Holistic protection against every threat level.

Cybersecurity is complex, but your security stack doesn’t need to be. We’ve combined multiple layers into one platform to provide comprehensive protection against malicious files and URLs, across channels.

Advanced Threat (APT) Prevention

We see the unknown attacks that leading solutions miss.

First ever hardware-assisted platform (HAP™) combines hardware visibility with software agility to deliver unprecedented prevention of Zero-day and N-day threats.

Targeting the real enemy

Exploits.

In advanced attacks, the source of malware are exploits. While there are as many as 72M new malware variants/month, there are currently only ~10 exploit techniques in use*. We target these exploit techniques to deliver an earlier, far more reliable verdict and prevent APT attacks pre-malware release.

*ISTR, Vol. 23 (March 2018)

The Cyber Kill Chain.

Scroll to see how early we act upon any sign of intrusion

recording the full execution flow

Hardware Visibility.

Any APT attack always starts at the CPU level, so access to this data is critical. How to achieve this in a SaaS solution? We leverage Intel PT (Processor Trace) to record the full execution flow using software. Custom built hypervisor bridges between the CPU and virtual machines to capture the cleanest data possible, enabling the detection of highly-evasive attacks that sandbox and other solutions cannot see.

Patent-pending detection algorithms

Software agility.

Cutting-edge detection algorithms (scanners) analyze each recording to detect malicious intent. Advanced scanners include:

1

CFG.

Detects memory corruption exploits

2

FFG.

Detects advanced exploitation techniques

3

Dropper.

Detects logical bugs

We are continuously researching the latest exploitation techniques, while they are still in academia, to ensure our detection capabilities are updated to stay ahead of the latest attack campaigns.

how long does it take?

No more than 30 seconds.

We run all layers simultaneously, resulting in close to zero delay for the user, with an average delivery time of under 3 seconds.

See Complete Architecture
Learn more about how you can leverage this approach
to secure your enterprise communication and
collaboration channels.
Any threat level.

Complete threat coverage.

Cutting-edge protection against advanced threats. Enhanced protection against every threats.

Everyday Threats.

Low risk - Low exposure

Low risk
Low exposure

Spam, phishing, commodity malware


Requires minimal hacking skills
Moderately effective

Partly covered by AVs & Sandbox

N-day Threats.

medium risk - high exposure

medium risk
high exposure

Obfuscated exploits leveraging known vulnerabilities in Office, Adobe, browsers, and more

Requires advanced hacking skills

Highly effective against unpatched software
Easily evade AVs & Sandbox

Zero-day Threats.

high risk - high exposure

high risk
high exposure

Exploits leveraging new/unknown vulnerabilities in Office, Adobe, browsers, and more

Requires very advanced hacking skills

Highly effective even against well-secured organizations

A complete blindspot to AVs & Sandbox

THE SOURCE OF MALWARE

Advanced threat coverage.

Researched and developed in universities, there are currently only ~10 known exploit techniques utilized today.



1

Stack Overwrite Return Address

Attacker overwrites the return address in the stack frame of a function and diverts execution to a location of his choice.

Year published: 1996

2

Stack Overwrite variables

Attacker overwrites variables in the stack frame of a function in order to affect the flow of the program and divert execution to a location of his choice.

Year published: N/A

3

Stack SEH Overwrite

Upon overflowing a stack buffer which overwrites the SEH handler, execution is diverted to a gadget (pop; pop; ret) which executes shellcode or ROP.

Year published: 2003

4

Heap Spray

Creates a continuous allocation in memory to which an attacker can reliably divert the execution to.

Year published: 2004

5

Stack Pivot

Attacker changes the stack pointer to memory under his control, usually in order to initaite a ROP/COP/JOP sequence.

Year published: N/A

6

Return Oriented Programming (ROP)

Bypasses NX-bit and chains together “gadgets” by sequencing return addresses on the stack.

Year published: 2007

7

Jump Oriented Programming (JOP)

Bypasses NX-bit and chains together “gadgets” by sequencing JMP commands that use stack arguments.

Year published: 2010

8

Call Oriented Programming (COP)

Bypasses NX-bit and chains together “gadgets” by sequencing call instructions.

Year published: 2014

9

Counterfeit Object-Oriented Programming (COOP)

Induces malicious program behavior by only invoking chains of existing C++ virtual functions in a program through corresponding existing call sites.

Year published: 2015

10

Data Oriented Programming (DOP)

Manipulates data instead of control flow objects in order to gain code execution.

Year published: 2016