What is CyberGuard?
CyberGuard is the upcoming system protection software developed by BreakingSecurity.
CyberGuard is designed to protect your Windows system against the majority of threats, such as: viruses, ransomware, backdoors, data stealing and more.
It is currently in the final stages of development and will be publicly released within the next few months.
Highlights:
Protection against Ransomware:
The File Access Protection module shields your files from deletion, encryption, or tampering.
Ransomware process is blocked before being able to cause any damage.
Malware can be safely blocked and quarantined.
Protection against backdoors, bots, RATs installed without user’s consent:
Any suspicious backdoor or malware which tries to connect to the internet is blocked by the Network Access Protection module.
The destination IP address and port are logged.
This includes any backdoor, bot, RAT software installed without user’s consent.
Protection against Encrypted malware:
Thanks to its behavioural, machine learning engine,
CyberGuard is also capable to stop crypted, new or custom malware.
If the malware manages to bypass common AntiVirus protection,
CyberGuard will still protect your systems from it.
File Access protection:
Read and Write access is filtered and denied to suspicious processes.
This will protect your files against infection, tampering, deletion, encryption or exfiltration by any process.
For example:
Ransomware will not be able to encrypt or delete your files.
RATs will not be able to read or download your files.
How does CyberGuard work?
CyberGuard operates in a quite different way compared to traditional Antivirus software.
It is in fact designed to block threats which most of the traditional Antivirus programs are unable to block (as we will show soon in a demo video), such as encrypted malware.
The core of CyberGuard is a machine-learning engine, written in C, which is programmed to learn about your system and processes behaviour.
After a brief period of learning, it will be able to filter and block any suspicious, uncommon operation on your system.
CyberGuard is a product of over 10 years of cybersecurity experience and practice.
You can think it as a guard at the door entrance of your mansion:
he will be able to check any guest which approaches the door.
After a first brief period of training, used to recognize any of your welcome guests and safe activities, it will constantly watch for any suspicious action or unknown guest.
He will check if the guest is in a whitelist or blacklist, and it will constantly watch it for any suspicious behaviour.
After a thorough check, CyberGuard will decide to either allow or deny entrance.
If CyberGuard is undecided, it will block it as a safe measure, and prompt the user for further decision.
The Cyberguard kernel-level engine evaluates and blocks any suspicious operation by any running process.
The process is evaluated through different checks, such as if it signed with a valid certificate, or it is a known trusted process.
Various suspicious operations are blocked, such as:
- File Access: any read/write operation on your sensitive files (documents, pictures, etc.) is filtered and blocked if it comes from an unknown or suspicious process.
This is used for protection against Ransomware, backdoors, viruses and RATs installed maliciously which try to exfiltrate your files. - Network Access: unknown processes trying to connect to the internet are blocked.
This will block the majority of backdoors, data exfiltration tools, or RATs installed without consent. - Process Creation: Any process which tries to run an external, unknown process is blocked.
- Process Injection: processes trying to elude checks by injecting into safe process are blocked before even starting the injection.
Watch it in action!
(Video soon available) Protecting your files from many kinds of ransomware
(Video soon available) Protecting your files from exfiltration via backdoors