Complete Network Mapping

  • The system maps every activity on the computer
  • It creates 3 distinct inventory lists:
       Inventory of every software installed on each computer
       Inventory of active software
       Active programs that go out to the network
  • Software components' network behavior – software, its version and what it actually did and when
  • Analysis of all attacks, real-time and past (Forensic View)

The Mapping Process

  • Every process that loads- is recorded
  • Every Dll or library file that loads- is recorded
  • Any access of a process to another process- is recorded
  • When a process is activated, the system creates MD5 and SHA signature

What the Organization is Required to do

  • The organization indicates which software is authorized to enter the network (legitimate software)
  • This list is comprised of no more than a few dozen programs (accounting, Office, Acrobat, browser)
  • Any software that was not specifically authorized or that is unknown, will be treated as illegitimate
  • This is not the familiar White List; It is an automatic creation and management of a Dynamic List

Chaos Engine - Complete Blocking within the Organization

Blocking With No Detection

  • Legitimate/Authorized software
    Outgoing traffic is scrambled, incoming traffic is descrambled Outgoing traffic is scrambled, incoming traffic is descrambled
  • Malicious/unauthorized software
    Outgoing traffic is not scrambled, incoming traffic is descrambled, and therefore blocked

The Power of Reversal

Reverse Tracking

Reverse Tracking - what differentiates Cyber 2.0 from the competitors:


  • Malicious software activates a chain of legitimate software, that eventually gives a seemingly legitimate command. For example, commanding Outlook to send an email including the organization’s strategic plan to a competing company
  • Since the command was sent by a legitimate software, cybersecurity systems inspecting Outlook will not detect the malware
  • Cyber 2.0 tracks the chain all the way back, using Reverse Tracking Technology, and blocks Outlook from going out to the network

This fundamental difference enables Cyber 2.0 to expose all malicious activities, that have not been revealed by any of the other defense system, already deployed in the organization

Chaos Engine- Complete Blocking out of the Organization

  • Using a dedicated Gateway, the system may be deployed between the network and various other networks, as well as unsupported network devices

Cyber 2.0 Deployment Process

  • 1. POC - We install the system on 20 computers, in monitor mode only (without blocking)
    A week later, we present a detailed report of all active malicious software within the organization’s network (that have not been detected by any other defense system already deployed)

  • 2. Monitor Mode - Gradual deployment across the organization in monitor mode, while identifying legitimate software, and removing unauthorized software. The process is repeated, until there are no more alerts (all legitimate software is approved, and non-legitimate removed)

  • 3. Defense Mode - Gradual transition across the organization into full defense mode. This step is based on the customer’s needs, and may be achieved using different methods, such as:
  •     Automatic approval of all existing software, authorizing the system to block only new malicious software, until transition to full defense mode is complete
  •     Critical systems in defense mode, while the rest of the organization is in monitor mode. Gradual transition of all other systems to defense mode

Full Deployment takes no more than a few weeks (Pace of deployment to be determined by each organization)