Halcyon Releases Kernel Guard for Vulnerable Drivers and New Anti-Ransomware Features

The Halcyon team is excited to announce some awesome new platform capabilities to protect organizations from modern ransomware attacks, including the exploitation of vulnerable drivers.

Ransomware attackers are increasingly exploiting legitimate but vulnerable drivers to disable security software, a tactic commonly known as Bring Your Own Vulnerable Driver (BYOVD). To protect against this prevalent technique, Halcyon is introducing Kernel Guard Protection in its latest spring platform update.  

“Attackers are always a step ahead, constantly rolling out new techniques to bypass defenses, infiltrate organizations, encrypt and extort them. Over the last few years, we’ve seen attackers rapidly improve their skills when it comes to exploiting vulnerable drivers and using them in their attack campaigns,” said Jon Miller, CEO and Co-Founder, Halcyon.

“To defend against Advanced Ransomware Threats (ART), organizations need a solution that insulates them from the operational impact, evolving at the speed of business to eliminate an attacker's ability to carry out the operation. We follow an ‘attacker-led’ product development strategy to ensure we’re staying ahead of the latest threats.”

Additionally, Halcyon has updated protection for attacks on Linux systems and data exfiltration to further insulate customers from the business impact of ransomware, ensuring that business operations are never disrupted, and ransom payments or restoration from backups are unnecessary.

Key Platform Updates Include:

• Halcyon Kernel Guard Protection — Halcyon identifies malicious use of known vulnerable drivers for Bring Your Own Vulnerable Driver (BYOVD) techniques, preventing attackers from disabling security controls and exploiting inherent trust associated with signed drivers.  

• EDR Last Gasp – Halcyon detects and alerts on attempts to shut down third-party security tools, such as CrowdStrike Falcon, SentinelOne Singularity, Microsoft Defender for Endpoint, and Palo Alto Cortex XDR.

• Halcyon DXP 2.0 — Improvements to Data Exfiltration Protection (DXP) now detect if a preset data volume threshold is exceeded, automatically engaging the Ransomware Detection and Response (RDR) team to investigate.

• Halcyon Enterprise Policy Management — Policy Groups enable organizations and MSSPs to assign Detection, Protection, or Lock Down policies to specific groups of assets with similar security requirements.

• UX Upgrades — Improved platform usability features include easy data export for report creation, intuitive protection mode management, updated webhook configuration functionality, improved asset filtering, and a host of “quality of life” improvements to enhance customer workflows.  

Ransomware remains the most significant threat to business operations and revenue today — there are presently more than 10,000 unique ransomware strains, and an attack costs a business an average of $4.4M.  

Halcyon is the only cybersecurity company laser-focused on eliminating the business impact of ransomware, leveraging AI/ML to prevent ransomware from executing, and identify and disrupt attacker behaviors. Halcyon uses proprietary key-material capture to eradicate cybercriminals’ ability to encrypt systems, steal data, and extort companies.  

The company’s commitment to innovation, informed by an attacker-led development model, ensures Halcyon customers remain protected from the evolving threat of ransomware. Learn more about the Halcyon Anti-Ransomware Platform here.

Halcyon.ai eliminates the business impact of ransomware. Modern enterprises rely on Halcyon to prevent ransomware attacks, eradicating cybercriminals’ ability to encrypt systems, steal data, and extort companies – talk to a Halcyon expert today to find out more, and check out our quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.