What is the challenge with software applications, and how does Vicarius Topia helps?
Most of the security solutions available today work by integrating security features into the software development cycle (SDLC). This essentially means that developers will add plugins to their continuous integration systems (CI/CD) to combat vulnerabilities. However, with hundreds new threats emerging every day, it’s basically impossible for software developers to keep up. As a result, users become easy targets for attackers, with nowhere to turn. Vicarius’s Topia completely removes vendors from the picture by running on client side. With this model, when companies inevitably fail to provide patches to vulnerabilities, users don’t have to wait for them to come up with a solution. Topia knew about the problem, and had solved it before the attack even happened. IT admins around the world use Vicarius for precisely this reason - they’ll never be let down, or compromised again.
Is there a difference in the way you handle open source and proprietary software?
Not really. We look at the software as a sealed black box filled with compiled gibberish - making the difference redundant. Rather than reading code, we focus on immutable artifacts that are already installed and running on client assets. We execute controlled attacks on infected software to understand which sections are being abused. Next, we generate patterns with the results and look for them in applications that haven’t been attacked yet. Subsequently, we rank vulnerabilities in relation to their potential to damage a system, allowing customers to understand the connection between vulnerability and exploitation. For example, if you have a network-related vulnerability on an asset that doesn’t allow network access, it will be given lower prioritization, because it’s relatively harmless. Using Topia, we aim to solve the problem entirely : from prediction, through risk prioritization, and all the way to protection. After detection, the information is made available to the IT admin, who will validate the problem. Our customized insights offer different levels of alerts, depending on the severity of the breach and its likelihood of affecting important assets. The IT administrator can then choose whether to solve the problem independently or use our patching service.
How does Vicarius deal with unknown threats?
We perform static and dynamic analysis on client side binaries, trying to understand what each part of the software aims to do. Then, we run our pattern-searching machine-learning algorithm and see if there is anything that resembles previously detected threats.
How does Vicarius handle false positives?
The system finds vulnerable locations in the software and isolates the processes that run it, as well as the resources it uses. Generally, when a software comes with validated processes and libraries (DLL’s on Windows or SO files Linux) access will be strictly limited unless there’s an unique exception. For instance if you have an Active Directory or an SQL server, and someone is trying to manipulate or abuse one of its modules, most security tools will not respond. In terms of false positives, the software isolation process comes along with best practices of software development, meaning nothing should be compromised.
What can you tell us about Vicarius’s future plans?
We’re currently wrapping up our seed round with approximately $1.5 million in funding. Our next step is to increase the availability of our product by supporting multiple operating systems. We also want to support more programming languages like Java, JS and Python, so we can provide solutions for any kind of software application.