Cyber 2.

0 system Capab
Cyber 2.0

Written by: Erez Kaplan Haelion

Table of Contents
Introduction:.............................................................................................................................2
Monitor mode and inventory:..................................................................................................2
capability’s:...........................................................................................................................2
Advantages:..........................................................................................................................2
Disadvantage:.......................................................................................................................2
Isolation mode and Leveraged malware protection.................................................................3
capability’s:...........................................................................................................................3
Advantages:..........................................................................................................................3
Disadvantage:.......................................................................................................................3
Defense Mode using advance Defense mechanism and whitelisting.......................................4
capability’s:...........................................................................................................................4
Advantages:..........................................................................................................................4
Disadvantage:.......................................................................................................................4
Forensic Capability and advance device management.............................................................5
The Chaos Engine..................................................................................................................5
The Reverse Tracking as tool for leveraging cyber defense..................................................6
Introduction:
In this document we will explain the various mode and capabilities of the Cyber 2.0 system.

The following mode will be explained:

 Monitor and inventory

 Isolation and Leveraged malware protection
 Chaos mode using advance Defense mechanism and whitelisting
 Forensic and advance device management
 Reverse Tracking as tool for leveraging cyber defense

Monitor mode and inventory:

Description: Monitor mode is the initial mode of the system when it is first installed on a
network. It is designed the gather and analyses information about the network it is installed
on.

capability’s:
 Creating a comprehensive inventory of every process or file that was active since the
system was installed, stored information compromise from the following:
o Files
o Versions
o Installed location
o And various other information
 Storing every network transaction on installed system – default setting is for 45 days
(data can be stored indefinitely – depending on storage size)
 Analyze every installed software, version or executable using the file Hash, and show
you every known malicious software on your organization
 Allow you to create, edit and modify Cyber 2.0 Dynamic list
o Nothing will get blocked
o But you will see what would or should have gotten blocked

Advantages:
 Full view of the system
 A complete and comprehensive Inventory
 Fully analyses of the network

Disadvantage:
 No defense mechanism
Isolation mode and Leveraged malware protection
Description: Designed to allow organization a fast and powerful protection against
ransomware and similar forms of attack, while keeping all the benefits of Monitor mode.

Isolation mode only blocks and prevent access to the file system, any other protocol are not
blocked, only reported.

capability’s:
 All the benefits of monitor mode
 Example of Protected Protocols:
o UNC
o SMB
o And similar Network File System protocol
 Protect and wanted software from accessing the network file system
o Program with admin privileges will be blocked
o Access to map drive will be blocked
 Dynamic list automation is supported in Isolation, allowing for smooth and almost
zero maintenance
 No other protocol is blocked or effected

Advantages:
 Full view of the system
 A complete and comprehensive Inventory
 Fully analyses of the network
 Light wight and easily mange
 Powerful protection against the spread and effect of ransom virus and similar
malicious software

Disadvantage:
 Only the network file system access is protected
 The first computer will be infected – the network will be safe
Defense Mode using advance Defense mechanism and
whitelisting

Description: Internal Defense is designed to bring the most cutting-edge defense into your
organization, it creates an unpassable chaos barrier between the computer of a specific
network, and not allowing any unknown or unwanted application to traverse the network.

Any attempt by a malicious software to bypass or deactivate the mechanism will cause the
offending software to get locked on the original computer, while the allowed programs keep
working unhindered.

capability’s:
 All the benefits of monitor mode
 All the benefits of Isolation mode
 All communication is scrambled
 All network traffic is subject to the dynamic list rules
 Dynamic list automation is supported in Defense mode, allowing for smooth and
almost zero maintenance

Advantages:
 Full view of the system
 A complete and comprehensive Inventory
 Fully analyses of the network
 Light wight and easily mange
 Powerful protection against the spread and effect of known and unknown malicious
software

Disadvantage:
 The first computer will be infected – the network will be safe
Forensic Capability and advance device management

Cyber 2.0 has a very powerful and comprehensive monitoring, inventory and forensic
capabilities.

These abilities are based on both the Chaos engine and the Reverse tracking mechanism.

The Chaos Engine

The chaos engine works on the network layer:

Every packet that traverses the network in or out of the computer, passes through the Cyber
2.0 Chaos Engine, and is being logged and the logs are sent to a central controlling server
(local or cloud).

The information is organized and analyzed by the central server. the user can view the
following data:

 Network -one single flow instead of hundreds of packets per connection

 The source and destination of the flow

 The source and destination ports

 The user that initiates the network flow

 The application or process name

 The application or process #md5

 The path of the running application

 In case of a file system access, instead of a port there will be the destination path
and accessed files or doc

 Incoming dropped packages

 Incoming Broadcasts

 Any application that was part of the chain of activation of that network flow

The System has Specialized web base tools that enable the Administrator easy access and
analyzing capability of the information.
The Reverse Tracking as tool for leveraging cyber defense
The Reverse tracking mechanism works on the application layer:

Every time that an application is being opened or an application is using, accessing, sending
data, communicating or doing any sort of interaction with another app or process, it is being
registered and logged and sent to a central controlling server (local or cloud).

The information is organized and analyzed by the central server. the user can view the
following data:

 Any file or process that has been running on any computer

 Display name and True name of the process or file - (when applicable – not all
process and files have a true version)

 The version of each file or process (when applicable – not all process and files have a
true version)

 The #md5

 Allow the Chaos engine to display the chain of networks flows

The System has Specialized web base tools that enable the Administrator easy access and
analyzing capability of the information.