Hackers engineer attacks to get past your existing protection. A new file signature may be enough to get past antivirus, and new techniques like fileless delivery and built-in dwell time enable hackers to evade more sophisticated forms of protection.
At Barkly, we recognize that even the most cleverly disguised malware must reveal its malicious nature eventually. Files signatures and attributes change, but the underlying techniques used by malware to gain access and infect your system remain the same. By recognizing these behaviors as they happen, Barkly even blocks never-before-seen attacks.
Instead of looking at files, Barkly analyzes activity locally across multiple levels of the system. We recognize malware based on patterns of behavior, and automatically block its execution before any harm is done.
Barkly's approach to attack prevention is the smartest I've seen. They're not matching signatures or analyzing lists of file attributes. They're watching behaviors locally across all levels of the machine, and shutting down attacks before they can gain traction. It's true prevention, and it works against the most sophisticated attacks.Jay Leader, Rocket Software
Barkly’s protection is delivered through Rapidvisor, a lightweight hypervisor that protects your system while using less than 1% of CPU.
Rapidvisor sits outside the operating system to gain visibility into low-level system activity that other forms of protection can’t see. By watching user processes, operating system functions, and CPU instructions, Rapidvisor has the complete visibility needed to accurately detect malware.
Rapidvisor works constantly and silently in the background, watching activity as it happens. No matter where or when malware tries to execute, Barkly will see and block it when it does.
Rapidvisor recognizes sequences of behavior that form the DNA of malware. Because we look for the techniques used to mount an attack, Barkly is able to block the attack before it can infect the device.
A Barkly customer was browsing the internet when he downloaded what appeared to be a legitimate Firefox update. Instead, the download was a new, fileless, version of Kovter, a malware family known for click-fraud and ransomware. The malware was able to sneak by the user's antivirus because it was fileless and was using a legitimate certificate. Fortunately, Barkly stopped the attack before any damage was done.
Barkly stopped Kovter by recognizing a malicious form of process injection. Process injection is an attempt to inject and run malicious code in the memory of another program. Because Barkly’s Rapidvisor sits outside the operating system, we are able to see attempts to manipulate memory at the CPU level. Even though this variant of Kovter had never been seen before, Barkly automatically blocked its execution.