Update Nyotron Paranoid

[Burrito]

I don't know much about this capability -- in fact I heard of it for the first time yesterday.

My employer did some basic testing on this product --- and it seems (preliminary) to be VERY solid. Most products tested with analogous malware packages don't do so well.

Again, I don't know anything about the product, but one of the tech's told me that it is a 'nontraditional' product.

PARANOID - OS Centric Positive Security Solution | Nyotron

PARANOID—the first-ever OS Centric Positive Security solution—provides infallible endpoint protection. Reach us now for more.

www.nyotron.com

A Radically Different Approach to Endpoint Security
Winning the war on malware requires layered protection for endpoints. PARANOID acts as a last line of defense to shield you from threats that antivirus and next-generation antivirus solutions tend to miss… completely new, unknown and fileless malware, zero-day exploits and advanced persistent threats. This OS-Centric Positive Security solution leverages a map of operating system behavior called Behavior Pattern Mapping to identify actions that can cause system damage or lead to data theft.

Yeah... I know... how many times have we all heard this kinda cyber mumbo jumbo..

Their "Behavior Pattern Mapping" may just be whitelisting. Again, I dunno. This thing is new to me.

But it seems to work.

PRODUCT REVIEW: Nyotron PARANOID - Cybersecurity Insiders

Today, we are reviewing Nyotron’s last line of defense for endpoints, appropriately named PARANOID, an endpoint protection solution that works seamlessly with existing endpoint security solutions to create an almost impenetrable defense against even the most sophisticated attacks. Acting as the...

www.cybersecurity-insiders.com

Nyotron PARANOID Blocks 100% of Unknown Threats During Rigorous ICSA Labs Testing - Cybersecurity Insiders

Deploying traditional security solutions like antivirus and firewall (whether next gen or not) that only attempt to detect new malware based on the past knowledge (e.g., previous malware samples and techniques) may have been sufficient in the 1990s, but not today. More and more organizations...

www.cybersecurity-insiders.com

Go Ahead, Get Paranoid: Rethinking Endpoint Security - Journal of Cyber Policy

In Dr. No, James Bond is about to leave his hotel room for some martinis (shaken, not stirred!) but he wants to make sure that no one peeks inside Her Majesty’s secret briefcase, which he leaves in the room. Being that it’s 1962, his best option is to sprinkle some fingerprint powder on the case’s …

journalofcyberpolicy.com

Get Paranoid. "Safe" is just an illusion.

 

[oldschool]

Get Paranoid. "Safe" is just an illusion.

I like it!

 

[Correlate]

nyotron endpoints PARANOID is an American company that has several branches with an innovative and effective protection solution that has had impressive positive results .!
ABOUT NYOTRON Nyotron provides the industry’s first OS-Centric Positive Security to strengthen laptop, desktop and server protection. By mapping legitimate operating system behavior, Nyotron’s PARANOID understands all normative ways that may lead to damage, such as file deletion, data exfiltration, encryption, sabotage and more. Focusing on finite “good” actions allows PARANOID to be completely agnostic to threats and attack vectors. PARANOID works seamlessly with antivirus and next-generation antivirus solutions to provide the last line of defense from modern state-level attacks. Nyotron (nyotron.com) is headquartered in Santa Clara, CA with an R&D office in Israel.

 

[Correlate]

View attachment 232152


I don't know much about this capability -- in fact I heard of it for the first time yesterday.

My employer did some basic testing on this product --- and it seems (preliminary) to be VERY solid. Most products tested with analogous malware packages don't do so well.

Again, I don't know anything about the product, but one of the tech's told me that it is a 'nontraditional' product.

PARANOID - OS Centric Positive Security Solution | Nyotron

PARANOID—the first-ever OS Centric Positive Security solution—provides infallible endpoint protection. Reach us now for more.

www.nyotron.com

Yeah... I know... how many times have we all heard this kinda cyber mumbo jumbo..

Their "Behavior Pattern Mapping" may just be whitelisting. Again, I dunno. This thing is new to me.

But it seems to work.

PRODUCT REVIEW: Nyotron PARANOID - Cybersecurity Insiders

Today, we are reviewing Nyotron’s last line of defense for endpoints, appropriately named PARANOID, an endpoint protection solution that works seamlessly with existing endpoint security solutions to create an almost impenetrable defense against even the most sophisticated attacks. Acting as the...

www.cybersecurity-insiders.com

Nyotron PARANOID Blocks 100% of Unknown Threats During Rigorous ICSA Labs Testing - Cybersecurity Insiders

Deploying traditional security solutions like antivirus and firewall (whether next gen or not) that only attempt to detect new malware based on the past knowledge (e.g., previous malware samples and techniques) may have been sufficient in the 1990s, but not today. More and more organizations...

www.cybersecurity-insiders.com

Go Ahead, Get Paranoid: Rethinking Endpoint Security - Journal of Cyber Policy

In Dr. No, James Bond is about to leave his hotel room for some martinis (shaken, not stirred!) but he wants to make sure that no one peeks inside Her Majesty’s secret briefcase, which he leaves in the room. Being that it’s 1962, his best option is to sprinkle some fingerprint powder on the case’s …

journalofcyberpolicy.com

Get Paranoid. "Safe" is just an illusion.
View attachment 232153

 

[Burrito]

Oh, I guess they say it does not involve whitelisting.

• No artificial intelligence, machine learning or deep learning
• No sandboxing, micro-virtualization or application isolation
• No whitelisting or application control
• No OS hardening or lockdown
• No indicators of compromise (IOCs), indicators of attack (IOAs) or antivirus signatures
• No baselining or user behavior analytics
• No disk scanning
• No cloud connectivity required

So like the pyramids --- it's a great mystery

Ok, time for a beer.

 

[Correlate]

Oh, I guess they say it does not involve whitelisting.





So like the pyramids --- it's a great mystery

Ok, time for a beer.

You are right that it is a puzzle, but I think that it monitors the work of files and follows its possible path. This may be the job, but I also share with you the president. It is a puzzle like the mystery of the disappearance of Atlantis.

 

[Behold Eck]

Seems like a HIPS, mumbo jumbo style or maybe a re brand of Webroot ??

Regards Eck

 

[Burrito]

Seems like a HIPS, mumbo jumbo style or maybe a re brand of Webroot ??

Regards Eck

Ah hah.... the Eckster rolls in...

I was wondering if it was a Green Kool-Aid knock-off.... until it started actually working.

There is a lot of mumbo jumbo going on with this product.

But it works REALLY well -- tested against one batch of malware.

I'm trying to get a couple of comped test licenses now.

I need a Malware Hub tester volunteer to test this thing. But apparently, we can only refer to it as "Product X" -- as part of the TOS for the test license -- unless we get explicit written permission from the company.

 

[Andy Ful]

Oh, I guess they say it does not involve whitelisting.

• No artificial intelligence, machine learning or deep learning
• No sandboxing, micro-virtualization or application isolation
• No whitelisting or application control
• No OS hardening or lockdown
• No indicators of compromise (IOCs), indicators of attack (IOAs) or antivirus signatures
• No baselining or user behavior analytics
• No disk scanning
• No cloud connectivity required

So like the pyramids --- it's a great mystery

Ok, time for a beer.

It looks like an advanced post-infection behavioral protection based on a pre-learned map of the OS behavior. Any such protection will have problems with Windows updates, so the updates will be probably integrated with PARANOID updates.

The main difference is that standard solutions are focused on the pre-execution stage and PARANOID is focused on the post-execution stage. It is always harder to predict the behavior than simply monitor what is happening. The second difference is that PARANOID is focused on the possible good behaviors (pre-learned), and the traditional solutions look at suspicious behaviors.
So, it is the post-infection post-execution protection based on behavioral whitelisting, as opposed to traditional solutions that are based on pre-execution protection (signatures, advanced heuristics, etc.) and post-execution behavioral blacklisting.
The idea of Paranoid is similar to the car anti-collision system + GPS (pre-learned possible roads). It does not allow the driver to pull off the road, but it does not care which road it is (if it is included in GPS).

Any protection can be finally bypassed. PARANOID can be actually very strong, until the bad guys learn how to fight it.

 

[Correlate]

It looks like an advanced post-infection behavioral protection based on a pre-learned map of the OS behavior. Any such protection will have problems with Windows updates, so the updates will be probably integrated with PARANOID updates.

The main difference is that standard solutions are focused on the pre-execution stage and PARANOID is focused on the post-execution stage. It is always harder to predict the behavior than simply monitor what is happening. The second difference is that PARANOID is focused on the possible good behaviors (pre-learned), and the traditional solutions look at suspicious behaviors.
So, it is the post-infection protection based on behavioral whitelisting, as opposed to traditional solutions that are based on pre-execution protection (signatures, advanced heuristics, etc.) and post-execution behavioral blacklisting.
The idea of Paranoid is similar to the car anti-collision system + GPS (pre-learned possible roads). It does not allow the driver to pull off the road, but it does not care which road it is (if it is included in GPS).

Any protection can be finally bypassed. PARANOID can be actually very strong, until the bad guys learn how to fight it.

Wonderful analysis Andy Ful think you are right in your analysis of how the program works. .

 

[Correlate]

 

[Behold Eck]

Ah hah.... the Eckster rolls in...

I was wondering if it was a Green Kool-Aid knock-off.... until it started actually working.

There is a lot of mumbo jumbo going on with this product.

But it works REALLY well -- tested against one batch of malware.

I'm trying to get a couple of comped test licenses now.

I need a Malware Hub tester volunteer to test this thing. But apparently, we can only refer to it as "Product X" -- as part of the TOS for the test license -- unless we get explicit written permission from the company.

Yeah Frank, I can only nip in and out these days due to work commitments and all that.

Great find though, looking forward to seeing "Product X" get put through it`s paces.

Regards Eck

 

[Lenny_Linux]

In corporate environment their only two digital assets: money and data. Paranoid protects data, by analyzing how it is accessed. When it discovers an unusual pattern, it intervenes, simple as that.

“We know exactly what it looks like when a legitimate user takes an action like deleting a file. Right-clicking on a file and deleting is matched by a sequence of activities at the Kernel level. When a hacker tries to delete your file, it’s going to look totally different. If you know what to look for, the OS will tell you that something illegitimate is going on.

Windows Defender was the first Anti-Virus which was OS-aware. This (according to Paranoid claim) is the first OS-aware host-intrusion-detection-system with post-infection prevention measures (probably automated and centrally managed). The king-is-dead, long-live-the-king Maybe this is the come-back of old fashioned HIDS & HIPS with new Machine Learning capabilities using the telemetry data of the OS.

 

[Azure]

Oh, I guess they say it does not involve whitelisting.





So like the pyramids --- it's a great mystery

Ok, time for a beer.

I think that's more align with application whitelisting. They seem to use whitelisting but not the standard one.

 

[Umbra]

Another fancy product that will be hyped in forums for few months then forgotten except by few fans.
Strangely they use the same marketing approach than Cylance.

 

[Burrito]

So, it is the post-infection post-execution protection based on behavioral whitelisting, as opposed to traditional solutions that are based on pre-execution protection (signatures, advanced heuristics, etc.) and post-execution behavioral blacklisting.
The idea of Paranoid is similar to the car anti-collision system + GPS (pre-learned possible roads). It does not allow the driver to pull off the road, but it does not care which road it is (if it is included in GPS).

Any protection can be finally bypassed. PARANOID can be actually very strong, until the bad guys learn how to fight it.

It's always a pleasure when Andy checks into a thread. For newbs or anybody who does not know --- Andy understands Microsoft internals WAY better than the average bear. He also turned Windows Defender into a Contender even back when it was still sucky. Check out the H_C optimizer for Windows Defender if you have not yet. And... thanks for the explanation Andy.

In corporate environment their only two digital assets: money and data. Paranoid protects data, by analyzing how it is accessed. When it discovers an unusual pattern, it intervenes, simple as that.
Windows Defender was the first Anti-Virus which was OS-aware. This (according to Paranoid claim) is the first OS-aware host-intrusion-detection-system with post-infection prevention measures (probably automated and centrally managed). The king-is-dead, long-live-the-king Maybe this is the come-back of old fashioned HIDS & HIPS with new Machine Learning capabilities using the telemetry data of the OS.

Another good hypothesis to explain PARANOID. Also a pleasure when Lenny_Linux checks in. And for those who don't know --- we used to have a Super-Intelligent and helpful MT guru --- @Windows_Security. That guy was great. Windows_Security disappeared about the same time as a couple of Dutch citizens stormed Area 51. The Mysterious Disappearance of Windows_Security Link Anyway... after Windows_Security stopped coming here, the UN, EU, and MT all filed formal protests with Holland about the great loss with Windows_Security's cessation of participation here at MT. Finally, Holland coughed up a surprisingly good replacement --- Lenny_Linux -- who has true expertise in surprisingly similar ways. Note how he and Windows_Securty use the underscore ___ in their handles. Must be a Dutch thing..

 

[Burrito]

Another fancy product that will be hyped in forums for few months then forgotten except by few fans.
Strangely they use the same marketing approach than Cylance.

Well.... it worked well for Cylance.

Marketing emulation can be a good strategy.

Cylance went from being a new "revolutionary" AI/ML capability to grabbing Top 10 market share in a flash. Amazing how well they accomplished that -- especially for a product with a few significant holes.

I use Cylance on a couple of machines... and I like it. But I use it with other stuff.. And the false positives can be a PITA.

 

[Umbra]

I don't criticize the product itself even for Cylance, but the marketing approach is very similar. New thing that does what AV can't, using a mechanism never heard before, etc...

 

[CMLew]

Well.... it worked well for Cylance.

Marketing emulation can be a good strategy.

Cylance went from being a new "revolutionary" AI/ML capability to grabbing Top 10 market share in a flash. Amazing how well they accomplished that -- especially for a product with a few significant holes.

I use Cylance on a couple of machines... and I like it. But I use it with other stuff.. And the false positives can be a PITA.

View attachment 232481

Top 10 market share? In US u mean? or only in certain region in US? hmm.... sounds too good to be true.

 

[Burrito]

Top 10 market share? In US u mean? or only in certain region in US? hmm.... sounds too good to be true.

I know... right... it's hard to believe.

Here is the expanded graphic.

And a second source..