Cyware and HYAS Infosec each today announced their participation in the Microsoft Security Copilot Partner Private Preview.
Cyware was selected based on their proven experience with Microsoft Security technologies, willingness to explore and provide feedback on cutting edge functionality, and close relationship with Microsoft.
HYAS Infosec was selected based on their proven experience with Microsoft Security technologies, willingness to explore and provide feedback on cutting-edge functionality, and close relationship with Microsoft.
Cyware is working with Microsoft product teams to help shape Security Copilot product development in several ways, including validation and refinement of new and upcoming scenarios, providing feedback on product development and operations to be incorporated into future product releases, and validation and feedback of APIs to assist with Security Copilot extensibility. HYAS Infosec is working with Microsoft product teams to help shape Security Copilot product development in several ways, including validation and refinement of new and upcoming scenarios, providing feedback on product development and operations to be incorporated into future product releases, and validation and feedback of APIs to assist with Security Copilot extensibility. To learn more, read the announcement.
Security Copilot is the first AI-powered security product that enables security professionals to respond to threats quickly, process signals at machine speed, and assess risk exposure in minutes. It combines an advanced large language model (LLM) with a security-specific model that is informed by Microsoft’s unique global threat intelligence and more than 65 trillion daily signals.
Posted in Commentary with tags HYAS on November 14, 2023 by itnerd
HYAS Infosec and LDI Connect, a leading provider of managed IT, office and security services, today announced LDI’s selection of HYAS as a strategic addition to their cybersecurity services portfolio.
This partnership enables LDI Connect to enhance its clients’ cybersecurity defenses through the advanced protection capabilities of HYAS Protect protective DNS. By combining authoritative knowledge of attacker infrastructure and unrivaled domain-based intelligence, HYAS Protect lets LDI Connect proactively enforce security and block adversarial command-and-control (C2) communication, protecting customer organizations against malware, ransomware, phishing, and other forms of cyber attacks.
As early adopters of new and innovative technology, LDI Connect understands the critical role that protective DNS plays in their clients’ cybersecurity stack. Continually looking to improve the effectiveness of the services LDI Connect provides to their clients, the MSP recognized that the HYAS protective DNS solution has the highest efficacy rates in the industry in detecting new, unknown and emerging vulnerabilities. (Source: AV-Test) With HYAS Protect in place, LDI Connect clients gain greater visibility, efficacy and protection in their environments with a solution that integrates into any security architecture.
Posted in Commentary with tags HYAS on October 26, 2023 by itnerd
HYAS Research Labs has been following research by Canada’s own CitizenLab and Sekoia on the mercenary spyware “Predator”, made by Cytrox, which was discovered to be targeting an Egyptian former MP (link is to AP story, and is also linked below) who announced a potential run for the presidency.
HYAS security engineer David Brundson investigated the IOCs mentioned in both reports using HYAS Insight and found details that could lead toward threat actor attribution, which he publishes in “Examining Predator Mercenary Spyware”
The HYAS blog provides recaps the threat actor’s attack, delves into strategy and, through HYAS Insight, identifies their likely location.
Brundson also offers HYAS Recommendations: Individuals concerned about possibly being the target of mercenary spyware should reboot their phones daily, as thus far, it hasn’t been reported that Predator has persistence after reboot. Organizations should strongly consider protective DNS, such as HYAS Protect, which was today named for an InfoSec Innovator Award.
Posted in Commentary with tags HYAS on August 2, 2023 by itnerd
Today HYAS Infosec, whose adversary infrastructure platform provides unparalleled visibility, protection and security against all kinds of malware and attacks, today announced their EyeSpy proof-of-concept (PoC), an entirely new type of polymorphic, fully autonomous malware. The malware uses artificial intelligence to make informed decisions and synthesize its capabilities as needed to conduct cyberattacks and continuously morph to avoid detection.
EyeSpy reads its target environment, autonomously determines available attack vectors, generates, and tests and adapts malware until it achieves attack goals.
It reasons on its own, picks the best tools and techniques to use in a given moment, then strategizes and executes an attack, assesses and fixes code failures in-memory to align with its changing attack objective, and continuously evades detection.
Security Mindsets Analyst Charles Kolodgy said in part: “I have seen EyeSpy demoed. The nightmare scenario where malware can autonomously respond to its environment is reality. With EyeSpy, HYAS is getting into the adversarial mindset on what’s coming in the future and is able to be more predictive on what we’ll be facing.”
Todd Graham, Managing Partner, M12 (Microsoft’s venture capital fund), said in part: “There is no doubt this is the next threat landscape and the new theater of war.”
The development of EyeSpy is part of HYAS Infosec’s ongoing research and will ensure that the company’s protection platform extends to the future of malware as well. As part of its continuing research, HYAS recently pioneered AI-synthesized, polymorphic malware with its BlackMamba PoC.
Using the current early versions of generative AI, EyeSpy is capable of:
Selecting its intended victim independently or through a threat actor’s specification
Assessing the target environment, platform, applications and environmental footprint
Identifying optimal vectors to extract information
Writing malware on the fly – for example, if a target is on a specific video conference app, it will compose, test & validate the malware for that app
Executing the attack
Analyzing the QA result
Self-repair and continued attack iteration until it has achieved the attacker’s goals
EyeSpy catapults HYAS even further into a future where such intelligent, autonomous entities will be part of the cyber warfare landscape. EyeSpy represents a significant milestone in the potential evolution of adversary capabilities. Observers note that EyeSpy malware isn’t merely a program – it is an adaptive entity with evolving strategies, making its class of malware an ever-present, dynamic threat that evades detection.
HYAS Labs threat research is accelerating work on technology capable of remediating this emerging class of AI-synthesized, polymorphic malware both to ensure its award-winning HYAS Protect, HYAS Confront, and HYAS Insight solutions provide the superb protection that the market urgently needs, and also to advance the sector’s understanding of and response to new generations of threats.
Posted in Commentary with tags HYAS on May 31, 2023 by itnerd
The Business Intelligence Group today announced that HYAS Infosec has won the 2023 Fortress Cybersecurity Awards in the Threat Intelligence category. The industry awards program sought to identify and reward the world’s leading companies and products that are working to keep our data and electronic assets safe among a growing threat from hackers.
HYAS Insight is an advanced threat intelligence and investigation solution that gives organizations the ability to identify, track, and attribute fraud and attacks faster and more efficiently. Powered by an unrivaled understanding of attack infrastructure and a proprietary graph database — which aggregates information from commercial and private sources and uncovers the relationships between them — HYAS Insight is able to surface previously inaccessible data as well as the rich context needed to use it.
By analyzing data aggregated from leading private and commercial sources around the world, HYAS identifies infrastructure likely to be used in attacks — sometimes months before it is even activated. Powered by this unmatched understanding of attacker infrastructure and methodology, threat intelligence solution HYAS Insight allows users to investigate, identify, and attribute attacks, helping organizations protect themselves from future threats and gain greater visibility into the nature and types of threats and risks they are facing. Additionally, HYAS Insight easily integrates into the set of tools and solutions that clients utilize today, including leading visualization solutions, TIPs, SIEM, SOAR, and even proprietary solutions via JSON APIs.
Posted in Products with tags HYAS on May 15, 2023 by itnerd
Most people that I work with run whatever DNS (domain name service) their ISP provides if they are a home user. Or they may stand up their own DNS server if they are a business user. The problem with either is that it won’t stop threat actors from potentially hitting your network with malware and ransomware just to name two threats. And the CISA backs me on this. Having a Protective DNS service is one layer of a multi-layer approach to cyber security.
That’s where HYAS Protect comes in. It’s a Protective DNS service that protects you from any cyber threat that uses DNS to communicate. Such as threats that use command and control methods of communication. Plus you can get a better insight into what is communicating to whom on your network as that might tip you off as to something amiss on your network. Like a PC that has been infected for example.
What’s really interesting here is that HYAS has a home version that is available for free. I’m assuming the logic is that if you as someone who knows what DNS is uses the home service, you’re more likely to recommend the enterprise grade version to your company. Which is why I’m testing the home version today
To start the process of setting this up, you need to go to this page and enter your information. Within five minutes, you will get this email:
Now it took another four days before I got any further communications from HYAS. And that communication was in the form of this email:
The email has a username in the form of my email address, and a temporary password (both have been redacted the screenshot above) that I was forced to change when I logged into for the first time.
I spoke to Paul Van Gool who is the Senior VP Of Engineering at HYAS, and he mentioned that right now the reason for the delay in getting this email is that any request that they get to sign up for HYAS Protect At Home goes through a manual review process. Something that I can confirm as I used my personal email address as opposed to my corporate one, and a HYAS employee had a look at my LinkedIn profile that is associated with that email address a couple of days later. Which means that they’re trying to figure out real people from threat actors for example. But the goal is to get this fully automated so that you as the end user can be using this product in minutes and not days.
Once I logged in and changed the password, I was then greeted with this screen:
There was a short video that I watched welcoming me to the product. Then I went about configuring it which was a three step operation:
First it identifies your external IP address. Then you have to enter their DNS addresses into your router. Finally you have to test it. It is kind of hard to screw this up if you know your way around a router. And the target audience of this product would know their way around a router. So this part should be trivial.
Now my ISP of the moment is Bell Canada. And they have a habit of changing my external IP address frequently. What happens at that point? According to Mr. Van Gool, you’re still protected because you’re using their DNS service. But any reporting on traffic after the external IP change won’t be reflected in the control panel until you update it with your current external IP. And doing so is a couple of clicks so it’s not a big deal to do. Mr. Van Gool also mentioned that HYAS is looking at putting this more in the user’s face so that it’s clear that this needs to be done.
Once you’re in, you’re presented with a short explainer that you can move through at your own pace:
Followed by an easy to use and reasonably clear control panel:
Now it did take me a few clicks of the control panel on the left side of the screen to figure out what everything was. But if you’ve used these sorts of tools before, it will only take you a few minutes to be up to speed. From top to bottom the functions that are:
Overview – That’s the screen that you’re seeing above. This shows shows an aggregated view of DNS traffic activity.
Log View – This page will display all of your organization’s DNS traffic log data.
Reports – This will download the logs shown that have been checked off into either JSON or CSV format.
Policy Engine – This allows you to turn on/off policies such as blocking adult sites for example.
List Management – This allows you to block individual domains based on domain name or IP address.
Passthrough – This is a feature that is not available in the home version of this product. But it will show any traffic that you have defined as being allowed to passthrough and not get flagged.
Alerts – This allows you to see any alerts that you should take action on.
In my testing of this product, I can say that it works as advertised. My test was to go to a website that is known for all sorts of “shady” behaviour when it comes to what it drops onto your computer and the domains that it contacts. When I went to this site, HYAS Protect At Home reacted like this:
It blocked a bunch of sites that it deemed as untrusted. Which is good. I did some other testing with some “dark” web sites and got the same result. I also found thanks to HYAS Protect At Home that my ASUS router had a tendency to phone home to places that Protect At Home flagged as suspicious. A lot. And it was more likely to do this when I have the configuration webpage open. When it is closed, the amount of “phone home” traffic is still there, but in lower amounts.. But the fun doesn’t end there. My gaming PC is also phoning home to ASUS servers. From what I can tell, the software that is supplied for the ASUS Republic Of Gamers motherboards dials home as well. But it seems to do that on a cold start or a reboot, as well as periodically while it is online. I’ll have to go down the rabbit hole as to why my ASUS stuff seems to be so “chatty” as nothing else on my network appears to be that “chatty” at a future time. But it illustrates another benefit to HYAS Protect At Home. Which is it allows you to gain real insight into what places on the Internet that devices on your network are talking to. That way if you see something that seems odd, you can investigate and take action.
Another thing that caught my attention is that my wife has a tendency to go to sites having to do with cooking. There’s nothing wrong with that. But it looks like the sites in question have a lot of stuff that HYAS Protect At Home did not like because it blocked a lot of things coming off those sites:
When I investigated it, the source were ads that were placed on the site. Why that matters is that things like pop-up scams and malware can often come from ads placed on websites. This is knows as a “drive by attack”. Thus it’s good that these sorts of threats are being proactively blocked long before it can hit your device.
The final area that I tested was DNS resolution speed. As in how how long it takes from the time it takes you to hit enter on the address bar of your web browser before the web page that you want to go to starts to appear. According to Mr. Van Gool, it can be up to 250 milliseconds. And my “seat of the pants” observations seem to be consistent with that as nothing I did was slower than normal. In fact some things that I normally do felt a touch faster.
I have to admit that I am pretty impressed by HYAS Protect At Home. It provides an added level of security, which I was able to verify. On top of that, it has some of the best reporting and visibility tools that I have ever seen. And that’s validated by the fact that I found out stuff about my own network that I need to look into further. And the kicker is that this is the home product. If the home product is this good, imagine how good the enterprise product must be. As far as I am concerned, this is an easy two thumbs up from me. And my advice is if you are responsible for security in your enterprise, feel free to try this out on your home network and see for yourself how good this product is.
Posted in Commentary with tags HYAS on May 9, 2023 by itnerd
HYAS Infosec, leaders in utilizing advanced adversary infrastructure intelligence, detection, and prevention to preemptively neutralize cyberattacks, today announced that globally recognized independent research institute AV-TEST GmbH has independently tested and confirmed that HYAS Protect provides the highest level of cyber security protection achieved to date by a Protective DNS solution.
Specifically, AV-TEST found that HYAS Protect blocked over 87 percent of portable executables (PEs) malware, over 84 percent of non-PE issues (e.g. links pointing to other forms of malicious files), and over 80 percent of phishing URLs, all with incredibly low false positive rates averaging 2 percent. Compared to other Protective DNS solutions tested by AV-TEST, HYAS Protect has achieved the highest efficacy ratings of all protective DNS solutions providers tested to date and results indicate it affords substantially greater protection.
AV-Test has long been viewed as the industry’s go-to leader in rigorous 3rd party testing and evaluation. The complete report is available online at AV-TEST.
CISA endorses Protective DNS, which it recommends in its Shields Up initiative. Protective DNS is also a recommended element of modern secure access service edge (SASE) architectures, and is increasingly factored into cyber security insurance policy decisions.
Regardless of how a bad actor breaks into an organization, the first step in progressing the attack is communication with adversary infrastructure, commonly referred to as command-and-control (C2) for instructions. Protective DNS solutions see this communication, identify it as malicious, and stop the attack by preventing the communication and rendering the attack inert, regardless of whether it originated as a supply-chain, phishing, insider-risk, or something else. Even advanced malware-less attacks still need to beacon out for instructions. At this year’s RSA Conference, CrowdStrike CEO George Kurtz and President Michael Sentonas reported that they have been dealing with an average of one malwareless cyber issue a week during the last couple quarters, reaffirming data reported earlier this year that 71 percent of cyberattacks were carried out without malware, and that malware-less attacks nonetheless need to beacon out for instructions.
Regardless of how a bad actor breaks in or the attack type used, their anomalous communication can be seen by Protective DNS solutions and the attack can then be shut down. The higher the efficacy of a Protective DNS solution, the sooner the infection/identification cycle ends with remediation. CISA’s recommendation reflects the importance of Protective DNS to business resiliency.
HYAS Protect accurately detects and thwarts attacks, with extremely low false positives, through an advanced and patented process.
Data Collection and Context: HYAS collects data continuously and without human involvement from authoritative sources around the world. It combines a set of exclusive, private, commercial and open source data into a graph database with a set of proprietary algorithms to build connections between the nodes in the graph.
Observation Derived Foresight: Through these connections within the graph database, HYAS drives correlations between what has happened, what is happening now, and what will happen to maintain a real-time view of adversary infrastructure on the Internet. In this way, HYAS can actually observe infrastructure as it is built up and know what is and isn’t adversary infrastructure often weeks or months before it is weaponized.
Advanced, Automated Analysis: Through HYAS’ combination of unique data organized into a graph database, and a deep understanding of how the internet functions, HYAS achieves previously unrealized Protective DNS service efficacy results with incredibly low false positive rates.
HYAS Protect is available for commercial use, is easy to deploy and manage, and is pre-integrated with other common components of the cyber security stack including EDR/XDR, SIEM/SOAR, and firewalls. In addition, HYAS Protect is also made available to cybersecurity’s first responders and IT personnel for their home personal use via the completely free HYAS Protect At Home solution which I am testing right now and I will have a review up shortly.
Posted in Commentary with tags HYAS on May 4, 2023 by itnerd
HYAS Infosec, leaders in utilizing advanced adversary infrastructure intelligence and detection to preemptively neutralize cyberattacks, today announced its partnership with RSM, a leader in the professional services industry, to deliver HYAS Protect, which leverages authoritative knowledge of attacker infrastructure to proactively protect enterprises from cyberattacks.
The partnership enables RSM to now offer a solution to its RSM Defense clients that preemptively identifies communication with malicious or compromised domains and thwart cyberattacks — and neutralize adversary infrastructures before they can get started attacking. Access to malicious domains is blocked at the network level, preventing both unintended connections and actions by adversaries, adding to RSM’s best-in-class cyber threat intelligence and managed detection and response services (MXDR).
Phishing, malware, supply-chain attacks, and other nefarious actions all require communication with malicious domains. HYAS protective DNS provides RSM customers with unprecedented visibility and attribution of the origins of attacks and the infrastructure being used.
HYAS Protect provides the best possible protection at the DNS layer against the malicious infrastructure used by malware, ransomware, phishing, and supply-chain attacks. Actions that can be taken include outright blocking and/or alerting so that further investigation can be taken. HYAS provides protective DNS for devices inside and outside customer networks. Its high-fidelity threat signal reduces alert fatigue and improves network intelligence. HYAS also blocks low-and-slow attacks, supply chain attacks, and other intrusions that can lurk in the network.
Posted in Commentary with tags HYAS on May 2, 2023 by itnerd
HYAS Infosec, leaders in advanced adversary infrastructure intelligence and detection to preemptively neutralize cyberattacks, today announced HYAS Onpoint Partner Program that goes beyond typical reseller agreements to work with partners towards a platform designed to help customers prevent attackers from damaging their security network infrastructure.
HYAS Onpoint Partner Program will highlight HYAS’s Protective DNS Platform and how partners can incorporate this into their suite of security offerings and open new doors for additional product sales.
The HYAS Onpoint Partner Program features:
Differentiation: By offering Protective DNS as part of a security solution suite, partners can differentiate their offering from the competition, providing added value to customers.
Increased revenue: By incorporating Protective DNS into their security product offering, partners can increase their revenue by selling additional security services to end-user customers, improving overall customer satisfaction.
Enhanced technical expertise: Protective DNS makes it easy to demonstrate technical expertise in security solutions and helps position partners as a trusted advisor to customers while providing a competitive advantage.
Competitive advantage: By offering Protective DNS, partners can gain a competitive advantage in the market and attract new customers looking for comprehensive security solutions.
Transformative approach: HYAS’s Protective DNS solution uniquely focuses on mapping attacker infrastructure to enable a next-generation approach to proactively identify, counter, and mitigate attacks.
More effective: HYAS’s solution is 3-5x more effective at quickly identifying threats than competing solutions.
Multi-tenant architecture: Enables deployment of multiple clients with logical segregation and centralized management.
Layered approach: HYAS’s solution integrates with services like Microsoft Defender for Endpoint, making conversations simple, and offering easy upsell opportunities to existing customers.
Deep discounts: HYAS offers aggressive discounts off retail pricing, allowing partners to increase profit margins. Partners are also provided product trials to demonstrate functionality and value pre-customer sale.
Robust training and support: Provided for all aspects of sales, onboarding, and ongoing product support, with portal-driven engagement.
Product white labeling: Provides MSP customers with co-branded HYAS Protect dashboards or fully customized partner dashboards so software is tracked only to the partner.
HYAS Protect can be deployed in minutes to improve organizations’ existing security investments by integrating always-on DNS intelligence into security information and event management systems, firewalls, endpoint solutions, and more. HYAS Protect combines authoritative knowledge of attacker infrastructure and unrivaled domain-based intelligence to proactively enforce security and block the command and control (C2) communication used by malware, ransomware, phishing, supply-chain, and other forms of cyber attacks, thereby rendering the attack inert before it can do significant damage.
Posted in Commentary with tags HYAS on April 20, 2023 by itnerd
In an interesting move, HYAS Infosec today moved to “protect the protectors” by offering them free access to HYAS’s industry-leading protective DNS, which detects and blocks communication to adversarial domains — regardless of whether adversaries have already used the domains operationally. New HYAS Protect At Home provides cybersecurity’s first responders with both an early warning and an additional line of defense to help harden their home networks against cyberattacks.
Exploits are continuously evolving to avoid detection by most cybersecurity solutions designed for the home – where gamers, shoppers, online community members, and other family members are often just one bad click away from unintentionally opening the door to an attacker. HYAS Protect At Home changes that equation and offers cybersecurity pros a new level of protection to proactively mitigate threats in real time.
Protective DNS is endorsed by CISA and considered a best practice in network security, and HYAS Protect protective DNS is increasingly used by security-aware organizations around the world. It combines authoritative knowledge of attacker infrastructure and unrivaled domain-based intelligence to proactively enforce security and block the command and control (C2) communication used by malware, ransomware, phishing, and other forms of cyberattacks. HYAS Protect At Home is a free edition featuring:
No configuration required – protection is available out-of-the-box, driven by HYAS unique enterprise-grade domain reputation data
Easy blocking of broadly defined domain categories like gambling, adult websites, etc.
Configurable allow/block lists, policies, and rules
Dashboard to visualize blocked sites, threats, and other data
I’ll be trying this and I will be doing a review of it when I get a chance. So stay tuned for that.
HYAS & Cyware Announce That They Are Participants In The Microsoft Security Copilot Partner Private Preview
Posted in Commentary with tags Cyware, HYAS on November 15, 2023 by itnerdCyware and HYAS Infosec each today announced their participation in the Microsoft Security Copilot Partner Private Preview.
Cyware was selected based on their proven experience with Microsoft Security technologies, willingness to explore and provide feedback on cutting edge functionality, and close relationship with Microsoft.
HYAS Infosec was selected based on their proven experience with Microsoft Security technologies, willingness to explore and provide feedback on cutting-edge functionality, and close relationship with Microsoft.
Cyware is working with Microsoft product teams to help shape Security Copilot product development in several ways, including validation and refinement of new and upcoming scenarios, providing feedback on product development and operations to be incorporated into future product releases, and validation and feedback of APIs to assist with Security Copilot extensibility. HYAS Infosec is working with Microsoft product teams to help shape Security Copilot product development in several ways, including validation and refinement of new and upcoming scenarios, providing feedback on product development and operations to be incorporated into future product releases, and validation and feedback of APIs to assist with Security Copilot extensibility. To learn more, read the announcement.
Security Copilot is the first AI-powered security product that enables security professionals to respond to threats quickly, process signals at machine speed, and assess risk exposure in minutes. It combines an advanced large language model (LLM) with a security-specific model that is informed by Microsoft’s unique global threat intelligence and more than 65 trillion daily signals.
You can read both companies releases here:
Press release – Cyware is a Proud Participant in the Microsoft Security Copilot Partner Private Preview: https://www.businesswire.com/news/home/20231115247824/en/Cyware-is-a-Proud-Participant-in-the-Microsoft-Security-Copilot-Partner-Private-Preview
Press release – HYAS is a Proud Participant in the Microsoft Security Copilot Partner Private Preview: https://www.businesswire.com/news/home/20231115833995/en/HYAS-is-a-Proud-Participant-in-the-Microsoft-Security-Copilot-Partner-Private-Preview
Leave a comment »