Review: How Nyotron Paranoid puts endpoint security worries to rest

Adding an extra layer of endpoint protection isn't just for the overly cautious.

Being called paranoid is not normally meant as a good thing. The implication is that because a person has extra locks on their front door, checks their back seat before getting into a car and looks around for the exits before settling down to eat at a restaurant, that they are overly concerned about security. The negative connotation is that they are wasting their time, and that nothing bad could ever really happen. But the thing is, a paranoid person only needs to have their supposedly quirky habits pay off once to make a potentially life-saving difference. 

The Paranoid endpoint security platform from Nyotron is so named because it is, in fact, designed to be an extra layer of security, specifically to protect endpoints. As such, some may see the platform as an unnecessary addition, suitable only for those who are overly concerned, dare we say paranoid, about security. The platform could probably stop most attacks against endpoints on its own, but does not make that claim. Instead, it is designed to thwart advanced intrusions that get around or through every other network protection. It acts as a last line of defense and was very effective in that role during our testing.

Getting started

Paranoid is installed as two components. The first is the main user interface console, which acts as the brains of the operation. It is used to monitor intrusions on endpoints and can be a hardware based appliance or served through the cloud as a service. The second component is comprised of software agents that deploy on endpoints. Each is about 15 megabytes and generates almost no network traffic. In fact, because of the way Paranoid works, it can even be installed on air-gapped systems and still function normally, since each agent has all the intelligence it needs to operate right from deployment, with almost no updates ever needed. Pricing for Paranoid is based on an annual subscription fee that is dependent on the number of endpoints being protected.

The philosophy behind Paranoid is that there is an infinite number of ways that hackers can attack a computer and a network, with new techniques popping up all the time. But if an attacker gains access to a system, there are a limited number of things they can actually do based on what is allowed by the operating system. For example, to hurt a system, they might delete some files, steal data or encrypt information as part of a ransomware scheme. Almost every way they could accomplish any of those tasks is different from how a legitimate user or even a legitimate application would carry out those same functions.

As an example, we performed a simple process of deleting a file from the desktop of a test system. We put the mouse over the file, right clicked on it, selected delete, confirmed our action and watched it move to the recycle bin. We were finished in just a few steps. However, on the backend, that procedure equals hundreds of thousands of lines of code, system calls and active processes all working behind the scenes as part of the operating system. What Nyotron did for Paranoid was to map all of those legitimate actions for every possible event on a Windows desktop or server. If any non-legitimate process occurs, Paranoid will prevent it from executing and notify IT teams about the intrusion, either though its own dashboard or using any connected third-party Security Information Event and Management (SIEM) platform.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!