Holistic protection against every threat level.
Cybersecurity is complex, but your security stack doesn’t need to be. We’ve combined multiple layers into one platform to provide comprehensive protection against malicious files and URLs, across channels.
ADVANCED THREAT (APT) PREVENTION
We see the unknown attacks that leading solutions miss.
First ever hardware-assisted platform (HAP™) combines hardware visibility with software agility to deliver unprecedented prevention of Zero-day and N-day threats.
TARGETING THE REAL ENEMY
In advanced attacks, the source of malware are exploits. While there are as many as 72M new malware variants/month, there are currently only ~10 exploit techniques in use*. We target these exploit techniques to deliver an earlier, far more reliable verdict and prevent APT attacks pre-malware release.
*ISTR, Vol. 23 (March 2018)
The Cyber Kill Chain.
Scroll to see how early we act upon any sign of intrusion
RECORDING THE FULL EXECUTION FLOW
Any APT attack always starts at the CPU level, so access to this data is critical. How to achieve this in a SaaS solution? We leverage Intel PT (Processor Trace) to record the full execution flow using software. Custom built hypervisor bridges between the CPU and virtual machines to capture the cleanest data possible, enabling the detection of highly-evasive attacks that sandbox and other solutions cannot see.
PATENT-PENDING DETECTION ALGORITHMS
Cutting-edge detection algorithms (scanners) analyze each recording to detect malicious intent. Advanced scanners include:
Detects memory corruption exploits
Detects advanced exploitation techniques
Detects logical bugs
We are continuously researching the latest exploitation techniques, while they are still in academia, to ensure our detection capabilities are updated to stay ahead of the latest attack campaigns.
how long does it take?
An average of 3 seconds.
We run all layers simultaneously, resulting in close to zero delay for the user, with an average delivery time of under 3 seconds.See Complete Architecture
Complete threat coverage.
Complete threat coverage.
Cutting-edge protection against advanced threats. Enhanced protection against every threats.
Low risk - Low exposure
Spam, phishing, commodity malware
Requires minimal hacking skills
Partly covered by AVs & Sandbox
medium risk - high exposure
Obfuscated exploits leveraging known vulnerabilities in Office, Adobe, browsers, and more
Requires advanced hacking skills
Highly effective against unpatched software
Easily evade AVs & Sandbox
high risk - high exposure
Exploits leveraging new/unknown vulnerabilities in Office, Adobe, browsers, and more
Requires very advanced hacking skills
Highly effective even against well-secured organizations
A complete blindspot to AVs & Sandbox
THE SOURCE OF MALWARE
Advanced threat coverage.
Researched and developed in universities, there are currently only ~10 known exploit techniques utilized today.
Stack Overwrite Return Address
Attacker overwrites the return address in the stack frame of a function and diverts execution to a location of his choice.
Year published: 1996
Stack Overwrite variables
Attacker overwrites variables in the stack frame of a function in order to affect the flow of the program and divert execution to a location of his choice.
Year published: N/A
Stack SEH Overwrite
Upon overflowing a stack buffer which overwrites the SEH handler, execution is diverted to a gadget (pop; pop; ret) which executes shellcode or ROP.
Year published: 2003
Creates a continuous allocation in memory to which an attacker can reliably divert the execution to.
Year published: 2004
Attacker changes the stack pointer to memory under his control, usually in order to initaite a ROP/COP/JOP sequence.
Year published: N/A
Return Oriented Programming (ROP)
Bypasses NX-bit and chains together “gadgets” by sequencing return addresses on the stack.
Year published: 2007
Jump Oriented Programming (JOP)
Bypasses NX-bit and chains together “gadgets” by sequencing JMP commands that use stack arguments.
Year published: 2010
Call Oriented Programming (COP))
Bypasses NX-bit and chains together “gadgets” by sequencing call instructions.
Year published: 2014
Counterfeit Object-Oriented Programming (COOP)
Induces malicious program behavior by only invoking chains of existing C++ virtual functions in a program through corresponding existing call sites.
Year published: 2015
Data Oriented Programming (DOP)
Manipulates data instead of control flow objects in order to gain code execution.
Year published: 2016
Stay a step ahead
Research & News.
Incident Report: Composite Moniker
We’ve spotted CVE-2017-8570, a.k.a the “Composite Moniker” in the wild alive and kicking.