Nyotron at Black Hat 2019: Finally, EDR That Detects AND Prevents Malware

0

Our mission at Black Hat USA and BSides this week is to set the record straight on what the typical Endpoint Detection and Response (EDR) solution can and cannot do. More IT security professionals are fast-tracking EDR implementation without first doing the necessary homework. We will also demonstrate how Nyotron’s PARANOID solution enables your organization to overcome traditional EDR limitations by detecting malware AND preventing the damage it tries to cause.  

We call our approach Endpoint Prevention and Response (EPR), and you can see a live, hands-on demonstration at our Black Hat booth: #2210 in Innovation City located in the Oceanside Hall. 

Potential Pitfalls of EDR

Osterman Research recently published its “The Critical Role of Endpoint Detection and Response” report that sounded an alarm over the fact that security pros too often implement EDR tools without fully understanding their capabilities and limitations. More than half of Osterman’s survey respondents expect to reduce the burden on their security staff and end users. However, EDR solutions typically have just the opposite effect.

“EDR is not really a way to do that effectively because it does take some level of effort to understand and analyze the data an EDR solution provides,” said Osterman. “It’s not a set-it-and-forget-it solution, that’s not what it’s intended to do.”

Nyotron’s EPR is the “New EDR”

An EDR solution indiscriminately records everything, generating an ever-growing volume of data that overwhelms security personnel tasked with analyzing it. Traditional EDR tools are rarely able to stop an attack in real-time, as they depend on big data analytics or manual hunting. That can delay detection by hours, if not days.

PARANOID not only provides real-time visibility into an attack, it also automatically stops the attack from inflicting damage to systems and data. This enables PARANOID to deliver three key benefits that traditional EDR solutions cannot: 

  1. Real-time detection of malicious activity without reliance on any prior knowledge of the attack (e.g. IOC feed or sandbox detonation)
  2. Automatic damage prevention 
  3. Precise visibility into malicious activity without requiring manual threat hunting

Return of LED Tags and the Nyotron Hedgehog!

Of course, we’re not all business at our booth. We’ll be giving away stuffed versions of our beloved Nyotron Hedgehog mascot, and the programmable LED tags that were so popular among RSA attendees earlier this year. Quantities are limited, and it’s first come, first serve!

   

Feel free to stop by our booth anytime the show floor is open, and email us at info@nyotron.com if you would like to schedule a specific day and time for a hands-on demo of PARANOID. 

We’ll also provide updates throughout the week from Black Hat and BSides on Twitter, so be sure to follow us: @Nyotron

Rene Kolga is Senior Director of Product and Marketing at Nyotron, the developer of PARANOID, the industry’s first OS-Centric Positive Security solution to strengthen your AV or NGAV protection. By mapping legitimate operating system behavior, PARANOID understands all the normative ways that may lead to damage and is completely agnostic to threats and attack vectors. When an attack attempts to delete, exfiltrate or encrypt files (among other things), PARANOID blocks them in real-time.