CSO.com Reviews Nyotron PARANOID


Whether you work for an established security industry player like Symantec or a smaller company trying to build brand awareness, providing your solution to a media outlet for an in-depth review is both an exciting and nerve-wracking experience. A positive review will put your product in front of an enormous audience of potential customers. Of course, so will a negative review…   

So, when we handed our PARANOID solution over to veteran reviewer John Breeden II for a review in CSO.com, I’ll admit a hint of anxiety tinged our confident anticipation for the outcome. 

Fortunately, Breeden reports PARANOID performed very well under his rigorous testing: “(PARANOID) acts as a last line of defense and was very effective in that role during our testing.” 

You can read his full review here: “Review: How Nyotron Paranoid puts endpoint security worries to rest.

Breeden introduces his article by pointing out that PARANOID is a complement to an organization’s traditional endpoint security solutions, not a replacement. He explains how PARANOID uses Nyotron’s unique Behavior Pattern Mapping (BPM) language to map the entire legitimate behavior of the operating system related to file system, registry, IPC and networking. 

“The philosophy behind PARANOID is that there is an infinite number of ways that hackers can attack a computer and a network, with new techniques popping up all the time,” writes Breeden. “But if an attacker gains access to a system, there are a limited number of things they can actually do based on what is allowed by the operating system.”

He began his testing with a softball pitch right over the plate: deleting a file from the test system’s desktop. It’s a simple process for the end-user that requires only a few mouse clicks. But Breeden explains what the user doesn’t see: thousands of system calls happening in the background in a very specific sequence at the kernel level of the OS. PARANOID maps all legitimate actions for every possible event on a Windows desktop or server, and automatically blocks any processes that fall outside of those legitimate sequences from executing and issues an alert. 

“PARANOID… is ready to pull the rug out from (attackers) at the last second, because there is not a lot an attacker can do that would be identical to the same thing being conducted by a legitimate user or program on that system,” adds Breeden. 

Then the real testing began. Breeden launched an attack that has proven able to slip past a commercial antivirus (AV) program that was loaded and fully up-to-date on the test system (he does not provide the product name or vendor). 

According to Breeden, “Paranoid saw the attack and even mapped out the illegal processes used to encrypt files and demand a ransom. It was neat to see the attack mapped out, especially when the antivirus program didn’t know anything was wrong, even after the files were encrypted.”

He launched a second attack, and while it too avoided the traditional endpoint security solutions, PARANOID caught it and prevented it from damaging or stealing any files.

Breeden’s final analysis: “The truth is that in today’s world, you really need to be highly concerned, or even paranoid, all the time about cybersecurity. The PARANOID platform can provide a solid last line of defense, and let network admins sleep a little bit easier.”

You can read the full review here.

To schedule a demonstration of how PARANOID can serve as the last line of defense in your organization’s security stack, fill out our short online demo request form, and we’ll get right back to you.  


Rene Kolga is Senior Director of Product and Marketing at Nyotron, the developer of PARANOID, the industry’s first OS-Centric Positive Security solution to strengthen your AV or NGAV protection. By mapping legitimate operating system behavior, PARANOID understands all the normative ways that may lead to damage and is completely agnostic to threats and attack vectors. When an attack attempts to delete, exfiltrate or encrypt files (among other things), PARANOID blocks them in real-time.

No posts to display