Designed to Defeat Ransomware. Built to Secure the Enterprise.
Reduce organizational risk, prevent business downtime, and never pay a ransom again with the only anti-ransomware platform with built-in key interception and automated recovery.
Research, development and application. Rinse. Repeat.
The Dynamic Nature of Ransomware Requires a Resilient Approach
Prevent ransomware from taking hold.
Trained on millions of ransomware TTPs and behavior indicators, the Halcyon ML/AI models continuously adapt and respond to the ever-evolving nature of ransomware. Halcyon also reinforces other modern security tools from getting bypassed, in order to prevent attackers from getting a persistent foothold.
Stop data exfiltration and extortion in its tracks.
Elvis may have left the building, but your data will not. Bad actors know victims might not pay to decrypt so they attempt to exfiltrate data to gain more leverage. Halcyon prevents your data from being stolen by disrupting these actions in transit, mitigating any intended double and triple extortion attempts.
Reduce recovery to hours not weeks.
Reduce your mean time to recovery by up to 90%, without relying on backups. Halcyon agents intercept encryption keys and recover the affected endpoints at the system level. This effectively eliminates all the risks of restoring from backup like operational disruption, data loss, downtime, or restoration failures.
Expertly Built with the Enterprise in Mind
The effects of ransomware can be felt enterprise-wide, regardless of roles or responsibilities. The Halcyon platform is built to reduce ransomware risks at every step of the way, with each of these stakeholders in mind.
Ensure smooth operations even in the event of a breach
Halcyon customers are able to quickly recover from ransomware and restore business operations. Ransomware is quickly quarantined and triaged, reducing the blast radius from damaging the supply chain.
Restore in minutes without paying a ransom or relying on backups
Halcyon customers enjoy a state-of-the-art key capture system that grabs ransomware encryption keys from memory and stores them safely. When ransomware is detonated, the Halcyon platform immediately reacts to protect the environment, neutralize the threat, and restore the endpoint to the original secure state.
Equip our lightweight, effective, always-on endpoint armor
The Halcyon Agent is not only lightweight and effective from its own anti-ransomware usage, it protects other products from attacker behavior. After gaining initial access, attackers routinely target security tools active on the endpoint because of the lower resource cost. The Halcyon agent specifically prevents leading endpoint tools from being disabled, bypassed or unhooked.
Collect artifacts automatically to lower restoration costs
Halcyon collects evidence and artifacts for much more effective postmortems. Maintain compliance and notification requirements and get through the recovery cycle faster. Patch vulnerable areas in your defense by understanding how attackers broke in
Triage and quarantine rogue processes as they emerge
Halcyon makes it easy for analysts to understand the origin of rogue process identification and to effectively triage any dangerous process running on an endpoint with a Halcyon agent. Analysts enjoy zero configuration and policy tuning requirements in the platform for an enhanced experience.
Here's How It Works
Windows OS Environments
Other OS Environments
Low Footprint, High Performance
Halcyon understands every admin has “agent fatigue” and we value the importance of minimizing system impact. Our agent has been deployed to over one million systems with zero compatibility issues or conflicts with other tools.
Constant Performance Testing
Minimal Resource Impact
Security Stack Compatibility
Extended Agent Capabilities
Key Features & Benefits
Threats like ransomware are designed to evade modern security tools, and just one miss can have a catastrophic impact on your organization.
API-Driven Workflows
Modern SOC and MSSP teams need products that integrate with their workflows. The Halcyon platform can be deployed and managed entirely via API.
Pre-Execution Defense
Halcyon is built exclusively to combat commodity and targeted ransomware, before it can execute, by using industry-leading applications of CapsNet built ML/AI trained solely on ransomware.
Conflict-free Security Tool
Security teams use countless products for triage, management and defense. Halcyon is designed to be conflict-free from the outset allowing your organization to deploy alongside EPP/EDR/XDR without issue.
Key Intercept & Capture
Capturing attacker generated encryption keys is our bread and butter. If an ransomware actor gets past endpoint controls, Halcyon intercepts key material, pairs it with a custom decryptor and unlocks any encrypted data quickly without restoring from a backup.
Data Exfiltration Prevention
Ransomware actors commonly steal sensitive data and use it as additional leverage to force a victim to pay. Halcyon's add-on DXP module brings enhanced protections to the core Halcyon platform to stop data from leaving the network and prevent this "double extortion".
Built for the Enterprise
Halcyon currently offers support for Windows 10 & 11, and Windows Server 2012 x64, 2016, 2019, 2022. Halcyon Linux support will be generally available in 2H 2024 for RHEL, Debian, Ubuntu and AWS Linux.
Recovery & Resilience
Encryption Event Detected
Halcyon’s AI detects ransomware attacks in real time while proactively looking for indicators of ransomware. Halcyon’s autonomous playbooks (ENIGMA) are triggered.
Key Materials Captured
Halcyon captures key materials during the ransomware encryption event and safely stores them from any further tampering.
Automated Investigation
Ransomware recovery process begins, to ensure stable business operations as quickly as possible. Artifacts are collected and preserved for future investigation.
Decryptor Activated
A decryptor deployed by Halcyon starts decryption via collected key material, and state-of-the-art ransomware encryption bypass methods.
System Restored Without Backups
System(s) are restored to operational within minutes or hours thanks to keyless decryption. Restoring happens at the system level to avoid backup failure risk.
Become Ransomware Resilient.
Talk to a Halcyon Services expert to learn more
