In-depth security and defence require the adoption of a multi-layer protection system capable of defending from different classes of attack. The window of opportunity for an attacker is greatly reduced when several attack points are monitored at once, in addition to that getting though multiple layers of defence, acting independently from each other, is extremely tough even for the most advanced cyberthreats.
Malwares can be delivered in several ways, one of the most effective is by taking advantage of an exploit whether 0-day or not. Exploits are dangerous and they can act in complete invisibility, leaving your users completely unaware of an exploitation attempt. The first protection layer detects these classes of attack and that includes: buffer overflows, ROP chains, Heap sprays, Privilege Escalation attempts and more.
The attack chain always involves the use of a malware. Malwares are particularly effective at exfiltrating data and at facilitating lateral movements in your internal network. Attacking main servers from the internet is hard, but achieving the same goal from the internal network is much easier and malware are the perfect tool for the task. This layer of protection monitors constantly every application, blocking every aggressive behaviour detected. Malware are thus quickly identified and removed.
Data Exfiltration Prevention
Data is always the ultimate goal of an attack, the most precious and valuable asset. The third layer of protection monitors access to the data from the NanoOS inspecting every access. When an unauthorised access is detected, the security team is immediately alerted and the access is blocked. This type of protection is incredibly effective not only against malware-driven data exfiltration, but also against ransomware that are trying to alter or corrupt the data.
Two different Artificial Intelligence engines are working concurrently, one on the client and another one on the backend, to detect anomalies and suspicious activities. Every time an alert is generated it gets inspected and evaluated in real-time by both the A.I. engines that in turn decide what level of severity is assigned to the event. The engines keep learning with time thus offering an always evolving protection layer capable of detecting not only dangerous activities, but also unusual usage patterns.