Meet Vicarius- Your Watch Dog Against Vulnerable Software Applications
- What is the challenge with software applications, and how does Vicarius Topia helps?
- Is there a difference in the way you handle open source and proprietary software?
- How does Vicarius deal with unknown threats?
- How does Vicarius handle false positives?
- What can you tell us about Vicarius's future plans?
Vicarius is an Israeli startup that has developed a pioneering platform, aimed to predict threats and protect any software without patching, code changes or vendor involvement. We spoke with CEO and founder Michael Assraf to talk about the technology and unique features of their product, "Topia". Share
I founded Vicarius with two friends in May, 2016. We all have experience working with other cyber security firms, and we’re all committed to building the best security platform around. Our vision is to protect any software application, without having the source code, post installation.
What is the challenge with software applications, and how does Vicarius Topia helps?
Most of the security solutions available today work by integrating security features into the software development cycle (SDLC). This essentially means that developers will add plugins to their continuous integration systems (CI/CD) to combat vulnerabilities. However, with hundreds new threats emerging every day, it’s basically impossible for software developers to keep up. As a result, users become easy targets for attackers, with nowhere to turn. Vicarius’s Topia completely removes vendors from the picture by running on client side. With this model, when companies inevitably fail to provide patches to vulnerabilities, users don’t have to wait for them to come up with a solution. Topia knew about the problem, and had solved it before the attack even happened. IT admins around the world use Vicarius for precisely this reason - they’ll never be let down, or compromised again.
Is there a difference in the way you handle open source and proprietary software?
Not really. We look at the software as a sealed black box filled with compiled gibberish - making the difference redundant. Rather than reading code, we focus on immutable artifacts that are already installed and running on client assets.
We execute controlled attacks on infected software to understand which sections are being abused. Next, we generate patterns with the results and look for them in applications that haven’t been attacked yet.
Subsequently, we rank vulnerabilities in relation to their potential to damage a system, allowing customers to understand the connection between vulnerability and exploitation.
For example, if you have a network-related vulnerability on an asset that doesn’t allow network access, it will be given lower prioritization, because it’s relatively harmless.
With the utilization of Topia, our objective is to provide a comprehensive solution that encompasses the entire spectrum of the problem: from prediction and risk prioritization to ultimate protection.
After detection, the information is made available to the IT admin, who will validate the problem. Our customized insights offer different levels of alerts, depending on the severity of the breach and its likelihood of affecting important assets. The IT administrator can then choose whether to solve the problem independently or use our patching service.
How does Vicarius deal with unknown threats?
We perform static and dynamic analysis on client side binaries, trying to understand what each part of the software aims to do. Then, we run our pattern-searching machine-learning algorithm and see if there is anything that resembles previously detected threats.
How does Vicarius handle false positives?
The system finds vulnerable locations in the software and isolates the processes that run it, as well as the resources it uses. Generally, when a software comes with validated processes and libraries (DLL's on Windows or SO files Linux) access will be strictly limited unless there's an unique exception. For instance if you have an Active Directory or an SQL server, and someone is trying to manipulate or abuse one of its modules, most security tools will not respond. In terms of false positives, the software isolation process comes along with best practices of software development, meaning nothing should be compromised.
What can you tell us about Vicarius's future plans?
We’re currently wrapping up our seed round with approximately $1.5 million in funding. Our next step is to increase the availability of our product by supporting multiple operating systems. We also want to support more programming languages like Java, JS and Python, so we can provide solutions for any kind of software application.