Kernel Guard
Blocking BYOVD (Bring Your Own Vulnerable Driver) attacks
Kernel Guard protects against the increasingly popular BYOVD (Bring Your Own Vulnerable Driver) technique used by groups such as BlackByte, RobbinHood, and AvosLocker. The system maintains a database of more than 1,000 known vulnerable drivers and blocks their loading. Additionally, it detects anomalies in the behavior of newly loaded drivers, protecting against zero-day exploits at the kernel level.
Enterprise-grade protection compliant with regulatory requirements and security standards
Fast deployment with minimal resource overhead
Dedicated support from a certified partner
Easy integration with your existing infrastructure
Key features
- Database of more than 1,000 vulnerable drivers with weekly updates from LOLDrivers
- Blocking of unsigned and revoked certificate drivers from loading
- Behavioral analysis of drivers detecting rootkits in kernel mode
- Protection against DSE bypass and test signing exploitation
- Integration with Microsoft WDAC/HVCI for defense-in-depth
Business benefits
- Blocking 100% of known BYOVD attacks used by ransomware
- Protection against privilege escalation to the SYSTEM/kernel level
- Elimination of an attack vector responsible for 35% of breaches
- Strengthening OS security without impacting performance
- Compliance with CMMC and FedRAMP requirements for kernel integrity
Why Halcyon?
The world's first platform dedicated exclusively to ransomware protection. Halcyon uses advanced behavioral detection techniques to block encryption in real time, and in the event of an attack, enables automatic recovery of encrypted files without paying a ransom.
Need Kernel Guard in your organization?
As a certified Halcyon partner, we'll help you deploy and configure the solution.