CYBRScan

Stop attacks before zero day and stop the Advanced Persistent Threats (APTs)

We live in a dangerous world — our information technology systems face that danger every single day. Hackers are constantly attempting to infiltrate systems, steal information, damage government and corporate reputations, and take control of systems and processes.

Hackers share and use a variety of tools and techniques to gain access to, and maintain access to, IT systems, including groups and techniques so dangerous they have their own category – the Advanced Persistent Threat (APT). At the center of the APT are sophisticated techniques using malware to exploit vulnerabilities in systems. Traditional cyber security technologies use file signatures to locate these tools and hacker malware, but hackers are now actively camouflaging their tools by changing, customizing, and “morphing” them into new files that do not match any known signatures (‘Polymorphic Malware’). This introduces a massive gap in malicious file detection which leaves the enterprise open to exploitation — and it’s just not possible for traditional signature-based systems to keep up. In fact, signature-based anti-virus and anti-malware systems are only around 25% effective today. CYBRscan sees through it all, even as the files morph and change in a futile attempt to remain camouflaged.

"*" indicates required fields

Download CYBRScan Lite for FREE!

This demo is currently for use on Microsoft Windows only. A download link will be instantly sent to the given email address.

CYBRscan, the world’s most effective anti-ransomware and malware solution from CYBR International, can see through the Polymorphic camouflage used by the worlds most advanced hackers by utilizing digital file fingerprints and our proprietary adaptive CYBRscan ‘brain’ that constantly analyzes the fingerprints of known malicious files and tools to locate partial matches within the files on your systems – servers, laptops, desktops, USB drives, and even mobile devices. CYBRscan can cut right through the Polymorphic files, revealing the true hacking tools underneath, even if they are only fragments or pieces of a more complete set of hacking tools and technologies.

Most cyber attacks happen weeks or even months after their initial penetration and access to a network or system, and even the simplest attacks tend to have a fuse that is typically several days. It takes them time to map out a system, probe for the information they want, and obtain or forge credentials with the type of access they need. But from the moment their tools first land on your network and systems, CYBRscan sees them. If fact, CYBRscan can see them sitting on a newly inserted USB drive even if the files are not copied to your systems. This means CYBRscan can identify and alert you to malicious files and potential illicit activities before the attack happens – before zero day!

How does CYBRscan work? CYBRscan sits on the endpoint and continuously monitors file activity. Digital fingerprints, which can be used to find partial matches of any file type in any language, are reported back where they are kept forever in a temporal repository. CYBRscan looks through all of the digital fingerprints — both those from files on your systems and those in a constantly updated database of known malicious files and hacking tools, to locate and alert you to any indication of hacking, malicious files, or illicit activity.

Digital File Fingerprints
Any File Type, Any Language, Partial Matches, Exact Matches

Digital File Fingerprints are created from a file or a piece of digital data/information by using advanced mathematics to look at all of the small pieces of data that make up the file to create a very small, unique piece of mathematical data — a digital file fingerprint. Files may be of any file type and in any language – digital fingerprints can find partial and exact matches regardless of what is in the file itself.

Just like with humans, once a fingerprint has been taken, you no longer need the person to identify them. The fingerprint is enough. Even a partial fingerprint is enough, and sometimes a smudge will do. Digital fingerprints work on the same principle. Once CYBRscan has taken a digital fingerprint of a file, the file is no longer needed to identify it or to compare it with other files. And because digital fingerprints are tiny, they are easy to store. Even a multi-gigabyte file has a digital fingerprint that is no bigger than 10k.

Once you have two sets of digital fingerprints, you can compare them. Because CYBRscan starts with full fingerprints of known malicious files, it can identify matching files even when the digital fingerprint is only partially there. And with CYBRscan’s advanced processing capabilities, file fragments, recovered data from a hard drive, partially downloaded documents, damaged files (both intentional and accidental) and other incomplete file structures can be properly fingerprinted in a way that still allows matches to be found.

CYBRscan is a disruptive technology that can see polymorphic malware and stop attacks before zero day. Email info@cybrinternational.com today for more information.

Other technologies and software use static signatures, which do not work if any part of a file, regardless of how small, is different from another, or if the file is damaged in any way. CYBRscan and digital fingerprints enable partial matching, and can see through the camouflage that has become the industry standard for hackers across the globe. Static signature based solutions simply cannot do this.

Imagine your favorite detective drama on TV. The prosecutor says “This partial fingerprint was found at the crime scene and the video camera across the street recorded a perfect image of the person’s face.” The jury deliberates and compares the picture and fingerprints of the defendant that were taken the day before. They conclude, because the fingerprint was not all there and was not 100% identical, and because one picture showed a mustache that looked identical but was 1 millimeter longer than the other picture, that the two people were not identical – and set the criminal free. Well, that show wouldn’t be on TV long because crime would run rampant. Now imagine they had CYBRscan. Criminals would be caught, the town would be a much safer place, and the show would be on for years to come.

Ensuring System Compliance
NIST 800-53 Revisions, SI-3 Malicious Code Protection

Now imagine your network and systems without CYBRscan, where traditional exact match signature software is on your front line of defense. All kinds of malicious files could walk right through and sit down on your hard drives, just waiting for hackers to activate them. But you don’t have to.

CYBRscan — instead, simply contact us, get CYBRscan in place, and we’ll work with you to show you what’s really on your systems and help you keep those systems safe. Email: info@cybrinternational.com today.

All Government systems go through Certification and Accreditation. CYBRscan can help you with malicious code protection, for both security considerations and required compliance.

Guidelines found in NIST 800-53 Revisions Security Requirements for System Integrity, SI-3 Malicious Code Protection, state that malicious code protection mechanisms must be employed at information system entry and exit points, including workstations, notebook computers, and mobile devices, to detect and eradicate malicious code.

CYBRscan, with its continuous monitoring of the files on your endpoints and its continuous updating of its known malicious file repository, will provide the required real-time and full monthly re-scans of your files, will alert your administrative  staff  when  malicious  code  is  found,  will  provide potentiarl problematic files, illicit activity, and follow-up with very short false positive reports.

CYBRscan’s false positive rate is less than 0.01%.

CYBR International’s CYBRscan helps organizations meet the security requirements set forth and ensure compliance.

What does CYBRscan do?

Identify and remove Ransomeware before it encrypts your files

SCADA networks contain computers and applications that perform key functions in providing essential services and commodities (e.g. electricity, natural gas, gasoline, water, waste treatment, transportation) to all Americans. They are part of the nation’s critical infrastructure, provide great efficiency, are widely used, and require protection from a variety of cyber threats.

One of the most significant threats is benign files residing on the computers on the network that morph into tools that hackers can use to gain access to the network and the equipment it monitors and/or controls. These files might be part of the operating system (binary files), might be a normal file that includes scripting, or can even be a general data file moved onto the computer through a network or a USB drive. By morphing, these files circumvent detection and countermeasures. This is just one example of how a hacker can compromise and exploit the system and the worst part is that you will never know until it is too late!

The recent Department of Justice announcement charging Iranian hackers believed to be tied to the 2013 hacking of a New York dam illustrates this threat clearly.

Enter CYBR International’s CYBRscan Adaptive Security — CYBRscan monitors all files of all types (any format or language) without the requirement of a translator or human operator. CYBRscan can see right through the hacker’s camouflage of morphing files to quickly identify problems and threats before hackers have the opportunity to active and use their tools. For U.S. and foreign based systems,

CYBRscan is a must have cyber security solution. 

The CYBR International team has extensive experience with SCADA systems and critical infrastructure. Our CYBRscan solution is critical to the overall security framework of such systems as it was designed to find the morphing, malicious files and associated illicit file activity that can lead to compromise of the integrity, confidentiality and/or availability of the system. Threats loom on both the inside and outside, and the dynamic nature of these systems require continuous, temporal monitoring to stop cyber attacks before they happen.

Track sensitive information as it changes and moves around the enterprise

Corporate Espionage is rampant. Bad nation states like China flourish at the detriment of the exploited nation’s trades secrets, patents and copyrights.

The FBI has more than 1,000 intellectual property (IP) theft cases open involving individuals associated with the People’s Republic of China. And those thefts have cost the United States nearly $500 billion a year, says William Evanina, director of the National Counterintelligence and Security Center (NCSC)

The Pentagon’s program of standards for every company in the supply chain exists because it is not enough to trust that companies will follow the right security protocols. That sort of approach let the Chinese steal huge amounts of data from the F-35 program to help them build their most advanced fighter, the J-31. When it comes to handling information about weapon designs, the Pentagon must verify cybersecurity best practices, Stacy Bostjanick, director of Cybersecurity Maturity Model Certification (CMMC), told an AFCEA Nova event.

While it’s impossible to say if the CMMC would have prevented such a breach by a determined nation-state actor, the CMMC mandates rules and protocols that restrict the flow of classified information only to companies that have demonstrated they can keep it secure. The persistence of nation-state efforts to conduct industrial espionage and steal intellectual property means there is value in making every entry point harder to breach.

CYBR International not only participates in the CMMC program but has built CYBRscan to augment the CMMC requirements that funnel from the top (DHS, DoD) to the bottom (small business sub-contractors) and every organization in between.

By using CYBRscan, proprietary files can be tracked in real-time to ensure that corporate espionage and theft are thwarted before the bad actors make off with critical U.S. IP.

Supervisory Control and Data Acquisition (SCADA) is a system for remote monitoring and control that operates with coded signals over communication channels (using typically one communication channel per remote station).

CYBRscan uses digital file fingerprints to identify partial and exact matches between files, regardless of file type or language. This ability can be used to track movements of and changes to files on a network of computers.

Government entities and corporations need to addresses the issue of monitoring documents and files that contain sensitive information intellectual property, and it is no longer sufficient to simply store them on a secure server and require specific

credentials to access the information. People, both unintentionally and sometimes with malicious intent, copy and paste parts of documents, move files to USB drives, and otherwise edit and transfer files in order to get them on to a laptop, share them with a co-worker, or exfiltrate confidential information to outside networks and systems.

CYBRscan carefully watches all of the files on your network, including what’s going with USB drives. If someone copies part of a file that has sensitive data to another file, CYBRscan sees it. Furthermore, CYBRscan can alert you and correlate certain documents/files or with specific computers/individuals.

Your sensitive files now have a watchdog that catches both unintentional and malicious exposure to non-secure systems. Use CYBRscan to set up a custom database of the locations where your sensitive files are stored, and create file fingerprints that can be used to track those files across your network and systems. This ensures that an organization can know where its proprietary and sensitive information is 365/7/24, in real-time.

How Can I Get CYBRscan?

Commercial or Government, with multiple contract vehicles available

CYBRscan is available directly from CYBR International, Inc. CYBRscan is also available through the our VAR channel, 21st Century Technologies, Inc., a small business reseller.

CYBR International, Inc. develops and sells its adaptive enterprise cyber security software product, CYBRscan, and provides professional services and support for CYBRscan implementations.

CYBRscan Adaptive Security is a continuous monitoring enterprise solution that tracks file-based activity on the endpoint using digital file fingerprints, can identify problems and cyber threats before zero day, and can see through morphing, camouflaged (polymorphic) files to make accurate determinations of malicious files and illicit activity.

CYBRscan can deployed as a secure cloud application for maximum flexibility, a stand- alone Enterprise implementation for maximum security, or the two combined in an Enterprise implementation augmented through a secure cloud gateway.

CYBR International’s team of cyber security experts have the expertise to support you by creating a holistic, enterprise security framework that consists of people, policy, procedures and technology that will ensure a security posture that implements the best risk management strategies, tactics and operations available. email: info@cybrinternational.com today.

GRansomware attacks

Ransomware attacks are on the rise and affect Fortune 500 companies, Federal organizations, and consumers. This vicious type of attack affects your user’s ability to get their work done and prevents users from accessing files on a device or network by making the device or network unusable, by encrypting the files your users need to access, and/or by stopping certain applications from running (e.g. the web browser). A ransom is then demanded (an electronic payment of currency or bitcoins) with the promise that your data will be unencrypted and accessible again following the payment.

If the ransom payment is made, there is no guarantee that the data will be unencrypted or returned to a state of integrity and/or availability. Furthermore, there is also no guarantee that the people behind the ransom will not re-infect your systems again with a variant of what was initially used. Payment encourages future attacks because they know you cannot detect it and will pay again next time.

Surprisingly, there are only a handful of known ransomeware files in use today (e.g. Crowti, Fakebsod). Safeguards exist that use static signatures to find exact matches for these known files, but the moment these files morph or are changed in any way they become undetectable by these solutions. CYBRscan digs deeper with digital file fingerprints and can find the new files, enabling you to analyze, quarantine, or delete them before they activate. This pro-active approach can be the difference between a system being protected and a system being made completely unavailable with encrypted data being held hostage for a ransom.

CYBRscan uses digital file fingerprints to detect the ransomware by looking at both partial and exact matches and can report the problem before it happens. Ransomeware of the past attacked your personal computer and today’s variant attacks the servers — CYBRscan can detect both.

March 2022 – Two more healthcare networks are hit by ransomware targeting servers. Advice from law enforcement — pay the ransom! (They did). File backups are insufficient. Paying ransoms is costly and only encourages repeat attacks.

CYBRscan is the most comprehensive solution available to detect and root out ransomware and other advanced persistent threats (APTs). Take charge of the situation and put CYBRscan to work continuously monitoring your systems.