Today, we are reviewing Nyotron’s last line of defense for endpoints, appropriately named PARANOID, an endpoint protection solution that works seamlessly with existing endpoint security solutions to create an almost impenetrable defense against even the most sophisticated attacks.
Acting as the last line of defense – after threats bypass all perimeter and endpoint security layers – PARANOID is designed to protect data from deletion, exfiltration, encryption, sabotage and more.
Protection from Future Threats
PARANOID protects organizations from any future threat without having to know anything about it today. In a statement to bolster this claim, Nir Gaist, Founder and CTO of Nyotron, stated in a Security Guy Radio interview: “We simply don’t care about the threat. We don’t [need to] research threats at Nyotron.”
An Opposite Security Paradigm – The What, Not How of Attacks
While attack techniques must change as protection against them evolves, the motivations behind attacks remain consistent. In the damage stage, common actions attackers seek to perform include creating, encrypting, moving, or deleting files, as well as creating an external communications channel and establishing persistence.
And this fact is what drives Nyotron’s unique, “opposite” security paradigm. Rather than evaluating threats based on known malware, Nyotron’s PARANOID analyzes the behavior of the malware in a way the company refers to as a “completely opposite security paradigm”. PARANOID uses a map of legitimate operating system behavior called Behavior Pattern Mapping. The company has mapped all normative ways to interact with the file system, with registry, partition information and networking at the operating system’s call level. All other actions (outside of the finite set of normative actions) are blocked by default.
Positive Security Model
Nyotron provides the industry’s first OS-Centric Positive Security to strengthen laptop, desktop, and server protection. This approach is a response to the shortcomings of using signatures, machine learning, or relying on unpredictable user behavior for advanced malware detection and prevention.
By mapping legitimate operating system behavior, OS-Centric Positive Security knows all the normative ways that may lead to damage, such as file deletion, data exfiltration, and encryption.
“While the bad is infinite, the good is finite and we’re focusing on mapping all the good ways to do things on a computer,” explained Gaist. Focusing on finite “good” actions allows PARANOID to be completely agnostic to threats and attack vectors. This approach eliminates the need for prior knowledge of an exploit, offering a future-proof solution that provides protection from any attack vector. Additionally, this enables PARANOID to thwart attacks before damage is done. PARANOID can also prevent breaches caused by accidental misconfiguration due to human error.
The PARANOID War Room view delivers real-time visibility with a slick 3D representation of the security status of users’ endpoints. Analysts can use the War Room for forensics, intelligence and analysis of the attacks that infiltrate their networks providing deep visibility, including the attack origin and all attempted actions.
No Machine Learning or AI
PARANOID is not a learning technology, which enables it to provide immediate value. The solution is a deterministic model (vs. predictive tools using machine learning/artificial intelligence) that is “pre-learned” based on the fairly static map of the OS behavior. This also means that the product rarely needs updating and can work in a completely air-gapped environment.
Protection for Servers
In February 2018, Nyotron added protection for servers, extending the company’s reach beyond desktops and furthering its presence in the enterprise market. The press release states, “a critical infrastructure customer recently deployed the solution on 400 servers in just two days and is already seeing significant improvements in its security posture.”
PARANOID can provide a compensating control for legacy, unsupported, and unpatched servers and applications. This is vital considering the gaping security holes often caused by unpatched servers.
What Customers Say
“Nyotron adds significant capabilities in terms of identifying and preventing new, unknown threats and works well with the multiple defense systems that El Al Airlines has in place.”
Ofer Tsabary, Chief Information Officer, El Al Airlines
“We experience great success with Nyotron’s PARANOID solution. Their Managed Defense Services helps us from detection to prevention through remediation. Traditional security technologies cannot protect us against zero-day attacks and APTs, so our security posture went up by having Nyotron PARANOID on board.”
CISO, Major US Law Enforcement Agency
Licensing, Pricing, & Deployment
PARANOID is delivered as a software or managed service, for approximately $50 USD per endpoint subscription license. PARANOID has a traditional client-server architecture similar to other endpoint protection products. The server component is delivered as a virtual machine and can be run on-prem or in the cloud. The PARANOID Agent can be deployed using systems management tools such as MS SCCM, Tanium, Ivanti, or IBM BigFix. The PARANOID Agent upgrade mechanism is built-in. The PARANOID agent is installed on every end-point an organization wants to protect.
Additionally, Nyotron’s Managed Defense Services (MDS) can be used to fully off-load PARANOID management and threat investigation and analysis to the Nyotron’s team of security experts. The company points out how this is particularly advantageous for organizations struggling with the security talent shortage.
Nyotron’s stated mission is “to win the war on malware”. Senior information security expert and ethical hacker Nir Gaist founded the company at an early age, and now serves as the Chief Technology Officer and a member of the board of directors. Headquartered in Santa Clara, California, the company has an R&D office in Israel, and currently has 61 employees listed on LinkedIn.
Nyotron has won multiple awards including Innovator in Endpoint Security for 2018 and Top 50 Cyber Security Leaders of 2017, both from Cyber Defense Magazine, EMA 2017 Vendor to Watch, and a 5-Star Review from SC Magazine.