Burrito

Level 24
1579020847598.png



I don't know much about this capability -- in fact I heard of it for the first time yesterday.

My employer did some basic testing on this product --- and it seems (preliminary) to be VERY solid. Most products tested with analogous malware packages don't do so well.

Again, I don't know anything about the product, but one of the tech's told me that it is a 'nontraditional' product.


A Radically Different Approach to Endpoint Security
Winning the war on malware requires layered protection for endpoints. PARANOID acts as a last line of defense to shield you from threats that antivirus and next-generation antivirus solutions tend to miss… completely new, unknown and fileless malware, zero-day exploits and advanced persistent threats. This OS-Centric Positive Security solution leverages a map of operating system behavior called Behavior Pattern Mapping to identify actions that can cause system damage or lead to data theft.

Yeah... I know... how many times have we all heard this kinda cyber mumbo jumbo..

Their "Behavior Pattern Mapping" may just be whitelisting. Again, I dunno. This thing is new to me.

But it seems to work.





Get Paranoid. "Safe" is just an illusion. ;)
1579022287702.png
 

Correlate

Level 16
Verified
nyotron endpoints PARANOID is an American company that has several branches with an innovative and effective protection solution that has had impressive positive results .!
ABOUT NYOTRON Nyotron provides the industry’s first OS-Centric Positive Security to strengthen laptop, desktop and server protection. By mapping legitimate operating system behavior, Nyotron’s PARANOID understands all normative ways that may lead to damage, such as file deletion, data exfiltration, encryption, sabotage and more. Focusing on finite “good” actions allows PARANOID to be completely agnostic to threats and attack vectors. PARANOID works seamlessly with antivirus and next-generation antivirus solutions to provide the last line of defense from modern state-level attacks. Nyotron (nyotron.com) is headquartered in Santa Clara, CA with an R&D office in Israel.
 
Last edited:

Correlate

Level 16
Verified
View attachment 232152


I don't know much about this capability -- in fact I heard of it for the first time yesterday.

My employer did some basic testing on this product --- and it seems (preliminary) to be VERY solid. Most products tested with analogous malware packages don't do so well.

Again, I don't know anything about the product, but one of the tech's told me that it is a 'nontraditional' product.




Yeah... I know... how many times have we all heard this kinda cyber mumbo jumbo..

Their "Behavior Pattern Mapping" may just be whitelisting. Again, I dunno. This thing is new to me.

But it seems to work.





Get Paranoid. "Safe" is just an illusion. ;)
View attachment 232153
1579026640433.png
 

Burrito

Level 24
Oh, I guess they say it does not involve whitelisting.


  • No artificial intelligence, machine learning or deep learning
  • No sandboxing, micro-virtualization or application isolation
  • No whitelisting or application control
  • No OS hardening or lockdown
  • No indicators of compromise (IOCs), indicators of attack (IOAs) or antivirus signatures
  • No baselining or user behavior analytics
  • No disk scanning
  • No cloud connectivity required


So like the pyramids --- it's a great mystery

Ok, time for a beer.
 

Burrito

Level 24
Seems like a HIPS, mumbo jumbo style or maybe a re brand of Webroot ??

Regards Eck:)

Ah hah.... the Eckster rolls in...

I was wondering if it was a Green Kool-Aid knock-off.... until it started actually working.

There is a lot of mumbo jumbo going on with this product.

But it works REALLY well -- tested against one batch of malware.

I'm trying to get a couple of comped test licenses now.

I need a Malware Hub tester volunteer to test this thing. But apparently, we can only refer to it as "Product X" -- as part of the TOS for the test license -- unless we get explicit written permission from the company.
 

Andy Ful

Level 65
Verified
Trusted
Content Creator
Oh, I guess they say it does not involve whitelisting.
  • No artificial intelligence, machine learning or deep learning
  • No sandboxing, micro-virtualization or application isolation
  • No whitelisting or application control
  • No OS hardening or lockdown
  • No indicators of compromise (IOCs), indicators of attack (IOAs) or antivirus signatures
  • No baselining or user behavior analytics
  • No disk scanning
  • No cloud connectivity required
So like the pyramids --- it's a great mystery

Ok, time for a beer.

It looks like an advanced post-infection behavioral protection based on a pre-learned map of the OS behavior. Any such protection will have problems with Windows updates, so the updates will be probably integrated with PARANOID updates.

The main difference is that standard solutions are focused on the pre-execution stage and PARANOID is focused on the post-execution stage. It is always harder to predict the behavior than simply monitor what is happening. The second difference is that PARANOID is focused on the possible good behaviors (pre-learned), and the traditional solutions look at suspicious behaviors.
So, it is the post-infection post-execution protection based on behavioral whitelisting, as opposed to traditional solutions that are based on pre-execution protection (signatures, advanced heuristics, etc.) and post-execution behavioral blacklisting.
The idea of Paranoid is similar to the car anti-collision system + GPS (pre-learned possible roads). It does not allow the driver to pull off the road, but it does not care which road it is (if it is included in GPS).

Any protection can be finally bypassed. PARANOID can be actually very strong, until the bad guys learn how to fight it.
 
Last edited:

Correlate

Level 16
Verified
It looks like an advanced post-infection behavioral protection based on a pre-learned map of the OS behavior. Any such protection will have problems with Windows updates, so the updates will be probably integrated with PARANOID updates.

The main difference is that standard solutions are focused on the pre-execution stage and PARANOID is focused on the post-execution stage. It is always harder to predict the behavior than simply monitor what is happening. The second difference is that PARANOID is focused on the possible good behaviors (pre-learned), and the traditional solutions look at suspicious behaviors.
So, it is the post-infection protection based on behavioral whitelisting, as opposed to traditional solutions that are based on pre-execution protection (signatures, advanced heuristics, etc.) and post-execution behavioral blacklisting.
The idea of Paranoid is similar to the car anti-collision system + GPS (pre-learned possible roads). It does not allow the driver to pull off the road, but it does not care which road it is (if it is included in GPS).

Any protection can be finally bypassed. PARANOID can be actually very strong, until the bad guys learn how to fight it.
Wonderful analysis Andy Ful think you are right in your analysis of how the program works. :) (y) :devilish: .
 

Behold Eck

Level 13
Verified
Ah hah.... the Eckster rolls in...

I was wondering if it was a Green Kool-Aid knock-off.... until it started actually working.

There is a lot of mumbo jumbo going on with this product.

But it works REALLY well -- tested against one batch of malware.

I'm trying to get a couple of comped test licenses now.

I need a Malware Hub tester volunteer to test this thing. But apparently, we can only refer to it as "Product X" -- as part of the TOS for the test license -- unless we get explicit written permission from the company.

Yeah Frank, I can only nip in and out these days due to work commitments and all that.

Great find though, looking forward to seeing "Product X" get put through it`s paces.

Regards Eck:)
 

Lenny_Fox

Level 15
Verified
In corporate environment their only two digital assets: money and data. Paranoid protects data, by analyzing how it is accessed. When it discovers an unusual pattern, it intervenes, simple as that.

Paranoid said:
“We know exactly what it looks like when a legitimate user takes an action like deleting a file. Right-clicking on a file and deleting is matched by a sequence of activities at the Kernel level. When a hacker tries to delete your file, it’s going to look totally different. If you know what to look for, the OS will tell you that something illegitimate is going on.

Windows Defender was the first Anti-Virus which was OS-aware. This (according to Paranoid claim) is the first OS-aware host-intrusion-detection-system with post-infection prevention measures (probably automated and centrally managed). The king-is-dead, long-live-the-king :) Maybe this is the come-back of old fashioned HIDS & HIPS with new Machine Learning capabilities using the telemetry data of the OS.
 
Last edited:

Burrito

Level 24
So, it is the post-infection post-execution protection based on behavioral whitelisting, as opposed to traditional solutions that are based on pre-execution protection (signatures, advanced heuristics, etc.) and post-execution behavioral blacklisting.
The idea of Paranoid is similar to the car anti-collision system + GPS (pre-learned possible roads). It does not allow the driver to pull off the road, but it does not care which road it is (if it is included in GPS).

Any protection can be finally bypassed. PARANOID can be actually very strong, until the bad guys learn how to fight it.

It's always a pleasure when Andy checks into a thread. For newbs or anybody who does not know --- Andy understands Microsoft internals WAY better than the average bear. He also turned Windows Defender into a Contender even back when it was still sucky. Check out the H_C optimizer for Windows Defender if you have not yet. And... thanks for the explanation Andy.



In corporate environment their only two digital assets: money and data. Paranoid protects data, by analyzing how it is accessed. When it discovers an unusual pattern, it intervenes, simple as that.
Windows Defender was the first Anti-Virus which was OS-aware. This (according to Paranoid claim) is the first OS-aware host-intrusion-detection-system with post-infection prevention measures (probably automated and centrally managed). The king-is-dead, long-live-the-king :) Maybe this is the come-back of old fashioned HIDS & HIPS with new Machine Learning capabilities using the telemetry data of the OS.

Another good hypothesis to explain PARANOID. Also a pleasure when Lenny_Linux checks in. And for those who don't know --- we used to have a Super-Intelligent and helpful MT guru --- @Windows_Security. That guy was great. Windows_Security disappeared about the same time as a couple of Dutch citizens stormed Area 51. The Mysterious Disappearance of Windows_Security Link Anyway... after Windows_Security stopped coming here, the UN, EU, and MT all filed formal protests with Holland about the great loss with Windows_Security's cessation of participation here at MT. Finally, Holland coughed up a surprisingly good replacement --- Lenny_Linux -- who has true expertise in surprisingly similar ways. Note how he and Windows_Securty use the underscore ___ in their handles. Must be a Dutch thing..

(y)
 

Burrito

Level 24
Another fancy product that will be hyped in forums for few months then forgotten except by few fans.
Strangely they use the same marketing approach than Cylance.

Well.... it worked well for Cylance.

Marketing emulation can be a good strategy.

Cylance went from being a new "revolutionary" AI/ML capability to grabbing Top 10 market share in a flash. Amazing how well they accomplished that -- especially for a product with a few significant holes.

I use Cylance on a couple of machines... and I like it. But I use it with other stuff.. And the false positives can be a PITA.

1579446510336.png
 

CMLew

Level 23
Verified
Well.... it worked well for Cylance.

Marketing emulation can be a good strategy.

Cylance went from being a new "revolutionary" AI/ML capability to grabbing Top 10 market share in a flash. Amazing how well they accomplished that -- especially for a product with a few significant holes.

I use Cylance on a couple of machines... and I like it. But I use it with other stuff.. And the false positives can be a PITA.

View attachment 232481
Top 10 market share? In US u mean? or only in certain region in US? hmm.... sounds too good to be true.
 
Top