First security company to combine APT detection with lateral movement

Cyphort’s Award-Winning Advanced Threat Defense Platform Includes Malware Lateral Movement Detection and Amazon Cloud Deployment

April 20, 2015

4 Min Read


Santa Clara, CA: April 16, 2015— Cyphort, a pioneer of Advanced Threat Defense (ATD) solutions, today announced the availability of Cyphort Advanced Threat Defense Platform 3.3 (ATDP). Version 3.3 includes malware lateral movement detection, the ability to combine advanced targeted attacks and Advanced Persistent Threats (APT) detection with lateral movement. This provides customers a complete picture of the attack as it happens and the potential spread within an organization, in real-time.

Several high-profile targeted attacks have utilized lateral movement as a way to penetrate organizations and seek out sensitive data, causing substantial financial and brand damage. This includes attacks on retailers targeting their PoS systems, attacks at oil companies that wiped their devices and many other attacks on telecom providers. Lateral movement of malware occurs after a compromised device joins an organization’s trusted network. The advanced malware then proceeds to replicate itself onto other vulnerable systems until a data rich target has been compromised.

"Lateral spread of threats is a big concern as the networks are becoming more open and users can join and leave the networks as they please,” said David Giambruno, senior vice president and CIO at TribuneMedia. “Cyphort’s approach of leveraging their existing detection engine for lateral spread is unique. Their distributed deployment model combined with this new capability will provide unparalleled visibility into threat activity in our organization."

Cyphort breaks new ground by combining the inspection of internal enterprise traffic with the innovative behavioral analysis array of sandboxes and machine learning analytics currently protecting enterprises from internet-based threats. This approach results in a clear picture of the impact and spread of advanced attacks while minimizing the false positives and false negatives.
Containment of advanced threats includes two aspects, isolation of the infected endpoints and blocking communication with the C&C servers. Today, Cyphort coordinates with several endpoint solutions on the market to validate and isolate compromised endpoints, preventing further spread of an attack.

“Today, no other company offers this groundbreaking malware lateral movement detection functionality utilizing sandbox based payload analysis,” said Dr. Fengmin Gong, co-founder and chief strategy officer with Cyphort. “There are a number of ‘network behavior’ based post-breach detection solutions on the market however, their efficacy remains dubious since they are not monitoring for malicious content, instead they are looking for traffic usage anomalies. Cyphort detects advanced malware present in the content being transferred internally and can immediately pinpoint the source and target of affected devices and provide the ability to contain the threat.”
Additional enhancements to Cyphort Advanced Threat Defense Platform 3.3 include:

· Amazon Cloud Deployment: Cyphort Core (the main analysis component) can now be deployed as an Amazon Machine Image (AMI) in Amazon Web Services (AWS). There are several customer benefits of this deployment, including the ability to more efficiently deal with fluctuations in demand, which optimizes resources. In addition, this enhancement also supports the transition to Hybrid Cloud infrastructures.

· Standard’s Based Threat Data Exchange: With this release, Cyphort is adding support for Structured Threat Information Expression (STIX). Cyphort already supports native integration with a number of ecosystem partners. With STIX support, network perimeter and endpoint client based solutions will be able to receive threat containment information from Cyphort and use it to block threat activity. In addition, STIX will allow easy data exchange across organizations.
Version 3.3 of the Cyphort Advanced Threat Defense Platform is currently in Beta and will be generally available in June 2015. 

Stop by Cyphort’s booth #438 at the RSA Conference to learn more about Version 3.3 of their award-winning product and to meet the company’s executives.

About Cyphort
Cyphort is an innovative provider of Advanced Threat Protection solutions that deliver a complete defense against current and emerging Advanced Persistent Threats, targeted attacks and zero day vulnerabilities. The Cyphort Platform accurately detects and analyzes next generation malware, providing actionable, contextual intelligence that enables security teams to respond to attacks faster, more effectively, and in as surgical a manner as their attackers.  Cyphort's software-based, distributed architecture offers a cost effective, high performance approach to detecting and protecting an organization’s virtual, physical and cloud infrastructure against sophisticated attacks. Malware detection for Windows, OSX and Linux allows businesses to extract maximum value from IT assets without compromising the security of an organization.  Founded by experts in advanced threats from government intelligence agencies and premier network security companies, Cyphort is a privately held company headquartered in Santa Clara, California. For more information, please visit:

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights