An interview with Satya Gupta, Co-founder and Chief Technology Officer, Virsec.
A new application can provide a pathway to innovation. It also can provide a doorway for malicious actors.
Despite an abundance of mandates and advisories, government agencies often struggle to accurately identify and protect against security vulnerabilities and attacks in the applications they develop and use.
And the task is getting even tougher. Increasingly, attacks are likely to carry out their malicious missions deep in memory where conventional security solutions do not have any visibility.
With traditional tools, designed to address known threats, the IT team ends up detecting new threats only once the damage is done, then racing to limit the fallout. It’s like playing a high-stakes game of whack-a-mole.
“Pre-execution security controls (like IPS, NGF, WAF, etc.) try to predict what will happen in the future, and post-execution security controls (like EDR) function in response mode,” said Satya Gupta, co-founder and Chief Technology Officer at Virsec.
“Those don’t work as well anymore, because an attacker who has gained control can subvert the techniques used by pre- and post-execution security controls. These solutions are therefore at the attacker’s mercy.”
Solution: A Deterministic Approach
The only way to get out of playing whack-a-mole is to take a deterministic approach. This innovative approach sets aside all the uncertainty around what threat actors might or might not do, and instead focuses on the one thing that is known for sure: how an application will execute.
That one bit of knowledge is powerful, said Gupta. If you know how an application should execute, then you have a baseline for monitoring that application and detecting and blocking any deviation within milliseconds. This makes a deterministic approach especially adept at preventing previously unknown threats.
Deterministic protection can deliver zero-trust security in applications and ensure the application executes exactly how the application provider intended — and not how the attacker intended for the application to execute.
The SolarWinds attack is a good example. The attack worked by tricking the software into reaching out to the web to download malicious code — which the software was not designed to do. While EDR tools were able to detect and stop subsequent attacks by relying on indicators of compromise, a deterministic detection platform could have stopped the attacker and prevented them from downloading malware in the first place.
That attack has been just one of many that have shown the limitations of traditional approaches to cybersecurity, which is why innovation is a must, Gupta said.
“Agencies cannot continue the way we have been working for the past 30 years,” he said. “We need a fundamental shift in the way we are approaching these problems if we are ever going to get ahead of them.”
Virsec’s Application Security Platform protects the entire server workload — custom, off-the-shelf, legacy and more — on all platforms. It protects across all layers (web, memory, process and hosts), from development through operations.
To read more about deterministic protection, check out this recent report.