THREAT INTELLIGENCE SERVICE
INTRODUCTION
VSP-Host capabilities allow users to enforce a zero-trust environment and to ensure that only the authorized and trusted executables are executed on the configured server workloads (VM or containerized). The fundamental aspect of this section is process and library control and enforcement based on trustworthiness of those executables.
Some of the executables found on server workloads can be easily verified at the operating system level via checks like SFC validation, publisher certificates and package manger database. There is still a wide range of software that may need further review by VSP platform users. In addition, before deploying VSP security, users may want to validate that their systems are not already compromised.
To facilitate the above scenarios and use cases, Virsec Threat Intelligence Service adds file reputation capabilities to identify the known good as well as the known bad files. This is performed both during the onboard and at runtime, making operations much smoother. This can also be achieved via integration with the file reputation service of “Virus total”. An existing VT subscription can be leveraged. The reputation database that Virsec refers in the backend is far more superior owing to VSP’s experience, especially in identifying the known good files.