Cyber 2.0 vs Traditional antivirus and Organizational Firewall
Current security standards in an organization consists of the following base components:
· Antivirus (standard and or next gen)
· EDR or IDS\IPS systems
· Organizational Firewall
Each defense mechanism Is designed to stop Cyber Threats in its own way:
Standard Antivirus: Search for signatures of known virus and malware codes
Next Gen Antivirus: Search for anomaly in either the code or the behaviors of the programs
EDR and IDS\IPS system: analyses the traffic of the network for known signatures, anomaly’s or suspicious behavior
The firewalls (internal or external): minimize the allowed traffic per ports and\or applications.
All of these different defense mechanisms, suffer from a vital flow that is inherit in the system:
They can only protect what they know!
Even the anomaly and behavior-based system, are limited by what they described as an anomaly or malicious behavior.
The main problem with the current model is that this vital flow, is always being exploited by the malicious software, it causes the defense program to always be one step behind the attacker, that is way the current methodology of detect and response is so dominant now.
First you detect the problem, then you try to identify the source, then you respond.
It is design to minimize the effect of malicious attacks, but it also has a price: Eternal Vigilance.
The larger the organization, the more info the Cyber Personal has to go over, the current system send tremendous amount of raw data that need to be checked and verified for good or for bad – the cyber personal always have to read and analyses the data that the Defense program is sending them.
that is the nature of anomaly and behavior analysis…
Cyber 2.0, introduced a fresh concept that negate the flow: The chaos methodology.
Instead of searching for the unknown and the bad, she searches for the known and the good.
And using the Unique Chaos System, developed and patented by Cyber 2.0, the malicious software cannot bypass it, even if disabled on the infected computer, the malicious software won’t be abele to spread, infect, encrypt or gain any sort of access to the network resources.
It’s a completely new way of looking at thing, a combination of a smart white list coupled with an effective chaos base port scrambling communication, make sure that no matter what sort of malicious software had penetrated the computer, it won’t be able to do anything in or over the network.
Any attempt to bypass or disable the system (assuming the aggressor have full admin), will result with the fact the other computers won’t understand him, only chaos-based communication will be understood.
Any attempt of the aggressor to add itself to the list, will result in unbalancing the chaos communication and the other computers won’t understand you.
Any attempt to piggyback legitimate process or software will be detected by the reverse tracking mechanism, and when the legitimate process will attempt communication, everything that was part of its life cycle (no matter how far, and no matter how many times it piggybacks) will not get scramble – and therefor blocked.
Cyber 2.0 – Reverse tracking mechanism, maps all process as they load, it registers various information regarding them:
· Name and real name
· Various other info
It also maps the connection between the process as they happen, so each time a process did something to another process – doesn’t matter what – it is registered as part of that process life cycle.
But every process that was part of the creation also transfer to the other process life cycle, It allows Cyber 2.0 to create chain of activation of any process and who or what originated it.
If any part of the chain is unknown or unauthorized – the chain will be blocked when the last process is trying to access network resources.
It Also Allows Cyber 2.0 to create one of the most comprehensive inventory available.
Cyber 2.0 Inventory:
Because of the reverse tracking mechanism, the cyber 2.0 inventory gives you the following capability’s:
· Every file\application that is installed or used
· Every process that is installed or used
· Every version of every file\application
· Where each version is installed
· The display name (if applicable) and the true name
· The version number (if applicable)
And if it is connected to the internet, it can also give you the known reputation of that specific version of every file\application installed.
Including if it is a known malicious application
Because of the Chaos Engine, all the network traffic is stored in the central controlling server.
It allows deep analyzing of the network flows, and full transparencies of network behavior.
You can use the Cyber 2.0 reader web interface as follow:
Ask for the all the files that was open by word.exe on a specific computer, on a specific date and time.