Deploying traditional security solutions like antivirus and firewall (whether next gen or not) that only attempt to detect new malware based on the past knowledge (e.g., previous malware samples and techniques) may have been sufficient in the 1990s, but not today. More and more organizations worldwide are falling victim to targeted attacks and suffering devastating data breaches. Since the industry is stuck in the 1990s, let’s consider the advice Jerry gave George in the classic Seinfeld episode The Opposite: “If every instinct you have is wrong, then the opposite would have to be right.”
Instead of trying to identify and block the practically infinite amount of “badness” attacking your endpoints, Nyotron’s PARANOID focuses on the finite “good”: legitimate operating system behavior. It’s a radical departure from industry norm, but as ICSA Labs’ exhaustive testing proves, it works.
PARANOID recently underwent 33 days of testing in order to earn the ICSA Labs
Advanced Threat Defense Certification. Over the course of more than 1,150 test runs, ICSA Labs’ testers used a mix of recently harvested new and little-known malicious threats not typically detected by traditional security products relying on the past knowledge of malware and its behavior. The threats were delivered via many of the top threat vectors that the latest Verizon Data Breach Investigation Report (DBIR) found have led to enterprise cybersecurity incidents and breaches, including email attachments, email links, direct install, and web drive-by download.
ICSA Labs also threw some curveballs by launching hundreds of innocuous applications and activities to test whether PARANOID can distinguish the bad from the good to avoid any business interruption.
To meet the criteria requirements and attain certification, an advanced threat defense solutions must be at least 75% effective at detecting new malicious threats. The results?
According to ICSA Labs’ report: “Nyotron’s solution did remarkably well during this test cycle – detecting 100.0% of previously unknown threats while having just one false positive… considerably better than the percentage required for certification.”
Courtesy: ICSA Labs
PARANOID never wavered, no matter how new or old the threat, as this graphic shows:
Courtesy: ICSA Labs
You can read the full ICSA Labs report here.
PARANOID leverages the unique Behavior Pattern Mapping (BPM) language to introduce a Positive Security approach at the operating system level. PARANOID maps the entire legitimate behavior of the OS related to file system, registry, IPC and networking to separate the good from the bad, which makes identifying anomalies much faster and simpler.
Nyotron Founder and CTO Nir Gaist recently led a webinar to demonstrate how this approach works, and you can view the recording here.