Next-Gen Cyber Security: Out-of-the-Box Thinking

Imperative
Last week at Structure Security 2016, I heard a lot of speakers, including
keynoter Art Coviello, bemoan the worsening state of cyber security and
exhort continued innovation from vendors, especially out-of-the-box thinking
that can spawn companies that dont necessarily conform to todays existing
categories. We consider ourselves to be exactly that type of company, a
company that spans several categories of existing products to better answer
a contemporary security problem holistically much better than anything
available today.
One of the basic pitfalls in how risk is assessed and security solutions
implemented is that the various sources where attacks can come from are
viewed in silos and solutions are only developed for that particular attack
vector, as splintered as it may be for the comprehensive problem. There are
usually separate approaches and teams assessing and remediating the
network, OS, web server, database, middleware and application, essentially
identifying and taking action to protect their tiny slice of the cyber attack
problem space.
Taking the application vector into account for example. We know from postmortem studies of data breaches that Gartner has conducted that
Application Security and Instances (meaning virtualized OS images) are the
key threat areas to breaches. How do enterprises protect business-critical
applications today? Is it sufficient? In development, youre likely to see
vulnerability scanning and testing tools feeding an SDLC process. That
covers finding only the known attack types for interpreted code attacks (also
known as OWASP Top Ten). Then you may have a WAF in front of an N-Tier
Web Application looking at packets destined to one or many servers running
the applications key processes. That re-enforces what the SDLC process may
not have caught and adds other areas of probable protection, such as DDoS
security. Lastly, you have many organizations deploying data center endpoint
technologies on these servers, such as Trend Micros Deep Security product
or Symantecs Data Center Security. These focus on file-based attacks on
disk or being opened for execution of the type seen on end user endpoints.
Even with all of this patchwork of technology, whats surprising is none of it
catches the types of attacks Microsoft says are the most predominant
malware growth area for Windows, ROP chain attacks. These happen in
memory and bypass any file-based approaches of enforcement since they
are executed on legitimate applications that are allowed. Even app control/

whitelisting solutions cant stop these attacks. These are the types of attacks
we see sophisticated cyber crime and nation-state actors use, and these are
the ones that are growing most exponentially and hard to track.
So back to the application vulnerability and security problem. In todays
world of over 50 security products deployed in an average enterprise, we
knew that the bar had to be very high to become an accepted solution today.
We could have solved just the ROP chain/buffer overflow detection problem
and continued the patchwork of solutions that are necessary but not
sufficient for a true solution. But instead weve really looked at virtually
every vector of attack on an application and have taken a full-stack
protection approach to apps. We approached the problem with that outsidethe-box thinking that Art Coviello mentioned in his talk.
We analyzed a comprehensive set of attack vectors on applications, boiled
them down to 3 basic types that cover everything (interestingly enough, at
Structure Security Stuart McClure, CEO of Cylance alsotalked about his
view that all malware exploits boil down to 3 types of problems) and brought
some solutions thinking used in embedded system problems to come up with
an answer. The result was a new approach we call Trusted Execution, a
method of focusing on the known good system execution rather than
known bad signs of malicious activity. A positive security model enabled at
the process execution level as opposed to at the file level (app control) or inline packet filtering level.
Continuously chasing and patching all the open holes in apps has turned out
to be a game of cat and mouse. A million malware signatures would have to
be developed for a long list of applications running in a complex network or
cloud environment, but there are only a few good paths an application is
designed to take and that reduces the problem space considerably. This
provides an enormous opportunity for a leap in precision and efficacy.
Efficacy in security ultimately comes down to the level of context, granularity
and precision one can have. Were proud to have a near 100% accurate
solution today that generates no false positives on 3 of the biggest attack
categories an application can see: buffer errors, SQLi and XSS.
Taking it back to the patchwork of technologies that exist today, but miss the
main source of application attacks today. With our intention to cover nearly
all of the security enforceable areas of interpreted code (browser-based)
attacks on Web Apps, and the ability to protect at binary levels with Trusted
Execution, we intend to obviate the need for several classes of products in
multiple categories when it comes to Application and Server Endpoint
Protection. These include, low detection and efficacy rate vulnerability

scanning products (which provide a poor foundation for SDLC and security),
slow learning WAF solutions that cannot adapt to agile environments, and
endpoint security solutions that have less relevance on data center server
endpoints than end user machines.
Thats our big challenge and already were racking up the successes to prove
that we can do it. There are many reasons to look at Virsecs ARMAS solution,
but if saving money and getting better security are a main motivation point
for you, we invite you to contact us and start your journey with us today.