Our videos have over 5 million views on Youtube! Visit our channel now »
The listings featured on this site are from companies from which this site receives compensation. Read the Advertising Disclosure for more information
Disclosure:
Professional Reviews

vpnMentor contains reviews that are written by our community reviewers, and are based on the reviewers' independent and professional examination of the products/services.

Ownership

vpnMentor is owned by Kape Technologies PLC, which owns the following products: ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, which may be reviewed on this website.

Affiliate Commissions Advertising

vpnMentor contains reviews that were written by our experts and follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will be based on an independent, honest and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, which will however not affect the review but might affect the rankings. The latter are determined on the basis of customer satisfaction of previous sales and compensation received.

Reviews Guidelines

The reviews published on vpnMentor are written by experts that examine the products according to our strict reviewing standards. Such standards ensure that each review is based on the independent, professional and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may take into consideration the affiliate commissions we earn for purchases through links on our website.

Meet Vicarius- Your Watch Dog Against Vulnerable Software Applications

Vicarius is an Israeli startup that has developed a pioneering platform, aimed to predict threats and protect any software without patching, code changes or vendor involvement. We spoke with CEO and founder Michael Assraf to talk about the technology and unique features of their product, "Topia".

I founded Vicarius with two friends in May, 2016. We all have experience working with other cyber security firms, and we’re all committed to building the best security platform around. Our vision is to protect any software application, without having the source code, post installation.

What is the challenge with software applications, and how does Vicarius Topia helps?

Most of the security solutions available today work by integrating security features into the software development cycle (SDLC). This essentially means that developers will add plugins to their continuous integration systems (CI/CD) to combat vulnerabilities. However, with hundreds new threats emerging every day, it’s basically impossible for software developers to keep up. As a result, users become easy targets for attackers, with nowhere to turn. Vicarius’s Topia completely removes vendors from the picture by running on client side. With this model, when companies inevitably fail to provide patches to vulnerabilities, users don’t have to wait for them to come up with a solution. Topia knew about the problem, and had solved it before the attack even happened. IT admins around the world use Vicarius for precisely this reason -  they’ll never be let down, or compromised again.

Is there a difference in the way you handle open source and proprietary software?

Not really. We look at the software as a sealed black box filled with compiled gibberish - making the difference redundant. Rather than reading code, we focus on immutable artifacts that are already installed and running on client assets.

We execute controlled attacks on infected software to understand which sections are being abused. Next, we generate patterns with the results and look for them in applications that haven’t been attacked yet.

Subsequently, we rank vulnerabilities in relation to their potential to damage a system, allowing customers to understand the connection between vulnerability and exploitation.

For example, if you have a network-related vulnerability on an asset that doesn’t allow network access, it will be given lower prioritization, because it’s relatively harmless.

Using Topia, we aim to solve the problem entirely : from prediction, through risk prioritization, and all the way to protection.

After detection, the information is made available to the IT admin, who will validate the problem. Our customized insights offer different levels of alerts, depending on the severity of the breach and its likelihood of affecting important assets. The IT administrator can then choose whether to solve the problem independently or use our patching service.

How does Vicarius deal with unknown threats?

We perform static and dynamic analysis on client side binaries, trying to understand what each part of the software aims to do. Then, we run our pattern-searching machine-learning algorithm and see if there is anything that resembles previously detected threats.

How does Vicarius handle false positives?

The system finds vulnerable locations in the software and isolates the processes that run it, as well as the resources it uses. Generally, when a software comes with validated processes and libraries (DLL's on Windows or SO files Linux) access will be strictly limited unless there's an unique exception. For instance if you have an Active Directory or an SQL server, and someone is trying to manipulate or abuse one of its modules, most security tools will not respond. In terms of false positives, the software isolation process comes along with best practices of software development, meaning nothing should be compromised.

What can you tell us about Vicarius's future plans?

We’re currently wrapping up our seed round with approximately $1.5 million in funding. Our next step is to increase the availability of our product by supporting multiple operating systems. We also want to support more programming languages like Java, JS and Python, so we can provide solutions for any kind of software application.

About the Author

Ditsa Keren is a cybersecurity expert with a keen interest in technology and digital privacy.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback
Comment Comment must be from 5 to 2500 characters long.