Geeks for your information
VoodooShield CyberLock, the leading Adaptive Zero Trust solution! - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: Security (https://www.geeks.fyi/forumdisplay.php?fid=68)
+--- Forum: Security Vendors (https://www.geeks.fyi/forumdisplay.php?fid=87)
+---- Forum: VoodooShield LLC (https://www.geeks.fyi/forumdisplay.php?fid=95)
+---- Thread: VoodooShield CyberLock, the leading Adaptive Zero Trust solution! (/showthread.php?tid=20169)



VoodooShield CyberLock, the leading Adaptive Zero Trust solution! - jasonX - 23 July 24

[Image: Kjmg9rz.png]




VoodooShield CyberLock, the leading Adaptive Zero Trust solution!




[Image: 1ELZZeN.png]



VoodooShield CyberLock is a security program that is unlike most traditional anti-virus programs. Instead of scanning the user's computer for known malware or using definition files to detect infections, VoodooShield CyberLock instead 'locks' the user's computer so that he is notified when an unknown process is started.  This allows the user to 'lock down' his computer so that it only executes applications that he specifically whitelists and denies all other programs.  This makes it impossible for an application to run without the user first giving his express approval.

 
[Image: yC90aLw.gif]


[Image: 27mohSJ.gif]


VoodooShield CyberLock is designed to protect and shield the user's machine from outside threats. It has 5 Cyberlock modes, i. Always ON, ii. Smart Mode, iii. Autopilot, iv. Training, and v. [/b]Disable/Install[/b]. CyberLock’s default setting is 'Smart Mode'. In this mode, it checks any unknown programs against the 'allowlist database' and the 'VoodooAi' analysis system. Any file that doesn’t get a 'Safe' rating for both doesn’t run. The shield displays 'LOCKED' in this mode.

 
[Image: G52q7vq.jpeg]


In 'Always On' mode, Voodooshield CyberLock checks every new file in two (2) ways, via i. VoodooAi, and ii. allowlist database of known programs. The shield displays 'LOCKED' in this mode.

Voodooshield CyberLock will processes it through the (i.) VoodooAi machine-learning system, which returns a verdict of 'Safe', 'Suspicious', or 'Unsafe'. It then checks with its (ii.) allowlist database of known programs, which simply returns 'Safe' or 'Not Safe'. 

VoodooAi’s 'Unsafe' means that the file is malicious, whereas WhitelistCloud’s 'Not Safe' only means that the database hasn’t registered the program as 'Safe'. The user can always verify and check any file that is marked as 'Unsafe' or 'Suspicious' via 'Get Second Opinion' link in the alert pop-up. Doing so submits a digital fingerprint of the file to the VirusTotal website. If VirusTotal reports the uploaded file is 'bad', it almost certainly it is 'malware'. If no more than a handful flag it as 'malicious', it (probably) is not. 

 
[Image: SuGLCBR.jpeg]


The 'Training' mode (CyberLock shield will show 'TRAINING') is typically used when the user initially installs CyberLock, or when you are  installing or running new software. CyberLock will remain 'TRAINING' and will allow all new  items and automatically add them to the whitelist, so they will not be blocked. The computer is NOT protected in 'Training mode'. 

The 'Disable/Install' mode is similar to 'Training' mode, except new items are not added to  the whitelist, it is typically/basically used when the user is installing new software, but do not want the installer items to be automatically added to the whitelist. The computer is NOT protected in 'Disable/Install' mode (CyberLock shield will show 'DISABLED'). 

In 'AutoPilot mode', CyberLock will automatically allow and whitelist any  file that is determined to be Safe by VoodooAi and WhitelistCloud. If a non-whitelisted  process is spawned that is determined to be Not Safe by VoodooAi or WhitelistCloud,  CyberLock will block the item and prompt the user so they can decide whether to  allow the item or not.  AutoPilot mode is a great choice for users who want the power and performance of  application whitelisting, without the hassle of constantly being bombarded by  affirmative user prompts. Gamers and software testers typically use this mode. (CyberLock shield will show 'AUOPILOT').


WhitelistCloud

WhitelistCloud is a new patent pending feature of Cyberlock that continously monitors running processes and ensures only 'Safe' items are running at any given time. WhitelistCloud is essentially an advanced file reputation service that classifies files as either 'Safe' or 'Not Safe'. When unknown files are encountered, the user can inspect the file to ensure it as a known 'safe file'  that is supposed to run on his system. 

If the user enables 'WhitelistCloud', an initial 'Snapshot Scan' will be performed which should usually take <10 minutes. There are usually a handful of files that WhitelistCloud is unable to determine to be safe during the scan. So once the scan is complete, the user can manually verify the files classified as 'Not Safe' , safe or not. Thus, the user will be continually be aware that only Safe files are running on his system. WhitelistCloud is also indicated by a white colored WC icon at the bottom right, by the clock. 

Note: A 'Not Safe' result does not necessarily mean a file is 'malicious' but it is classified that it is NOT known to be safe.


Voodooshield Cyberlock's pure allowlist solution, with it's characteristic as an 'always blocks' the execution of all new files, could be too annoying for many users. CyberLock only uses simple allowlisting when your computer is safely disconnected from the internet. When you’re exposed to danger via the internet or a USB drive, it rings in advanced behavioral detection and cloud-based analysis to help sort safe files from malicious ones. That said, Voodooshield Cyberlock should be used in tandem with a 'traditional antivirus' solution. It might be also be noteworthy that the user should scan his system with his preferred 'traditional antivirus' prior usage of Voodooshield Cyberlock. 


 
HOW CYBERLOCK IS DIFFERENT

DYNAMIC SECURITY POSTURES + ANTIMALWARE CONTEXTUAL ENGINE + WHITELISTCLOUD FILE REPUTATION SCAN

1. CyberLock is the only patented tangible toggling computer lock in the industry, and it is designed to complement your traditional or next-gen antivirus (including Microsoft Defender). There are other deny-by-default / zero trust products, but only CyberLock functions as an actual computer lock with dynamic levels of protection (dynamic security postures). If it does not toggle, it is not a lock.
Quote:2. The Achilles’ heel of all cybersecurity products is that they are only able to offer a single static level of protection, so at any given time their security posture is likely either too aggressive or too relaxed, resulting in false positives and breaches. CyberLock solves this issue by dynamically adjusting its security posture on the fly, based on the end-user’s current activity and behavior. Because of our dynamic security postures feature, CyberLock is able to offer a tighter and more robust lock than is possible with any other product.

3. Cybersecurity experts agree that application whitelisting is by far the most effective security mechanism on the market, but no one ever bothered to make this technology user-friendly enough for the masses, until we created CyberLock. Before CyberLock, all application whitelisting products were active full-time, often when it did not make sense to be active, which most users and Administrators found to be annoying and untenable, so they would choose to forgo application whitelisting altogether. Our patented snapshot technology automatically builds the tiny, customized whitelist for the end-user, resulting in the smallest possible whitelist and attack surface in the industry.

4. CyberLock does not force the end-user to respond to dangerous affirmative user prompts, which eliminates the possibility the end-user inadvertently allows an unknown item. Instead, CyberLock displays a mini prompt prior to asking the end-user to make a decision on whether to allow a new item or not.

5. Through our WhitelistCloud technology, CyberLock scans its tiny, customized whitelist specifically for safe / clean files and automatically creates firewall rules for unknown items. In other words, traditional and next-gen antivirus scans for malware while WhitelistCloud scans for safe / clean files. As a result, Administrators are continually aware that only safe items are running on the endpoints. With traditional and next-gen antivirus, Administrators are somewhat certain that malware is not executing on the endpoints, but with WhitelistCloud, they are essentially certain that only safe items are executing at any moment in time.

6. Our unique Antimalware Contextual Engine considers the entire attack chain in the parent / child process creation relationship. Not only does this make CyberLock more secure, our mechanism is flexible so that blacklisting vulnerable items globally is not required. For example, CyberLock is not required to blacklist PowerShell globally in order to protect against PowerShell attacks. In other words, CyberLock considers the entire attack chain so that benign scripts that need to execute are able to do so, while blocking malicious PowerShell attacks.

7. CyberLock includes extremely robust ransomware, script, LOLBins and fileless malware protection capabilities.

8. LOLBins (Living Off the Land Binaries) have become an increasingly common attack vector in the cybersecurity landscape. Other endpoint protection products typically only protect 5-50 vulnerable process (for example, powershell, cmd, cscript, regsvr32, forfiles, scheduled tasks, bcedit), while CyberLock protects 1,000’s of vulnerable processes system wide, all automatically, all with zero configuration. If a new vulnerable process is discovered, CyberLock automatically updates each endpoint in 4 hours or less.

9. CyberLock created the anti-exploit mechanism that many vendors utilize today, but chose not to patent it. CyberLock is also the only deny-by-default product that protects the entire Windows system, as opposed to only protecting the Windows components that are currently being exploited by malware authors. With CyberLock, there is no need to update our mechanism when malware authors discover a new Windows component to exploit, which tends to happen every 3-4 months.

10. CyberLock utilizes ML/Ai (VoodooAi) and reputation based file insight (WhitelistCloud) that provides the end-user with file insight so they are able to make an informed decision, while offering an end-user recommendation based on the provided file insight.

11. Unlike products that utilize legacy / deprecated Software Restriction Policy (SRP) that operates in user-mode, CyberLock utilizes a modern kernel-mode monolithic blocking mechanism that does not require patches, hacks or tweaks to protect against new or undiscovered vulnerabilities and threats. In addition, unlike other products in its class, CyberLock is refined to the point that it does not require vendor co-management of the Web Management Console.

12. CyberLock is highly customizable through its settings, allowing Administrators to fine tune the overall security posture for each end-user.

13. CyberLock trains itself automatically and adapts to each endpoint very quickly. Users might notice a few unwanted blocks the first day or two as it automatically customizes itself to their system, but will soon experience just how silent zero trust can be. Some users prefer to put CyberLock on AutoPilot with the Relaxed Security Posture for a couple of days while it is customizing itself to their system, then switch to Smart or Always ON mode and the Aggressive Security Posture.



 
VoodooShield Review
 
Stop all Viruses with Voodoo Shield
 
VoodooShield Tested! Computer Solutions
 
1,000 Malware Sample Pre-Execution Efficacy Test
 
VoodooShield Malware Analyst
 
VoodooShield Malware Analyst
 
VoodooShield- Messin' with Malware