Cybereason Announces New PowerShell Protection Technology

Share Article

Cybereason is the First and Only Cybersecurity Company Offering Behavioral Analysis to Block Malicious PowerShell Attacks

"Cybereason's PowerShell protection technology is the industry’s only solution for preventing and blocking this escalating attack vector.” Sam Curry, chief security officer, Cybereason.

Cybereason, creators of the leading cybersecurity data analytics platform including endpoint detection and response, next-generation antivirus, and active monitoring services, today announced the industry’s first and only solution to proactively prevent PowerShell attacks using behavioral analysis. Cybereason’s Enterprise Attack Prevention Platform uniquely provides deep visibility into all activities, good and bad, taking place in an environment, including abuse of the PowerShell engine.

Fileless malware attacks have gained traction among adversaries in recent years. In fact, one third of organizations faced a fileless malware attack in 2017 according to the SANS 2017 Threat Landscape Survey. Unlike attacks carried out by traditional malware, these malicious operations don’t require the attackers to install a single piece of software on a target’s machine. Instead, fileless malware attacks leverage legitimate applications and IT tools built into Windows, particularly PowerShell, for malicious activity. The malicious use of otherwise legitimate programs makes detecting and preventing these attacks particularly challenging since they are generally trusted by default.

How Cybereason’s PowerShell Blocking Technology Works
Unlike other solutions offered by EDR vendors, Cybereason’s technology looks at not only the raw script or command line, but at every action taken by the code that's running within the Powershell engine. This visibility enables behavioral analysis not only at the process level, but also deeper, on the PowerShell code level, in order to block malicious scripts before they execute.

The Cybereason solution has unique and powerful capabilities including:

  • Addressing all versions of PowerShell, including the most common and least secure PowerShell version 2
  • Handling every type of invocation of PowerShell, including command line, interactive, script file and loading of System.Management.Automation.dll by managed or unmanaged processes
  • Coping with obfuscation of any kind
  • Notifying analysts about the attack and providing relevant details, such as the users and machines involved

The PowerShell protection technology is part of Cybereason’s NGAV offering. Current customers will be upgraded for free.

“Fileless malware attacks can be devastating for security teams and their organizations. Not only can these attacks bypass antivirus and even EDR software, but many traditional approaches to security are rendered useless in the face of these attacks,” said Sam Curry, Chief Security Officer, Cybereason. “While the competition claims to block PowerShell attacks, their exploit blocking is based entirely on command line and will miss a lot of malicious activities and runs the risk of stopping legitimate use indiscriminately. The Cybereason solution is the industry’s only solution for preventing and blocking this escalating attack vector.”

"Enterprises face a real challenge today detecting fileless malware attacks, and with the easy availability of these techniques on the market, they present yet another security challenge for SOCs and security analysts," said Nick Percoco, Chief Security Officer at Uptake and Cybereason Advisory Board Member. "Cybereason's solution to detect and prevent malicious PowerShell activities is an important development and a breath of fresh air due to the prevalence of these attacks.”

About Cybereason
Cybereason, creators of the leading cybersecurity data analytics platform, gives the advantage back to the defender through a completely new approach to cybersecurity. Cybereason offers endpoint detection and response (EDR), next-generation antivirus (NGAV), and active monitoring services, all powered by its proprietary data analytics platform. The Cybereason suite of products provides unmatched visibility, increases analyst efficiency and effectiveness, and reduces security risk. Cybereason is privately held, having raised $189 million from top-tier VCs, and is headquartered in Boston, with offices in London, Tel Aviv and Tokyo.

Learn more:
Follow us: Blog | Twitter | Facebook

Media Contact:
Bill Keeler
Director, Public Relations
(929) 259-3261

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Bill Keeler
Cybereason Inc.
+1 (929) 259-3261
Email >
Visit website