Standing On The Shoulders of Giants, with Failure in Mind.

Over the last 25 years, my co-founder Ryan and I have been involved in the launches of dozens of products. Some were monumental successes that rang through the entire industry and others, for one reason or another never gathered the same attention and quietly got reduced to a repository of code that was repurposed for parts. Our previous product launch at Cylance, now Blackberry, was one of those monumental successes. From the get go, it was obvious that the industry was still hungry for a solution that could help them beyond what exists with traditional antivirus. The adoption was staggering. Even though Crowdstrike was a year older than Cylance, we were able to demolish their revenues and deployments, leading us to become the quickest infosec company to hit $100mm in annual revenue. And for one obvious reason: our product worked better and we could prove it. This taught us a lesson that we have adopted today: you have to be able to prove that you work better and you have to demonstrate that to customers again and again.


During the Colonial Pipeline breach at the start of May, Ryan and I started to research the ransomware problem. We wondered why, even in 2021 with $250 per endpoint per year next gen antivirus and managed endpoint detect and respond, ransomware was still so effective. Essentially, the problem we identified is that ransomware is different. While traditional malware tends to be low and slow, giving months for detection as the attackers infiltrate and lateralize, with ransomware, the actual attack happens very quickly, usually within minutes of execution. Even though attackers may be present in the network and on the systems for months at a time, the true ‘ransomware’ event simply moves quicker than the current technologies are capable of stopping. This leaves companies to either pay, restore from backup, or wipe a machine and start fresh. In the worst case scenario, a combination of the three.


Thus, we arrived at a conclusion - current technologies don’t have the architectures and focus necessary to mitigate the risks posed to today’s enterprise. Sure they can stop 90%+ of ransomware, but in a world where hundreds of thousands of new variants of malware get released every day, that’s not enough.


Drawing from our collective experience we saw that the design needed to have two key elements to successfully push back on the problem. The first is that the solution needs to be adaptive. When your attacker is a multibillion dollar crime group, they have the resources to compete and evolve, and the solution needs to adapt in kind.  The second key element is that the solution needs to be designed with failure in mind.  All endpoint protection products suffer from failure but the end user’s experience is either success or catastrophic failure.  An antiransomware solution should be designed to mitigate the business impact of failure by providing resilience.  


Before the Colonial Pipeline hack was over, we had already started crafting an architecture that could do exactly that. A solution that is laser focused on ransomware (not just the endpoint but exfiltration as well) and fills in the gaps left by the traditional big players in the space. Since we focus purely on ransomware instead of all malware, we can make sure our customers can confidently go to the board and eloquently communicate how they have protected their enterprise from ransomware in a way where even the least tech savvy board directors can understand. After all, the proof of a working antiransomware product is obvious: either it stops the ransomware or you start responding to an incident ten minutes later.


Over the last six months we’ve been lucky to work with some of the most sophisticated security teams inside the Fortune 500, tuning our architecture and endpoint to deliver not only efficacy, but at a much smaller system footprint than other endpoint protection products that have come in the past. Through over 10 patent pending innovations, we have developed an endpoint (for Windows Server and Desktop currently) that we feel confident can turn the tide on the ransomware attackers.

Join us in the fight against ransomware and contact us for a demo today!


Jon Miller

CEO & Co-founder

Ryan Smith

CTO & Co-founder


The Halcyon Platform

Halcyon is the industry’s first dedicated, adaptive security platform focused specifically on stopping ransomware attacks. Halcyon is built by offensive security experts to stop attackers. Our platform is a lightweight agent that combines multiple proprietary advanced prevention engines along with AI models trained solely on ransomware.

Ready to get a demo? Fill out the form and let’s talk!

Get a Demo

Meet with a Halcyon Anti-Ransomware Expert

Cookie Consent

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.