Malware developers are always looking for new technics to bypass security systems. In this article we will see how Windows Installer can be abused to deliver malicious code, and how the famous ransomware Maze uses this type of technic. Create malicious MSI files An MSI file is a compressed database [...]
Nucleon Smart Endpoint takes a different approach to EPP than most of its competitors. Rather than putting the emphasis on runtime behavioral and memory analysis, as most current generation EPP products do, Nucleon utilizes their multi-layer Zero-Trust architecture for authorizing process level execution on the endpoint. The use of ML is essential in the EPDR product space. Here too, Nucleon deploys its proprietary ML in a novel way. Nucleon employs ML to “absorb” normal user activities to develop a baseline of activities on which to base endpoint specific rules that prevent malware execution. Additionally, Nucleon offers LOLBAS-informed hardening and detection as well as vulnerability enumeration.
Nucleon’s EDR covers the expected range of capabilities for aiding investigations, including IoC detection, CTI enrichment, and automated evidence collection. Nucleon offers a good range of remediation actions, from quarantining files to process termination to full system restore for affected machines.