Update Nyotron Paranoid

Burrito

Burrito

Level 24
1579020847598.png



I don't know much about this capability -- in fact I heard of it for the first time yesterday.

My employer did some basic testing on this product --- and it seems (preliminary) to be VERY solid. Most products tested with analogous malware packages don't do so well.

Again, I don't know anything about the product, but one of the tech's told me that it is a 'nontraditional' product.

www.nyotron.com

PARANOID - OS Centric Positive Security Solution | Nyotron

PARANOID—the first-ever OS Centric Positive Security solution—provides infallible endpoint protection. Reach us now for more.
www.nyotron.com www.nyotron.com

A Radically Different Approach to Endpoint Security
Winning the war on malware requires layered protection for endpoints. PARANOID acts as a last line of defense to shield you from threats that antivirus and next-generation antivirus solutions tend to miss… completely new, unknown and fileless malware, zero-day exploits and advanced persistent threats. This OS-Centric Positive Security solution leverages a map of operating system behavior called Behavior Pattern Mapping to identify actions that can cause system damage or lead to data theft.
Click to expand...

Yeah... I know... how many times have we all heard this kinda cyber mumbo jumbo..

Their "Behavior Pattern Mapping" may just be whitelisting. Again, I dunno. This thing is new to me.

But it seems to work.

www.cybersecurity-insiders.com

PRODUCT REVIEW: Nyotron PARANOID - Cybersecurity Insiders

Today, we are reviewing Nyotron’s last line of defense for endpoints, appropriately named PARANOID, an endpoint protection solution that works seamlessly with existing endpoint security solutions to create an almost impenetrable defense against even the most sophisticated attacks. Acting as the...
www.cybersecurity-insiders.com www.cybersecurity-insiders.com

www.cybersecurity-insiders.com

Nyotron PARANOID Blocks 100% of Unknown Threats During Rigorous ICSA Labs Testing - Cybersecurity Insiders

Deploying traditional security solutions like antivirus and firewall (whether next gen or not) that only attempt to detect new malware based on the past knowledge (e.g., previous malware samples and techniques) may have been sufficient in the 1990s, but not today. More and more organizations...
www.cybersecurity-insiders.com www.cybersecurity-insiders.com

journalofcyberpolicy.com

Go Ahead, Get Paranoid: Rethinking Endpoint Security - Journal of Cyber Policy

In Dr. No, James Bond is about to leave his hotel room for some martinis (shaken, not stirred!) but he wants to make sure that no one peeks inside Her Majesty’s secret briefcase, which he leaves in the room. Being that it’s 1962, his best option is to sprinkle some fingerprint powder on the...
journalofcyberpolicy.com journalofcyberpolicy.com


Get Paranoid. "Safe" is just an illusion. ;)
1579022287702.png
 
Correlate

Correlate

Level 16
Verified
nyotron endpoints PARANOID is an American company that has several branches with an innovative and effective protection solution that has had impressive positive results .!
ABOUT NYOTRON Nyotron provides the industry’s first OS-Centric Positive Security to strengthen laptop, desktop and server protection. By mapping legitimate operating system behavior, Nyotron’s PARANOID understands all normative ways that may lead to damage, such as file deletion, data exfiltration, encryption, sabotage and more. Focusing on finite “good” actions allows PARANOID to be completely agnostic to threats and attack vectors. PARANOID works seamlessly with antivirus and next-generation antivirus solutions to provide the last line of defense from modern state-level attacks. Nyotron (nyotron.com) is headquartered in Santa Clara, CA with an R&D office in Israel.
 
Last edited:
Correlate

Correlate

Level 16
Verified
Burrito said:
View attachment 232152


I don't know much about this capability -- in fact I heard of it for the first time yesterday.

My employer did some basic testing on this product --- and it seems (preliminary) to be VERY solid. Most products tested with analogous malware packages don't do so well.

Again, I don't know anything about the product, but one of the tech's told me that it is a 'nontraditional' product.

www.nyotron.com

PARANOID - OS Centric Positive Security Solution | Nyotron

PARANOID—the first-ever OS Centric Positive Security solution—provides infallible endpoint protection. Reach us now for more.
www.nyotron.com www.nyotron.com



Yeah... I know... how many times have we all heard this kinda cyber mumbo jumbo..

Their "Behavior Pattern Mapping" may just be whitelisting. Again, I dunno. This thing is new to me.

But it seems to work.

www.cybersecurity-insiders.com

PRODUCT REVIEW: Nyotron PARANOID - Cybersecurity Insiders

Today, we are reviewing Nyotron’s last line of defense for endpoints, appropriately named PARANOID, an endpoint protection solution that works seamlessly with existing endpoint security solutions to create an almost impenetrable defense against even the most sophisticated attacks. Acting as the...
www.cybersecurity-insiders.com www.cybersecurity-insiders.com

www.cybersecurity-insiders.com

Nyotron PARANOID Blocks 100% of Unknown Threats During Rigorous ICSA Labs Testing - Cybersecurity Insiders

Deploying traditional security solutions like antivirus and firewall (whether next gen or not) that only attempt to detect new malware based on the past knowledge (e.g., previous malware samples and techniques) may have been sufficient in the 1990s, but not today. More and more organizations...
www.cybersecurity-insiders.com www.cybersecurity-insiders.com

journalofcyberpolicy.com

Go Ahead, Get Paranoid: Rethinking Endpoint Security - Journal of Cyber Policy

In Dr. No, James Bond is about to leave his hotel room for some martinis (shaken, not stirred!) but he wants to make sure that no one peeks inside Her Majesty’s secret briefcase, which he leaves in the room. Being that it’s 1962, his best option is to sprinkle some fingerprint powder on the...
journalofcyberpolicy.com journalofcyberpolicy.com


Get Paranoid. "Safe" is just an illusion. ;)
View attachment 232153
Click to expand...
1579026640433.png
 
Burrito

Burrito

Level 24
Oh, I guess they say it does not involve whitelisting.


  • No artificial intelligence, machine learning or deep learning
  • No sandboxing, micro-virtualization or application isolation
  • No whitelisting or application control
  • No OS hardening or lockdown
  • No indicators of compromise (IOCs), indicators of attack (IOAs) or antivirus signatures
  • No baselining or user behavior analytics
  • No disk scanning
  • No cloud connectivity required
Click to expand...


So like the pyramids --- it's a great mystery

Ok, time for a beer.
 
Burrito

Burrito

Level 24
Behold Eck said:
Seems like a HIPS, mumbo jumbo style or maybe a re brand of Webroot ??

Regards Eck:)
Click to expand...

Ah hah.... the Eckster rolls in...

I was wondering if it was a Green Kool-Aid knock-off.... until it started actually working.

There is a lot of mumbo jumbo going on with this product.

But it works REALLY well -- tested against one batch of malware.

I'm trying to get a couple of comped test licenses now.

I need a Malware Hub tester volunteer to test this thing. But apparently, we can only refer to it as "Product X" -- as part of the TOS for the test license -- unless we get explicit written permission from the company.
 
Andy Ful

Andy Ful

Level 65
Verified
Trusted
Content Creator
Burrito said:
Oh, I guess they say it does not involve whitelisting.
  • No artificial intelligence, machine learning or deep learning
  • No sandboxing, micro-virtualization or application isolation
  • No whitelisting or application control
  • No OS hardening or lockdown
  • No indicators of compromise (IOCs), indicators of attack (IOAs) or antivirus signatures
  • No baselining or user behavior analytics
  • No disk scanning
  • No cloud connectivity required
So like the pyramids --- it's a great mystery

Ok, time for a beer.
Click to expand...

It looks like an advanced post-infection behavioral protection based on a pre-learned map of the OS behavior. Any such protection will have problems with Windows updates, so the updates will be probably integrated with PARANOID updates.

The main difference is that standard solutions are focused on the pre-execution stage and PARANOID is focused on the post-execution stage. It is always harder to predict the behavior than simply monitor what is happening. The second difference is that PARANOID is focused on the possible good behaviors (pre-learned), and the traditional solutions look at suspicious behaviors.
So, it is the post-infection post-execution protection based on behavioral whitelisting, as opposed to traditional solutions that are based on pre-execution protection (signatures, advanced heuristics, etc.) and post-execution behavioral blacklisting.
The idea of Paranoid is similar to the car anti-collision system + GPS (pre-learned possible roads). It does not allow the driver to pull off the road, but it does not care which road it is (if it is included in GPS).

Any protection can be finally bypassed. PARANOID can be actually very strong, until the bad guys learn how to fight it.
 
Last edited:
Correlate

Correlate

Level 16
Verified
Andy Ful said:
It looks like an advanced post-infection behavioral protection based on a pre-learned map of the OS behavior. Any such protection will have problems with Windows updates, so the updates will be probably integrated with PARANOID updates.

The main difference is that standard solutions are focused on the pre-execution stage and PARANOID is focused on the post-execution stage. It is always harder to predict the behavior than simply monitor what is happening. The second difference is that PARANOID is focused on the possible good behaviors (pre-learned), and the traditional solutions look at suspicious behaviors.
So, it is the post-infection protection based on behavioral whitelisting, as opposed to traditional solutions that are based on pre-execution protection (signatures, advanced heuristics, etc.) and post-execution behavioral blacklisting.
The idea of Paranoid is similar to the car anti-collision system + GPS (pre-learned possible roads). It does not allow the driver to pull off the road, but it does not care which road it is (if it is included in GPS).

Any protection can be finally bypassed. PARANOID can be actually very strong, until the bad guys learn how to fight it.
Click to expand...
Wonderful analysis Andy Ful think you are right in your analysis of how the program works. :) (y) :devilish: .
 
Behold Eck

Behold Eck

Level 13
Verified
Burrito said:
Ah hah.... the Eckster rolls in...

I was wondering if it was a Green Kool-Aid knock-off.... until it started actually working.

There is a lot of mumbo jumbo going on with this product.

But it works REALLY well -- tested against one batch of malware.

I'm trying to get a couple of comped test licenses now.

I need a Malware Hub tester volunteer to test this thing. But apparently, we can only refer to it as "Product X" -- as part of the TOS for the test license -- unless we get explicit written permission from the company.
Click to expand...

Yeah Frank, I can only nip in and out these days due to work commitments and all that.

Great find though, looking forward to seeing "Product X" get put through it`s paces.

Regards Eck:)
 
Lenny_Fox

Lenny_Fox

Level 15
Verified
In corporate environment their only two digital assets: money and data. Paranoid protects data, by analyzing how it is accessed. When it discovers an unusual pattern, it intervenes, simple as that.

Paranoid said:
“We know exactly what it looks like when a legitimate user takes an action like deleting a file. Right-clicking on a file and deleting is matched by a sequence of activities at the Kernel level. When a hacker tries to delete your file, it’s going to look totally different. If you know what to look for, the OS will tell you that something illegitimate is going on.
Click to expand...

Windows Defender was the first Anti-Virus which was OS-aware. This (according to Paranoid claim) is the first OS-aware host-intrusion-detection-system with post-infection prevention measures (probably automated and centrally managed). The king-is-dead, long-live-the-king :) Maybe this is the come-back of old fashioned HIDS & HIPS with new Machine Learning capabilities using the telemetry data of the OS.
 
Last edited:
Burrito

Burrito

Level 24
Andy Ful said:
So, it is the post-infection post-execution protection based on behavioral whitelisting, as opposed to traditional solutions that are based on pre-execution protection (signatures, advanced heuristics, etc.) and post-execution behavioral blacklisting.
The idea of Paranoid is similar to the car anti-collision system + GPS (pre-learned possible roads). It does not allow the driver to pull off the road, but it does not care which road it is (if it is included in GPS).

Any protection can be finally bypassed. PARANOID can be actually very strong, until the bad guys learn how to fight it.
Click to expand...

It's always a pleasure when Andy checks into a thread. For newbs or anybody who does not know --- Andy understands Microsoft internals WAY better than the average bear. He also turned Windows Defender into a Contender even back when it was still sucky. Check out the H_C optimizer for Windows Defender if you have not yet. And... thanks for the explanation Andy.



Lenny_Linux said:
In corporate environment their only two digital assets: money and data. Paranoid protects data, by analyzing how it is accessed. When it discovers an unusual pattern, it intervenes, simple as that.
Windows Defender was the first Anti-Virus which was OS-aware. This (according to Paranoid claim) is the first OS-aware host-intrusion-detection-system with post-infection prevention measures (probably automated and centrally managed). The king-is-dead, long-live-the-king :) Maybe this is the come-back of old fashioned HIDS & HIPS with new Machine Learning capabilities using the telemetry data of the OS.
Click to expand...

Another good hypothesis to explain PARANOID. Also a pleasure when Lenny_Linux checks in. And for those who don't know --- we used to have a Super-Intelligent and helpful MT guru --- @Windows_Security. That guy was great. Windows_Security disappeared about the same time as a couple of Dutch citizens stormed Area 51. The Mysterious Disappearance of Windows_Security Link Anyway... after Windows_Security stopped coming here, the UN, EU, and MT all filed formal protests with Holland about the great loss with Windows_Security's cessation of participation here at MT. Finally, Holland coughed up a surprisingly good replacement --- Lenny_Linux -- who has true expertise in surprisingly similar ways. Note how he and Windows_Securty use the underscore ___ in their handles. Must be a Dutch thing..

(y)
 
Burrito

Burrito

Level 24
Umbra said:
Another fancy product that will be hyped in forums for few months then forgotten except by few fans.
Strangely they use the same marketing approach than Cylance.
Click to expand...

Well.... it worked well for Cylance.

Marketing emulation can be a good strategy.

Cylance went from being a new "revolutionary" AI/ML capability to grabbing Top 10 market share in a flash. Amazing how well they accomplished that -- especially for a product with a few significant holes.

I use Cylance on a couple of machines... and I like it. But I use it with other stuff.. And the false positives can be a PITA.

1579446510336.png
 
CMLew

CMLew

Level 23
Verified
Burrito said:
Well.... it worked well for Cylance.

Marketing emulation can be a good strategy.

Cylance went from being a new "revolutionary" AI/ML capability to grabbing Top 10 market share in a flash. Amazing how well they accomplished that -- especially for a product with a few significant holes.

I use Cylance on a couple of machines... and I like it. But I use it with other stuff.. And the false positives can be a PITA.

View attachment 232481
Click to expand...
Top 10 market share? In US u mean? or only in certain region in US? hmm.... sounds too good to be true.
 

Similar threads

upnorth
Malware analysis WastedLocker’s Techniques Point to a Familiar Heritage
    • Like
    • +Reputation
Replies
0
Views
348
Threats Discussions
upnorth
upnorth
Adrian Ścibor
[ CheckLab.pl/en ] Differences in software for PC protection in CheckLab tests (January 2020)
    • Like
    • +Reputation
Replies
21
Views
2,367
Statistics and Reports
Tiamati
Tiamati
McMcbrad
Q&A How to perform a trustworthy test of anti-malware solution?
    • Like
    • +Reputation
    • Applause
Replies
19
Views
738
General Security Discussions
EndangeredPootis
EndangeredPootis
Top