Holistic protection against every threat level.

Cybersecurity is complex, but your security stack doesn’t need to be. We’ve combined multiple layers into one platform to provide comprehensive protection against malicious files and URLs, across channels.

Advanced Threat (APT) Prevention

We see the unknown attacks that leading solutions miss.

First ever hardware-assisted platform (HAP™) combines hardware visibility with software agility to deliver unprecedented prevention of Zero-day and N-day threats.

Targeting the real enemy


In advanced attacks, the source of malware are exploits. While there are as many as 72M new malware variants/month, there are currently only ~10 exploit techniques in use*. We target these exploit techniques to deliver an earlier, far more reliable verdict and prevent APT attacks pre-malware release.

*ISTR, Vol. 23 (March 2018)

The Cyber Kill Chain.

Scroll to see how early we act upon any sign of intrusion

recording the full execution flow

Hardware Visibility.

Any APT attack always starts at the CPU level, so access to this data is critical. How to achieve this in a SaaS solution? We leverage Intel PT (Processor Trace) to record the full execution flow using software. Custom built hypervisor bridges between the CPU and virtual machines to capture the cleanest data possible, enabling the detection of highly-evasive attacks that sandbox and other solutions cannot see.

Patent-pending detection algorithms

Software agility.

Cutting-edge detection algorithms (scanners) analyze each recording to detect malicious intent. Advanced scanners include:



Detects memory corruption exploits



Detects advanced exploitation techniques



Detects logical bugs

We are continuously researching the latest exploitation techniques, while they are still in academia, to ensure our detection capabilities are updated to stay ahead of the latest attack campaigns.

how long does it take?

No more than 30 seconds.

We run all layers simultaneously, resulting in close to zero delay for the user, with an average delivery time of under 3 seconds.

See Complete Architecture
Learn more about how you can leverage this approach
to secure your enterprise communication and
collaboration channels.
Any threat level.

Complete threat coverage.

Cutting-edge protection against advanced threats. Enhanced protection against every threats.

Everyday Threats.

Low risk - Low exposure

Low risk
Low exposure

Spam, phishing, commodity malware

Requires minimal hacking skills
Moderately effective

Partly covered by AVs & Sandbox

N-day Threats.

medium risk - high exposure

medium risk
high exposure

Obfuscated exploits leveraging known vulnerabilities in Office, Adobe, browsers, and more

Requires advanced hacking skills

Highly effective against unpatched software
Easily evade AVs & Sandbox

Zero-day Threats.

high risk - high exposure

high risk
high exposure

Exploits leveraging new/unknown vulnerabilities in Office, Adobe, browsers, and more

Requires very advanced hacking skills

Highly effective even against well-secured organizations

A complete blindspot to AVs & Sandbox


Advanced threat coverage.

Researched and developed in universities, there are currently only ~10 known exploit techniques utilized today.


Stack Overwrite Return Address

Attacker overwrites the return address in the stack frame of a function and diverts execution to a location of his choice.

Year published: 1996


Stack Overwrite variables

Attacker overwrites variables in the stack frame of a function in order to affect the flow of the program and divert execution to a location of his choice.

Year published: N/A


Stack SEH Overwrite

Upon overflowing a stack buffer which overwrites the SEH handler, execution is diverted to a gadget (pop; pop; ret) which executes shellcode or ROP.

Year published: 2003


Heap Spray

Creates a continuous allocation in memory to which an attacker can reliably divert the execution to.

Year published: 2004


Stack Pivot

Attacker changes the stack pointer to memory under his control, usually in order to initaite a ROP/COP/JOP sequence.

Year published: N/A


Return Oriented Programming (ROP)

Bypasses NX-bit and chains together “gadgets” by sequencing return addresses on the stack.

Year published: 2007


Jump Oriented Programming (JOP)

Bypasses NX-bit and chains together “gadgets” by sequencing JMP commands that use stack arguments.

Year published: 2010


Call Oriented Programming (COP)

Bypasses NX-bit and chains together “gadgets” by sequencing call instructions.

Year published: 2014


Counterfeit Object-Oriented Programming (COOP)

Induces malicious program behavior by only invoking chains of existing C++ virtual functions in a program through corresponding existing call sites.

Year published: 2015


Data Oriented Programming (DOP)

Manipulates data instead of control flow objects in order to gain code execution.

Year published: 2016