CYBRScan
Stop attacks before zero day and stop the Advanced Persistent Threats (APTs)
We live in a dangerous world — our information technology systems face that danger every single day. Hackers are constantly attempting to infiltrate systems, steal information, damage government and corporate reputations, and take control of systems and processes.
Hackers share and use a variety of tools and techniques to gain access to, and maintain access to, IT systems, including groups and techniques so dangerous they have their own category – the Advanced Persistent Threat (APT). At the center of the APT are sophisticated techniques using malware to exploit vulnerabilities in systems. Traditional cyber security technologies use file signatures to locate these tools and hacker malware, but hackers are now actively camouflaging their tools by changing, customizing, and “morphing” them into new files that do not match any known signatures (‘Polymorphic Malware’). This introduces a massive gap in malicious file detection which leaves the enterprise open to exploitation — and it’s just not possible for traditional signature-based systems to keep up. In fact, signature-based anti-virus and anti-malware systems are only around 25% effective today. CYBRscan sees through it all, even as the files morph and change in a futile attempt to remain camouflaged.
"*" indicates required fields
CYBRscan, the world’s most effective anti-ransomware and malware solution from CYBR International, can see through the Polymorphic camouflage used by the worlds most advanced hackers by utilizing digital file fingerprints and our proprietary adaptive CYBRscan ‘brain’ that constantly analyzes the fingerprints of known malicious files and tools to locate partial matches within the files on your systems – servers, laptops, desktops, USB drives, and even mobile devices. CYBRscan can cut right through the Polymorphic files, revealing the true hacking tools underneath, even if they are only fragments or pieces of a more complete set of hacking tools and technologies.
Most cyber attacks happen weeks or even months after their initial penetration and access to a network or system, and even the simplest attacks tend to have a fuse that is typically several days. It takes them time to map out a system, probe for the information they want, and obtain or forge credentials with the type of access they need. But from the moment their tools first land on your network and systems, CYBRscan sees them. If fact, CYBRscan can see them sitting on a newly inserted USB drive even if the files are not copied to your systems. This means CYBRscan can identify and alert you to malicious files and potential illicit activities before the attack happens – before zero day!
How does CYBRscan work? CYBRscan sits on the endpoint and continuously monitors file activity. Digital fingerprints, which can be used to find partial matches of any file type in any language, are reported back where they are kept forever in a temporal repository. CYBRscan looks through all of the digital fingerprints — both those from files on your systems and those in a constantly updated database of known malicious files and hacking tools, to locate and alert you to any indication of hacking, malicious files, or illicit activity.
Digital File Fingerprints
Any File Type, Any Language, Partial Matches, Exact Matches
Digital File Fingerprints are created from a file or a piece of digital data/information by using advanced mathematics to look at all of the small pieces of data that make up the file to create a very small, unique piece of mathematical data — a digital file fingerprint. Files may be of any file type and in any language – digital fingerprints can find partial and exact matches regardless of what is in the file itself.
Just like with humans, once a fingerprint has been taken, you no longer need the person to identify them. The fingerprint is enough. Even a partial fingerprint is enough, and sometimes a smudge will do. Digital fingerprints work on the same principle. Once CYBRscan has taken a digital fingerprint of a file, the file is no longer needed to identify it or to compare it with other files. And because digital fingerprints are tiny, they are easy to store. Even a multi-gigabyte file has a digital fingerprint that is no bigger than 10k.
Once you have two sets of digital fingerprints, you can compare them. Because CYBRscan starts with full fingerprints of known malicious files, it can identify matching files even when the digital fingerprint is only partially there. And with CYBRscan’s advanced processing capabilities, file fragments, recovered data from a hard drive, partially downloaded documents, damaged files (both intentional and accidental) and other incomplete file structures can be properly fingerprinted in a way that still allows matches to be found.
CYBRscan is a disruptive technology that can see polymorphic malware and stop attacks before zero day. Email info@cybrinternational.com today for more information.
Other technologies and software use static signatures, which do not work if any part of a file, regardless of how small, is different from another, or if the file is damaged in any way. CYBRscan and digital fingerprints enable partial matching, and can see through the camouflage that has become the industry standard for hackers across the globe. Static signature based solutions simply cannot do this.
Imagine your favorite detective drama on TV. The prosecutor says “This partial fingerprint was found at the crime scene and the video camera across the street recorded a perfect image of the person’s face.” The jury deliberates and compares the picture and fingerprints of the defendant that were taken the day before. They conclude, because the fingerprint was not all there and was not 100% identical, and because one picture showed a mustache that looked identical but was 1 millimeter longer than the other picture, that the two people were not identical – and set the criminal free. Well, that show wouldn’t be on TV long because crime would run rampant. Now imagine they had CYBRscan. Criminals would be caught, the town would be a much safer place, and the show would be on for years to come.
Ensuring System Compliance
NIST 800-53 Revisions, SI-3 Malicious Code Protection
Now imagine your network and systems without CYBRscan, where traditional exact match signature software is on your front line of defense. All kinds of malicious files could walk right through and sit down on your hard drives, just waiting for hackers to activate them. But you don’t have to.
CYBRscan — instead, simply contact us, get CYBRscan in place, and we’ll work with you to show you what’s really on your systems and help you keep those systems safe. Email: info@cybrinternational.com today.
All Government systems go through Certification and Accreditation. CYBRscan can help you with malicious code protection, for both security considerations and required compliance.
Guidelines found in NIST 800-53 Revisions Security Requirements for System Integrity, SI-3 Malicious Code Protection, state that malicious code protection mechanisms must be employed at information system entry and exit points, including workstations, notebook computers, and mobile devices, to detect and eradicate malicious code.
CYBRscan, with its continuous monitoring of the files on your endpoints and its continuous updating of its known malicious file repository, will provide the required real-time and full monthly re-scans of your files, will alert your administrative staff when malicious code is found, will provide potentiarl problematic files, illicit activity, and follow-up with very short false positive reports.
CYBRscan’s false positive rate is less than 0.01%.
CYBR International’s CYBRscan helps organizations meet the security requirements set forth and ensure compliance.
What does CYBRscan do?
How Can I Get CYBRscan?
Commercial or Government, with multiple contract vehicles available
CYBRscan is available directly from CYBR International, Inc. CYBRscan is also available through the our VAR channel, 21st Century Technologies, Inc., a small business reseller.
GRansomware attacks
Ransomware attacks are on the rise and affect Fortune 500 companies, Federal organizations, and consumers. This vicious type of attack affects your user’s ability to get their work done and prevents users from accessing files on a device or network by making the device or network unusable, by encrypting the files your users need to access, and/or by stopping certain applications from running (e.g. the web browser). A ransom is then demanded (an electronic payment of currency or bitcoins) with the promise that your data will be unencrypted and accessible again following the payment.
If the ransom payment is made, there is no guarantee that the data will be unencrypted or returned to a state of integrity and/or availability. Furthermore, there is also no guarantee that the people behind the ransom will not re-infect your systems again with a variant of what was initially used. Payment encourages future attacks because they know you cannot detect it and will pay again next time.
Surprisingly, there are only a handful of known ransomeware files in use today (e.g. Crowti, Fakebsod). Safeguards exist that use static signatures to find exact matches for these known files, but the moment these files morph or are changed in any way they become undetectable by these solutions. CYBRscan digs deeper with digital file fingerprints and can find the new files, enabling you to analyze, quarantine, or delete them before they activate. This pro-active approach can be the difference between a system being protected and a system being made completely unavailable with encrypted data being held hostage for a ransom.
CYBRscan uses digital file fingerprints to detect the ransomware by looking at both partial and exact matches and can report the problem before it happens. Ransomeware of the past attacked your personal computer and today’s variant attacks the servers — CYBRscan can detect both.
March 2022 – Two more healthcare networks are hit by ransomware targeting servers. Advice from law enforcement — pay the ransom! (They did). File backups are insufficient. Paying ransoms is costly and only encourages repeat attacks.
CYBRscan is the most comprehensive solution available to detect and root out ransomware and other advanced persistent threats (APTs). Take charge of the situation and put CYBRscan to work continuously monitoring your systems.