Thwarts Fileless Microcode-Level Exploits Such as Spectre and Meltdown, Detecting and Protecting Against Security Gaps Arising from Speculative Execution Techniques
SAN FRANCISCO, April 23, 2018 (GLOBE NEWSWIRE) -- Virsec, a cybersecurity company delivering a radically new approach to protect against advanced attacks, today announced that its Trusted Execution™ Solution has been named the first of “20 Hot New Security Products Announced at RSA 2018” by CRN, the leading source of IT channel news, trends, analysis and best practices. Virsec premiered the extension of its Trusted Execution cybersecurity platform to protect applications from the processor-level vulnerabilities exposed by Spectre and Meltdown at the RSA Conference 2018.
At the conference, Virsec interactively demonstrates both how the Spectre vulnerability extracts showed attendees’ data from cache in real-time, and how Trusted Execution protects applications against microcode attacks such as Spectre and Meltdown – without requiring changes to application code, operating system patches, or microcode updates.
Unlike recently announced patches that effectively turn off speculative execution, Virsec Trusted Execution does not incur significant performance degradation. It also does not require recompiling of application source code, which is infeasible for most organizations with complex production software stacks.
Atiq Raza, CEO of Virsec, said, “We are deeply honored to be named by CRN as a Hot Product for RSA 2018, and we also thank the many researchers involved in the discovery of Spectre and Meltdown, whose work and input have been invaluable both to security-minded organizations everywhere, and to Virsec in containing these vulnerabilities. Up to this point, the solutions offered by chip and OS vendors have required unacceptable tradeoffs, which have left most customers deeply worried.”
The Spectre and Meltdown vulnerabilities, which became known in early 2018, exploit security gaps in the World’s most widely used processors from Intel, AMD and ARM, and specifically their “speculative execution” performance enhancing technique, which reduces processor delays by conditionally executing on application code. Spectre and Meltdown take advantages of security shortcuts which arise from speculative execution techniques and subvert isolation between security domains and can expose sensitive information via side-channel attacks. Virsec’s platform detects vulnerable code and proactively fences instructions to prevent side-channel exposure caused by speculative execution, protecting the code as-is, without re-writes and with no-to-negligible impact on performance.
“Cybercrime is the top concern of law enforcement in Australia, where 65 percent of organizations have been attacked in 2017,” said Bobby Gupta, Managing Director of Asia Pacific & MEA for Virsec. “Attacks on Australian critical infrastructure have increased seven-fold in the last two years, and security vendors and law enforcement are struggling to keep up. Virsec is delivering effective solutions today to protect against today’s most sophisticated attacks like Spectre and Meltdown.”
Based in San Jose, California, Virsec was founded on the belief that a new model is required to counter today’s advanced cyber threats. The company is led by industry veterans who have driven one of the world’s top processor teams, and created innovative technology in network security, embedded systems and real-time memory systems. The team has broad leadership experience at companies including AMD, Cisco, Palo Alto Networks, Juniper, Dell, NextGen, BMC Software, ForcePoint, as well a long list of high-growth start-ups. More information and demos are available at www.virsec.com.
Madison Alexander PR, Inc.
Office +1 714-832-8716
Mobile +1 949-231-2965