Back to Press Center

Halcyon Strengthens Cyber Resilience with Kernel Guard Vulnerable Driver Protection and Next-Gen Anti-Ransomware Features

Written by
Halcyon Team
Published on
Apr 22, 2025

SAN DIEGO--(BUSINESS WIRE)--Halcyon, the leading platform designed from day one to defeat ransomware, today announced new platform capabilities to protect organizations from modern ransomware attacks. Ransomware attackers are increasingly exploiting legitimate but vulnerable drivers to disable security software, a tactic commonly known as Bring Your Own Vulnerable Driver (BYOVD). To combat this prevalent technique, Halcyon is introducing Kernel Guard Protection in its latest spring platform update along with new features for protecting Linux systems and combating data exfiltration.

“Attackers are always a step ahead, constantly rolling out new techniques to bypass defenses, infiltrate organizations, encrypt and extort them,” said Jon Miller, CEO and Co-Founder, Halcyon. “Over the last few years, we’ve seen attackers rapidly improve their skills when it comes to exploiting vulnerable drivers and using them in their attack campaigns. To defend against Advanced Ransomware Threats (ART), organizations need a solution that insulates them from the operational impact, evolving at the speed of business to eliminate an attacker's ability to carry out the operation. We follow an ‘attacker-led’ product development strategy to ensure we’re staying ahead of the latest threats.”

Key platform updates include:

  • Halcyon Kernel Guard Protection Halcyon identifies malicious use of known vulnerable drivers for Bring Your Own Vulnerable Driver (BYOVD) techniques, preventing attackers from disabling security controls and exploiting inherent trust associated with signed drivers.
  • EDR Last Gasp Halcyon detects and alerts on attempts to shut down third-party security tools, such as CrowdStrike Falcon, SentinelOne Singularity, Microsoft Defender for Endpoint, and Palo Alto Cortex XDR.
  • Halcyon DXP 2.0 Improvements to Data Exfiltration Protection (DXP) now detect if a preset data volume threshold is exceeded, automatically engaging the Ransomware Detection and Response (RDR) team to investigate.
  • Halcyon Enterprise Policy Management Policy Groups enable organizations and MSSPs to assign Detection, Protection, or Lock Down policies to specific groups of assets with similar security requirements.
  • UX Upgrades Improved platform usability features include easy data export for report creation, intuitive protection mode management, updated webhook configuration functionality, improved asset filtering, and a host of “quality of life” improvements to enhance customer workflows.

Ransomware remains the most significant threat to business operations and revenue today — there are presently more than 10,000 unique ransomware strains, and an attack costs a business an average of $4.4M. Halcyon is the only cybersecurity company laser-focused on eliminating the business impact of ransomware, leveraging AI/ML to prevent ransomware from executing, and identify and disrupt attacker behaviors. It uses proprietary key-material capture to eradicate cybercriminals’ ability to encrypt systems, steal data, and extort companies. The company’s commitment to innovation, informed by an attacker-led development model, ensures Halcyon customers remain protected from the evolving threat of ransomware.

For a product demo at RSAC, please visit booth #3324

About Halcyon

Halcyon is the only cybersecurity company that eliminates the business impact of ransomware. Modern enterprises rely on Halcyon to prevent ransomware attacks, eradicating cybercriminals’ ability to encrypt systems, steal data, and extort companies. Backed by an industry-leading warranty, the Halcyon Anti-Ransomware Platform drastically reduces downtime, enabling organizations to quickly and easily recover from attacks without paying ransoms or relying on backups.

Learn more at www.halcyon.ai.

Contacts

Will Clark
Marketbridge for Halcyon
halcyon@marketbridge.com