After dwelling largely in the shadows for the past six years, cybersecurity startup Virsec Systems Inc. is now waving a flag on its claim that it has developed a radical new approach to protection that can make most other unnecessary security products.
Led by a team of cybersecurity veterans, the company says it can detect attacks by understanding the intended behavior of software and identifying and blocking irregularities in milliseconds.
The company has been granted 45 patents, filed dozens more, and has a large base of first-class enterprise-class customers in the government, military, insurance, telecommunications, and healthcare industries. Its board of directors includes the former chairman of EMC Corp. Mike Ruettgers, former Cisco Systems Inc. CEO John Chambers and former CIA Director George Tenet.
CEO Dave Furneaux, whose more than 140 venture capital investments have focused heavily on the cyber domain, said the industry is stuck in a response and recovery cycle that fails to stop the growing firefight from cyberattacks. . “It’s madness to expect us to keep doing things the same way,” he said. “The attacks always pass. Even if a vulnerability is known, there is a deadline to fix it, the work is manual and it is difficult to hire staff.
Virsec solves the problem by embedding a read-only application called AppMap into memory to provide what it calls deterministic protection. The software analyzes the running code to find out what permutations the software can invoke, then monitors the entire working stack to detect deviations from expected results and stop them instantly.
“We don’t touch the software, but we map at a very low level to understand its behavior,” Furneaux said, likening the process to that of a GPS navigation system that understands a map and can navigate from point to point. another.
Do no harm
“This is a safe implementation that does not affect performance,” said David Reilly, former chief information officer of Bank Of America Corp’s global banking and markets division. and advisor to the company. “It works in static or dynamic environments. Mapping is so fast that it can handle containers, cloud-native environments, isolated servers, and data centers. »
The company claims its software can stop 100% of attacks, including zero-day or previously unknown exploits, ransomware, malware, and vulnerability exploits like the catastrophic Log4j exploit without patching. In a test with the US Department of Defense involving 218 ethical hackers and 14,300 hacking attempts, the DOD said Virsec was “the first security platform ever tested with perfect results,” according to the company.
“We’ve done red team testing with each of our production customers and they haven’t come under attack,” Furneaux said. “We don’t care if it’s a known or unknown vulnerability; we will protect you.
The end of alerts
Virsec claims its software can fix 95% of the 25 most dangerous weaknesses identified by The MITER Corp. The 5% it can’t outmaneuver relates to missing permissions, incorrect permissions, and authentication errors. Virsec is upfront about what it can’t stop, including account hijacking, misconfigurations, and network attacks such as distributed denial of service.
While the company’s approach won’t eliminate the need for other security tools, it can significantly reduce the number of discrete products needed in the security operations center and virtually eliminate alerts and responses, according to Furneaux. . “We’re not trying to tell the world that you don’t have to use conventional protections, but businesses that trust our approach can reduce the need for tools and people,” he said. declared.
Virsec spent $35 million to develop its core protection engine and install initial customer installations. It raised $100 million last summer to bring its total funding to $137 million. “We are very well capitalized and growing extremely fast,” Furneaux said.