Virsec debuts application memory firewall to stop fileless attacks

Virsec, a cybersecurity company delivering a radically new approach to stopping advanced attacks, announced the launch and availability of its new Application Memory Firewall at RSA Conference.

This advanced memory protection solution is the first product to detect deviations in application execution caused by memory-based attacks and take immediate action to stop applications from being corrupted or hijacked, without requiring code changes, patches or signature updates.

“Memory is the new battleground for cyberattacks, yet typical security tools have little visibility into memory usage during runtime,” said L. Barry Lyons IV, director of risk consulting at KPMG Cyber Security Services. “By focusing on actual application execution, Virsec is able to detect and stop attacks that previously seemed indefensible.”

Process memory is dynamic and transient, and cyber attackers are exploiting this with advanced techniques including fileless malware, memory corruption, and code insertion. These techniques bypass conventional security, can only be identified during runtime, and don’t leave evidence behind after execution.

Advanced memory hacking tools like EternalBlue and DoublePulsar are now widely available, frequently modified to avoid detection and have resulted in massive attacks like WannaCry, NotPetya, Industroyer, BlackEnergy, Triton and others, causing billions in losses and global disruption.

“Very few security practitioners understand how process memory works, and even fewer security tools operate at the memory level,” said Satya Gupta, founder and CTO of Virsec. “Rather than endlessly chasing external threats, Virsec focuses on what applications should be doing, and how they are actually executing during runtime, down to the memory level.”

Virsec delivers memory protection

The Virsec Application Memory Firewall delivers a comprehensive set of memory protection capabilities that secure the critical juncture between applications and process memory.

Virsec effectively detects and stops advanced fileless and zero-day techniques including buffer overflow attacks, stack smashing, DLL injections, return-oriented programming (ROP) and ROP gadgets, side channel attacks and corruption of configuration data.

Virsec’s patented technology automatically maps the legitimate execution of an application. If there is any deviation during execution, this is a positive sign of compromise, and the Application Memory Firewall stops the exploit within microseconds.

Virsec effectively guardrails applications to keep them on track during runtime, delivering results that are far more effective and accurate than existing security tools.