions, we rely on something else.