Virsec ARMAS works via an approach we call “Trusted Execution”. Trusted Execution is a deterministic way of identifying malicious exploits and attacks based on CPU and memory level visibility of an application’s execution path. We believe this approach is as fundamental as signatures, behavioral, predictive and other forms of security detection have been, however much more precise given our deep context and high performance protection. This deep context enables our unique and ground-breaking Memory Attack Protection. Trusted Execution works through the concept of an AppMAP, which can be generated automatically on protected applications and serve as a runtime reference for security detection and enforcement.
ARMAS also works through the concept of Probes. ARMAS Probes are instrumented into your application and sit on every instance of your application, be it a web or application server. The Probes communicate with our Analysis Engine appliances for security policy and enforcement and are lightweight on performance impact. ARMAS Probes support all major server side OS platforms such as Windows and Linux, as well as key server-side programming languages such as .NET, Java and PHP.