FeatureThe world runs on software, and with the onslaught of damaging attacks to it, the world is also in a cyber crisis. Clearly, cyber security products are not working well enough.
Traditional and legacy security solutions are simply not enough to protect organisations from the extremely advanced attacks we are seeing today. The future of cybersecurity resilience for all enterprises includes fully protecting software.
“We call it, Cybersecurity 3.0. So, Cybersecurity 1.0 was the firewall, which started in the 90s. Then Cybersecurity 2.0 came, and it was all about AI, machine language, learning patterns and more probabilistic. It started around four or five years back, as was very probabilistic. We said, if the cybersecurity companies in the world right now are doing their job, you will not see attacks like supply chain attacks,” explains Bobby Gupta, Senior Vice President, International and Corporate Development, Virsec.
Cyber security 3.0, is therefore an integrated approach, which fully protects from the inside and is deterministic.
“If you look at hackers, they are very smart, and are two years ahead of anyone else. If I am hacker, I can go into the source code and the applications,” adds Gupta.
Using the example of Google Maps, if you want to go from point A to point B on Google Maps, and you take a small path deviation, the map puts you back on the right track. In a similar way, the way source code of software has been written, if a hacker is trying to tweak the source code, Virsec can figure it out in milliseconds and protect it.
It is near impossible to keep up with repeated patching schedules, especially with Zero Day and Minus Today attacks, where the patches do not even exist. Another problem is the lag in response time, since perimeter defences are permeable. Gupta points out, “We are deterministic and not probabilistic. We stop attacks in milliseconds at the source code.”
How it works
Virsec Security Platform stops sophisticated attacks at the first point of insurgence, so an adversary does not have the dwell time in software to orchestrate and execute their malicious plans. Virsec eradicates threats to software workload at runtime, in real-time, while reducing the cost of security operations. Virsec protects software as it is executing.
With more than 50 patents, Virsec provides application-aware workload protection platform that incorporates system integrity assurance, application control and memory protection into a single solution. Virsec delivers visibility across the entire workload and detects, and blocks known and unknown threats that remain concealed by endpoint security solutions.
The Virsec solution maps the expected performance of each application on a workload and protects the memory those applications use to execute. Virsec ensures that the components of those applications are correct and unmodified before they are allowed to execute, and any deviation from the norm is treated as a threat. Virsec protects software in the workload in an automated and enterprise-friendly way.
A primary problem for large enterprises is – no single vendor is giving them the complete one stop shop, one suite – who can do the web production, the memory and the application production. Normally, most large enterprises typically have 20-25 products, doing the endpoint detection response and other solutions.
But no single vendor is giving them the full protection at the application level, according to Gupta. Another benefit is the savings from the cost of people you need to add at the SecOps level. By utilising Virsec, enterprises do not need all those tools and resources.
What Virsec provides is protection as well as 83% reduction in the Opex model. It is a quick way to protect against full stack, and you need fewer human resources to manage the cyber security infrastructure. “At the end people see our value, because there is a huge gap at the level of memory protection, which we fulfil,” continues Gupta.
Channel goto market
Virsec protects any container, any workload, and provides runtime, application aware protection. Virsec provides server, workload, container protection, whether it is on premises or in cloud data.
“We fully protect the applications from any environment and focus on large enterprises,” says Gupta. A lot of Virsec’s traction in the US, Middle East, India, Australia, is in the government sector, military, and critical infrastructure. Virsec stops and protects attacks happening at critical infrastructure, government, banking, and oil and gas.
Virsec has been operating in the Middle East for the last two years and many of its contracts have been from the regional defense industry. Virsec’s first contract when it entered the region was through global aerospace player Raytheon, and was in Jordan. Raytheon remains a key regional and global partner in Virsec’s goto market.
“Raytheon is a global defence supplier, and we work with them in US and in other markets,” explains Gupta.
Virsec has 50+ patents globally and on the basis of that players like Raytheon have formed partnerships, because they could see real value in that. And depending on this value, investors such as John Chambers have also said, “Yes, I can bank on this one.”
Other than Raytheon, and other global players like Tech Mahindra and Lockheed Martin, Virsec also has value added cybersecurity channel partners including FVC, Catalyst, Paramount and Manai.
“Our biggest asset is local channel partnerships,” says Gupta. “We will be announcing partnerships with more channel partners in the region.” Across the Middle East, UAE, Saudi Arabia and Qatar are the primary markets for Virsec. Through its channel partners, Virsec has a customer in every vertical.
Telecom players and MSSPs
Inside the US, Virsec has good traction with large enterprises, especially government and banking. Outside the US, Virsec is seeing demand from telecom service providers, managed security service providers, and datacentres with security operation centres. Every global systems integrator has a security operations centre and are trying to build their managed security services.
“Datacentres and telecom service providers need someone like Virsec to fulfil the gap. We are also seeing a big uptake of managed security services. The fastest growing business model for us is the managed services model,” says Gupta. Virsec is engaging with large telecom service providers in the APAC region, including Australia, Singapore, and Japan. “It is a quick run rate and they bring partners on board, they see value, and that is a great model.”
Partners like FVC and Catalyst come into the picture because they have their own installed base as well. Virsec also has a strong partner training programme and supports the initial end customer installations.
In July this year, Virsec received $100 million Series-C investment. Virsec’s Series C investors range from the former Chairman and CEO of Cisco, John Chambers, to the former Chairman and CEO of EMC, Mike Ruettgers, to a number of former high-ranking government and intelligence officials. The completion of the round brings total funding in the company to $137 million.
Virsec has a global advisory board and regional advisory board, with regional directors for every region. John Chambers is a key investor and advisor to the Virsec Board.
As we move into the post pandemic recovery phase, both enterprises and global security vendor Virsec will be repositioning themselves to take advantage of a transformed approach to global and regional business dynamics.
By monitoring and protecting how application workloads are executed in-memory, Virsec has established for itself a unique position in the cyber security solutions space.
