Cyber 2.0 vs Traditional antivirus and Organizational Firewall



Current security standards in an organization consists of the following base components:

·         Antivirus (standard and or next gen)
·         EDR or IDS\IPS systems
·         Organizational Firewall

Each defense mechanism Is designed to stop Cyber Threats in its own way:
Standard Antivirus: Search for signatures of known virus and malware codes
Next Gen Antivirus: Search for anomaly in either the code or the behaviors of the programs
EDR and IDS\IPS system: analyses the traffic of the network for known signatures, anomaly’s or suspicious behavior
The firewalls (internal or external): minimize the allowed traffic per ports and\or applications.

All of these different defense mechanisms, suffer from a vital flow that is inherit in the system:
They can only protect what they know!
Even the anomaly and behavior-based system, are limited by what they described as an anomaly or malicious behavior.
The main problem with the current model is that this vital flow, is always being exploited by the malicious software, it causes the defense program to always be one step behind the attacker, that is way the current methodology of detect and response is so dominant now.
First you detect the problem, then you try to identify the source, then you respond.
It is design to minimize the effect of malicious attacks, but it also has a price: Eternal Vigilance.
The larger the organization, the more info the Cyber Personal has to go over, the current system send tremendous amount of raw data that need to be checked and verified for good or for bad – the cyber personal always have to read and analyses the data that the Defense program is sending them.
that is the nature of anomaly and behavior analysis…

Cyber 2.0, introduced a fresh concept that negate the flow: The chaos methodology.

Instead of searching for the unknown and the bad, she searches for the known and the good.
And using the Unique Chaos System, developed and patented by Cyber 2.0, the malicious software cannot bypass it, even if disabled on the infected computer, the malicious software won’t be abele to spread, infect, encrypt or gain any sort of access to the network resources.
It’s a completely new way of looking at thing, a combination of a smart white list coupled with an effective chaos base port scrambling communication, make sure that no matter what sort of malicious software had penetrated the computer, it won’t be able to do anything in or over the network.
Any attempt to bypass or disable the system (assuming the aggressor have full admin), will result with the fact the other computers won’t understand him, only chaos-based communication will be understood.
Any attempt of the aggressor to add itself to the list, will result in unbalancing the chaos communication and the other computers won’t understand you.
Any attempt to piggyback legitimate process or software will be detected by the reverse tracking mechanism, and when the legitimate process will attempt communication, everything that was part of its life cycle (no matter how far, and no matter how many times it piggybacks) will not get scramble – and therefor blocked.

 

Cyber 2.0 – Reverse tracking mechanism, maps all process as they load, it registers various information regarding them:

·         Name and real name
·         Size
·         #md5
·         Various other info
It also maps the connection between the process as they happen, so each time a process did something to another process – doesn’t matter what – it is registered as part of that process life cycle.
But every process that was part of the creation also transfer to the other process life cycle, It allows Cyber 2.0 to create chain of activation of any process and who or what originated it.
If any part of the chain is unknown or unauthorized – the chain will be blocked when the last process is trying to access network resources.

It Also Allows Cyber 2.0 to create one of the most comprehensive inventory available.

Cyber 2.0 Inventory:

Because of the reverse tracking mechanism, the cyber 2.0 inventory gives you the following capability’s:
·         Every file\application that is installed or used
·         Every process that is installed or used
·         Every version of every file\application
·         Where each version is installed
·         The display name (if applicable) and the true name
·         The version number (if applicable)
And if it is connected to the internet, it can also give you the known reputation of that specific version of every file\application installed.
Including if it is a known malicious application

Because of the Chaos Engine, all the network traffic is stored in the central controlling server.
It allows deep analyzing of the network flows, and full transparencies of network behavior.
You can use the Cyber 2.0 reader web interface as follow:
Ask for the all the files that was open by word.exe on a specific computer, on a specific date and time.

Cyber 2.0 Outside the box Chaos Mechanism, allow complete network transparency and total defense against the spread of malicious software and attacks inside the organization.




Comments

  1. Erez Kaplan HaelionMarch 17, 2020 at 12:27 PM

    WOW!!!!

    ReplyDelete
  2. VumetricMay 17, 2022 at 3:39 PM

    Thank you so much for sharing this great blog.Very inspiring and helpful too.Hope you continue to share more of your ideas.I will definitely love to read. cyberattack simulation

    ReplyDelete

Post a Comment

Popular posts from this blog

Cyber ​​2.0 introduces: "Work in Time of Corona"

Cyber ​​2.0 introduces: "Work in Time of Corona" Nowadays, when the demand for employees working from home is growing, employees who leave the organizational security system, find themselves exposed to cyber attacks that exploit the fact, that their computers are exposed to threats when working from home. Massive new-generation cyber protection is required for employees working from home: protection that allows the organization's employees transparency, receiving threat alert notifications, and even blocking the threats that employees are exposed to. This protection will allow protection of the organizational components that employees are addressing, while at the same time allowing employees to maintain their privacy Cyber ​​2.0, which provides a service that essentially prevents and blocks any spread of cyber - attack, including new and unknown attacks, within and outside the organizational system, has already begun moving its customers into a configurati...
Read more

Protecting yourself in the Cyber Arena – Understanding Admin rights

Step 1 – Understanding Admin rights More important: Who has them, and why they(you) don’t need them. Let's start at the very beginning: What exactly are Admin rights (or Admin privileges /Access)? Admin rights are the ultimate access to a given resource in a computerized environment. It means that the one that has Admin rights, can do whatever he wants with that specific resource. A resource on a computer can be a lot of things, for example, it can be a file (doc, spreadsheet and similar), a folder, a program/application/game/ configuration changes and it can even be the Computer itself. A resource on a Network can be all of the above, plus it can also be a trillion more things, a minor example can be: Network folders, files or shares, database, apps, web apps, printers, cameras, camera server…. and so much more, as much as you can imagine. Everything in the computer world every object, has an access right: when you interact with an object, the level of rights...
Read more