//So, what does that protection from inside means, okay, let us understand that.

So, what is the

traditional security tools? How are they positioned? And what is the after effect and how are they trying
to find out the root cause analysis and how was virsec changing the game here.

( So, what does the protection from inside means, okay at ano ang traditional security tools. Kung pano
sila nag reresponce at kung pano ung after effect pag katapos nilang hanapin ang root cause analysis,
and how was the Virsec re-define his approach )

//So, imagine these are your servers, it can be deployed anywhere, it can be on cloud or it can be on
prem it can be hybrid, it can be any anywhere. So, imagine whenever your servers are there, when the
traffic hits the servers, you have a security posture before the traffic hits the server

like: you have firewall you have IPS you have WAF you have EPP, which will hit the traffic

now, these technologies can stop only the known, because these are signature based or these are, or
you can say behavior based or a pattern matching. So, this can easily guess if there is any unknown, so,
this is a before posture of security,

( Let’s imagine eto ung mga servers mo, it can be deployed anywhere, it can be on cloud, on prem,
hybrid. So imagine whenever your servers are there when the traffic hits the servers, you have a security
posture before the traffic hits the server, like katulad ng meron kang FIREWALL, IPS(intrusion prevention
System), you have WAF(Web Application Firewall) and EPP(end point protection) which will hit the
traffic.

Now, etong mga techonoligies na eto can stop only the known, kasi sila are signature based or we can
say behavior base or a pattern matching. So this can easily guess if there is any unknown, so this a
before posture of security

//and another one is after.

So, you have tools like EDR (endpoint detection response), forensics, machine learning, analytics, what
happens is, etong mga tools na to, are good in detection and response

See, I was mentioning about an earlier slide of protection first platform. So we focus more on protecting
rather than detecting and responding and of course, detecting and response will be part of protection
itself, until unless we don't detect we cannot protect.

So, these tools are more reactive or look for clues after the fact after the fact if something happens, they
are good at doing a complete analysis and guess and react to late

so this is before and after.

[CLICK] Now, what you require is today, runtime, okay, runtime means you require protection in
milliseconds.

Whereas these tools will take minutes, hours, days and months to find out an unknown attack, so you
need to have solutions, which can fix it in runtime,

[CLICK]okay, so imagine an unknown file is a fileless or a memory or a zero day attacks, sail through the
target code.

Kung gantong type of threat ung umatake sayo, kayang nilang pumasok sa system mo, why? Kasi etong
mga threats na to, wala silang signatures, or a behavior, and they can even bypass these technology
easily (LEFT SIDE)

And corrupt the code during execution, at kung yung application na on is nag rurun sa server mo, Pwede
itong macorrupt and pwede nila ma take over ung control ng system . And these types of attacks are
sophisticated, that they will not even touch the file system and they will get into a memory they will
take the control of memory and leave no evidence. Okay. So these sort of attacks should detect those
sorts of attacks from getting your application under control from the hackers.

So Virsec, it's inside your server and with a complete application awareness And it protects against any
of the zero day attacks or a fileless attacks with its own patented technology called App map, this is
how was VIRSEC works and it is does not depend upon any signatures or any past precedents, it protects
the servers in runtime in milliseconds. Okay. So this is how VIRSEC delivers its security to the crown
jewels of the organization, that is your servers and applications.

Ganon nag wowork si Virsec, di sia nag dedepends

Injection,Broken Authentication, Cross site scripting

Okay, this is a simple diagram but let me drill down the details. If we look at the typical layers of security
that we have for years, FWs, IPS, WAF, other endpoint solutions, they are all trying to stop the bad stuff
from coming in. But how do we know what the bad stuff is? We don’t. So there’s a certain amount of
guesswork, frankly a lot of guesswork. This means uncertainty! which will either you’re going to block
too much, disrupt the business, false positives, false alerts, and then you scale down security and things
get through. Now, the other side of conventional security is looking for clues – after the fact. There’s a
whole bunch of EDRs, detection & response tools, various forensic tools, machine learning, analytics,
looking for indicators of compromise. Problem with this, is it is after the fact. It is slow. No one is really
watching here, [click] this portion here during runtime. We call it the Black Box. Conventional security
looks for before, and after, but not during. And the threat actors know this, and are targeting your code
as you trigger them. This could be anything from an exchange server to a SCADA system. If you could still
remember the Colonial Pipeline incident recently which shut down a US gas pipeline, it was the
infoserver which was critical in the SCADA process. The problem is, these attacks that we talk about,
[click] fileless, in-memory attack, increasingly get through the perimeter, and they attack code as it
executes – and they don’t leave clues behind, mostly transient in nature. So, this is what we are really up
against in today’s cybersecurity landscape, and we need to re-think, REIMAGINE security. Otherwise,
these same attacks will continue over & over again.
All these FW, IPS, WAF, EDR works with an outside-in approach, looking out for the outside of the
perimeter. The focus was never really to protect the core workloads and critical applications. Whatever
efforts were involved in application protection too, were mostly on the network side.

Due to the lack of focus and this outside-in approach to application security, there always remained gaps
that threat actors could exploit. In addition, accuracy was a big issue with this approach, as these
technologies were all very probabilistic in nature. They heavily relied on past precedence, either the
knowledge of the attack or vulnerability, using some sort of signature updated or behavioral analysis.
Also this approach falls short against Zero-day and advanced attacks like memory buffer overflows.

VIRSEC changes the game completely. VIRSEC provides protection inside-out. [click]VIRSEC protects the
servers, the applications inside the servers, from the inside. This approach provides deep visibility and
application awareness across the enterprise. These servers may be on cloud, on-prem, in a container,
applications can be legacy, common off-the-shelves, or custom, home-grown applications.

[click]

------------

VERSION 2

And you may

be also having a lot of security solutions already. They are designed to do or implemented to do certain
things in your environment like IPS, waf, Antivirus, all these are intended to protect the application. And
these are based on negative security model. That is, they have signatures and they are good at stopping
the known and they only get the unknown right and they do not have visibility into the server as well.
And there are other security solutions who come after the execution, after the runtime and try to do
some assessment of the attack, tried to give you some report on the damage done and how can you
control it rather than stopping from the damage from even happening in the first place. So that is why
we call the workload is a black box with these security solutions around because none of them have
visibility into what is happening inside of the system during runtime. And this deficiency will let
sophisticated attacks to go through. And these sophisticated attacks will also have

the capability to erase all the trails so that your forensic tools will be rendered useless. What's it comes
into play right there during run time, protects the complete stack, protects the operating system, critical
memory allotments, and even your web applications that are running against Web exploits like OS top
ten, much more, because it's really unknown all the zero day attacks without knowing the SQL injection
pattern, we can block the SQL injection from happening. That is why we claim to do a positive security
approach and complete protection against zero day attacks. Because we don't rely on signatures like
these solutions, we rely on something else.