Updates Nyotron Paranoid

Burrito

Burrito

Level 24
May 16, 2018
1,366
1579020847598.png



I don't know much about this capability -- in fact I heard of it for the first time yesterday.

My employer did some basic testing on this product --- and it seems (preliminary) to be VERY solid. Most products tested with analogous malware packages don't do so well.

Again, I don't know anything about the product, but one of the tech's told me that it is a 'nontraditional' product.

www.nyotron.com

PARANOID - OS Centric Positive Security Solution | Nyotron

PARANOID—the first-ever OS Centric Positive Security solution—provides infallible endpoint protection. Reach us now for more.
www.nyotron.com www.nyotron.com

A Radically Different Approach to Endpoint Security
Winning the war on malware requires layered protection for endpoints. PARANOID acts as a last line of defense to shield you from threats that antivirus and next-generation antivirus solutions tend to miss… completely new, unknown and fileless malware, zero-day exploits and advanced persistent threats. This OS-Centric Positive Security solution leverages a map of operating system behavior called Behavior Pattern Mapping to identify actions that can cause system damage or lead to data theft.
Click to expand...

Yeah... I know... how many times have we all heard this kinda cyber mumbo jumbo..

Their "Behavior Pattern Mapping" may just be whitelisting. Again, I dunno. This thing is new to me.

But it seems to work.

www.cybersecurity-insiders.com

PRODUCT REVIEW: Nyotron PARANOID - Cybersecurity Insiders

Today, we are reviewing Nyotron’s last line of defense for endpoints, appropriately named PARANOID, an endpoint protection solution that works seamlessly with existing endpoint security solutions to create an almost impenetrable defense against even the most sophisticated attacks. Acting as the...
www.cybersecurity-insiders.com www.cybersecurity-insiders.com

www.cybersecurity-insiders.com

Nyotron PARANOID Blocks 100% of Unknown Threats During Rigorous ICSA Labs Testing - Cybersecurity Insiders

Deploying traditional security solutions like antivirus and firewall (whether next gen or not) that only attempt to detect new malware based on the past knowledge (e.g., previous malware samples and techniques) may have been sufficient in the 1990s, but not today. More and more organizations...
www.cybersecurity-insiders.com www.cybersecurity-insiders.com

journalofcyberpolicy.com

Go Ahead, Get Paranoid: Rethinking Endpoint Security - Journal of Cyber Policy

In Dr. No, James Bond is about to leave his hotel room for some martinis (shaken, not stirred!) but he wants to make sure that no one peeks inside Her Majesty’s secret briefcase, which he leaves in the room. Being that it’s 1962, his best option is to sprinkle some fingerprint powder on the...
journalofcyberpolicy.com journalofcyberpolicy.com


Get Paranoid. "Safe" is just an illusion. ;)
1579022287702.png
 
  • Like
  • Wow
  • Thanks
Reactions: rockstarrocks, Nevi, Handsome Recluse and 12 others
Correlate

Correlate

Level 16
Verified
May 4, 2019
717
nyotron endpoints PARANOID is an American company that has several branches with an innovative and effective protection solution that has had impressive positive results .!
ABOUT NYOTRON Nyotron provides the industry’s first OS-Centric Positive Security to strengthen laptop, desktop and server protection. By mapping legitimate operating system behavior, Nyotron’s PARANOID understands all normative ways that may lead to damage, such as file deletion, data exfiltration, encryption, sabotage and more. Focusing on finite “good” actions allows PARANOID to be completely agnostic to threats and attack vectors. PARANOID works seamlessly with antivirus and next-generation antivirus solutions to provide the last line of defense from modern state-level attacks. Nyotron (nyotron.com) is headquartered in Santa Clara, CA with an R&D office in Israel.
 
Last edited:
  • Like
  • Thanks
Reactions: Nevi, roger_m, plat1098 and 6 others
Correlate

Correlate

Level 16
Verified
May 4, 2019
717
Burrito said:
View attachment 232152


I don't know much about this capability -- in fact I heard of it for the first time yesterday.

My employer did some basic testing on this product --- and it seems (preliminary) to be VERY solid. Most products tested with analogous malware packages don't do so well.

Again, I don't know anything about the product, but one of the tech's told me that it is a 'nontraditional' product.

www.nyotron.com

PARANOID - OS Centric Positive Security Solution | Nyotron

PARANOID—the first-ever OS Centric Positive Security solution—provides infallible endpoint protection. Reach us now for more.
www.nyotron.com www.nyotron.com



Yeah... I know... how many times have we all heard this kinda cyber mumbo jumbo..

Their "Behavior Pattern Mapping" may just be whitelisting. Again, I dunno. This thing is new to me.

But it seems to work.

www.cybersecurity-insiders.com

PRODUCT REVIEW: Nyotron PARANOID - Cybersecurity Insiders

Today, we are reviewing Nyotron’s last line of defense for endpoints, appropriately named PARANOID, an endpoint protection solution that works seamlessly with existing endpoint security solutions to create an almost impenetrable defense against even the most sophisticated attacks. Acting as the...
www.cybersecurity-insiders.com www.cybersecurity-insiders.com

www.cybersecurity-insiders.com

Nyotron PARANOID Blocks 100% of Unknown Threats During Rigorous ICSA Labs Testing - Cybersecurity Insiders

Deploying traditional security solutions like antivirus and firewall (whether next gen or not) that only attempt to detect new malware based on the past knowledge (e.g., previous malware samples and techniques) may have been sufficient in the 1990s, but not today. More and more organizations...
www.cybersecurity-insiders.com www.cybersecurity-insiders.com

journalofcyberpolicy.com

Go Ahead, Get Paranoid: Rethinking Endpoint Security - Journal of Cyber Policy

In Dr. No, James Bond is about to leave his hotel room for some martinis (shaken, not stirred!) but he wants to make sure that no one peeks inside Her Majesty’s secret briefcase, which he leaves in the room. Being that it’s 1962, his best option is to sprinkle some fingerprint powder on the...
journalofcyberpolicy.com journalofcyberpolicy.com


Get Paranoid. "Safe" is just an illusion. ;)
View attachment 232153
Click to expand...
1579026640433.png
 
  • Like
Reactions: Nevi, roger_m, Protomartyr and 4 others
Burrito

Burrito

Level 24
May 16, 2018
1,366
Oh, I guess they say it does not involve whitelisting.


  • No artificial intelligence, machine learning or deep learning
  • No sandboxing, micro-virtualization or application isolation
  • No whitelisting or application control
  • No OS hardening or lockdown
  • No indicators of compromise (IOCs), indicators of attack (IOAs) or antivirus signatures
  • No baselining or user behavior analytics
  • No disk scanning
  • No cloud connectivity required
Click to expand...


So like the pyramids --- it's a great mystery

Ok, time for a beer.
 
  • Haha
  • Like
  • Wow
Reactions: Nevi, Handsome Recluse, Andy Ful and 5 others
Correlate

Correlate

Level 16
Verified
May 4, 2019
717
Burrito said:
Oh, I guess they say it does not involve whitelisting.





So like the pyramids --- it's a great mystery

Ok, time for a beer.
Click to expand...
You are right that it is a puzzle, but I think that it monitors the work of files and follows its possible path. This may be the job, but I also share with you the president. It is a puzzle like the mystery of the disappearance of Atlantis.
 
  • Haha
  • Like
Reactions: Nevi, roger_m, plat1098 and 2 others
Burrito

Burrito

Level 24
May 16, 2018
1,366
Behold Eck said:
Seems like a HIPS, mumbo jumbo style or maybe a re brand of Webroot ??

Regards Eck:)
Click to expand...

Ah hah.... the Eckster rolls in...

I was wondering if it was a Green Kool-Aid knock-off.... until it started actually working.

There is a lot of mumbo jumbo going on with this product.

But it works REALLY well -- tested against one batch of malware.

I'm trying to get a couple of comped test licenses now.

I need a Malware Hub tester volunteer to test this thing. But apparently, we can only refer to it as "Product X" -- as part of the TOS for the test license -- unless we get explicit written permission from the company.
 
  • Like
  • Haha
  • Thanks
Reactions: Behold Eck, Nevi, Correlate and 4 others
Andy Ful

Andy Ful

Level 68
Verified
Trusted
Content Creator
Dec 23, 2014
5,730
Burrito said:
Oh, I guess they say it does not involve whitelisting.
  • No artificial intelligence, machine learning or deep learning
  • No sandboxing, micro-virtualization or application isolation
  • No whitelisting or application control
  • No OS hardening or lockdown
  • No indicators of compromise (IOCs), indicators of attack (IOAs) or antivirus signatures
  • No baselining or user behavior analytics
  • No disk scanning
  • No cloud connectivity required
So like the pyramids --- it's a great mystery

Ok, time for a beer.
Click to expand...

It looks like an advanced post-infection behavioral protection based on a pre-learned map of the OS behavior. Any such protection will have problems with Windows updates, so the updates will be probably integrated with PARANOID updates.

The main difference is that standard solutions are focused on the pre-execution stage and PARANOID is focused on the post-execution stage. It is always harder to predict the behavior than simply monitor what is happening. The second difference is that PARANOID is focused on the possible good behaviors (pre-learned), and the traditional solutions look at suspicious behaviors.
So, it is the post-infection post-execution protection based on behavioral whitelisting, as opposed to traditional solutions that are based on pre-execution protection (signatures, advanced heuristics, etc.) and post-execution behavioral blacklisting.
The idea of Paranoid is similar to the car anti-collision system + GPS (pre-learned possible roads). It does not allow the driver to pull off the road, but it does not care which road it is (if it is included in GPS).

Any protection can be finally bypassed. PARANOID can be actually very strong, until the bad guys learn how to fight it.
 
Last edited:
  • Like
  • Thanks
  • +Reputation
Reactions: Burrito, Azure, Gandalf_The_Grey and 7 others
Correlate

Correlate

Level 16
Verified
May 4, 2019
717
Andy Ful said:
It looks like an advanced post-infection behavioral protection based on a pre-learned map of the OS behavior. Any such protection will have problems with Windows updates, so the updates will be probably integrated with PARANOID updates.

The main difference is that standard solutions are focused on the pre-execution stage and PARANOID is focused on the post-execution stage. It is always harder to predict the behavior than simply monitor what is happening. The second difference is that PARANOID is focused on the possible good behaviors (pre-learned), and the traditional solutions look at suspicious behaviors.
So, it is the post-infection protection based on behavioral whitelisting, as opposed to traditional solutions that are based on pre-execution protection (signatures, advanced heuristics, etc.) and post-execution behavioral blacklisting.
The idea of Paranoid is similar to the car anti-collision system + GPS (pre-learned possible roads). It does not allow the driver to pull off the road, but it does not care which road it is (if it is included in GPS).

Any protection can be finally bypassed. PARANOID can be actually very strong, until the bad guys learn how to fight it.
Click to expand...
Wonderful analysis Andy Ful think you are right in your analysis of how the program works. :) (y) :devilish: .
 
  • Like
  • Thanks
Reactions: Burrito, bribon77, Behold Eck and 2 others
Behold Eck

Behold Eck

Level 13
Verified
Jun 22, 2014
627
Burrito said:
Ah hah.... the Eckster rolls in...

I was wondering if it was a Green Kool-Aid knock-off.... until it started actually working.

There is a lot of mumbo jumbo going on with this product.

But it works REALLY well -- tested against one batch of malware.

I'm trying to get a couple of comped test licenses now.

I need a Malware Hub tester volunteer to test this thing. But apparently, we can only refer to it as "Product X" -- as part of the TOS for the test license -- unless we get explicit written permission from the company.
Click to expand...

Yeah Frank, I can only nip in and out these days due to work commitments and all that.

Great find though, looking forward to seeing "Product X" get put through it`s paces.

Regards Eck:)
 
  • Like
  • Applause
  • Thanks
Reactions: Burrito, bribon77 and Correlate
Lenny_Fox

Lenny_Fox

Level 19
Verified
Oct 1, 2019
914
In corporate environment their only two digital assets: money and data. Paranoid protects data, by analyzing how it is accessed. When it discovers an unusual pattern, it intervenes, simple as that.

Paranoid said:
“We know exactly what it looks like when a legitimate user takes an action like deleting a file. Right-clicking on a file and deleting is matched by a sequence of activities at the Kernel level. When a hacker tries to delete your file, it’s going to look totally different. If you know what to look for, the OS will tell you that something illegitimate is going on.
Click to expand...

Windows Defender was the first Anti-Virus which was OS-aware. This (according to Paranoid claim) is the first OS-aware host-intrusion-detection-system with post-infection prevention measures (probably automated and centrally managed). The king-is-dead, long-live-the-king :) Maybe this is the come-back of old fashioned HIDS & HIPS with new Machine Learning capabilities using the telemetry data of the OS.
 
Last edited:
  • Like
  • Applause
Reactions: Behold Eck, roger_m, bribon77 and 2 others
Burrito

Burrito

Level 24
May 16, 2018
1,366
Andy Ful said:
So, it is the post-infection post-execution protection based on behavioral whitelisting, as opposed to traditional solutions that are based on pre-execution protection (signatures, advanced heuristics, etc.) and post-execution behavioral blacklisting.
The idea of Paranoid is similar to the car anti-collision system + GPS (pre-learned possible roads). It does not allow the driver to pull off the road, but it does not care which road it is (if it is included in GPS).

Any protection can be finally bypassed. PARANOID can be actually very strong, until the bad guys learn how to fight it.
Click to expand...

It's always a pleasure when Andy checks into a thread. For newbs or anybody who does not know --- Andy understands Microsoft internals WAY better than the average bear. He also turned Windows Defender into a Contender even back when it was still sucky. Check out the H_C optimizer for Windows Defender if you have not yet. And... thanks for the explanation Andy.



Lenny_Linux said:
In corporate environment their only two digital assets: money and data. Paranoid protects data, by analyzing how it is accessed. When it discovers an unusual pattern, it intervenes, simple as that.
Windows Defender was the first Anti-Virus which was OS-aware. This (according to Paranoid claim) is the first OS-aware host-intrusion-detection-system with post-infection prevention measures (probably automated and centrally managed). The king-is-dead, long-live-the-king :) Maybe this is the come-back of old fashioned HIDS & HIPS with new Machine Learning capabilities using the telemetry data of the OS.
Click to expand...

Another good hypothesis to explain PARANOID. Also a pleasure when Lenny_Linux checks in. And for those who don't know --- we used to have a Super-Intelligent and helpful MT guru --- @Windows_Security. That guy was great. Windows_Security disappeared about the same time as a couple of Dutch citizens stormed Area 51. The Mysterious Disappearance of Windows_Security Link Anyway... after Windows_Security stopped coming here, the UN, EU, and MT all filed formal protests with Holland about the great loss with Windows_Security's cessation of participation here at MT. Finally, Holland coughed up a surprisingly good replacement --- Lenny_Linux -- who has true expertise in surprisingly similar ways. Note how he and Windows_Securty use the underscore ___ in their handles. Must be a Dutch thing..

(y)
 
  • Like
  • +Reputation
  • Haha
Reactions: Behold Eck, roger_m, Lenny_Fox and 5 others
Burrito

Burrito

Level 24
May 16, 2018
1,366
Umbra said:
Another fancy product that will be hyped in forums for few months then forgotten except by few fans.
Strangely they use the same marketing approach than Cylance.
Click to expand...

Well.... it worked well for Cylance.

Marketing emulation can be a good strategy.

Cylance went from being a new "revolutionary" AI/ML capability to grabbing Top 10 market share in a flash. Amazing how well they accomplished that -- especially for a product with a few significant holes.

I use Cylance on a couple of machines... and I like it. But I use it with other stuff.. And the false positives can be a PITA.

1579446510336.png
 
  • Like
  • Applause
Reactions: harlan4096, Correlate, Andy Ful and 1 other person
CMLew

CMLew

Level 23
Verified
Oct 30, 2015
1,252
Burrito said:
Well.... it worked well for Cylance.

Marketing emulation can be a good strategy.

Cylance went from being a new "revolutionary" AI/ML capability to grabbing Top 10 market share in a flash. Amazing how well they accomplished that -- especially for a product with a few significant holes.

I use Cylance on a couple of machines... and I like it. But I use it with other stuff.. And the false positives can be a PITA.

View attachment 232481
Click to expand...
Top 10 market share? In US u mean? or only in certain region in US? hmm.... sounds too good to be true.
 
  • Like
Reactions: roger_m, Correlate and Burrito

Similar threads

McMcbrad
Updates Information for Geeks: Trend Micro Components Explained
Replies
8
Views
1,038
Trend Micro
McMcbrad
McMcbrad
upnorth
Malware analysis WastedLocker’s Techniques Point to a Familiar Heritage
Replies
0
Views
574
Threat Analysis
upnorth
upnorth
Andy Ful
Endpoint Detection and Response: How Hackers Have Evolved (part 1)
Replies
0
Views
369
General Security Questions
Andy Ful
Andy Ful
Top