Why Iguana Cyber?
Block Zero-Day attacks that existing defenses overlooked, while running inline with your existing security solutions.
Go beyond all existing AI, Behavioral Analytics, and Signature-Based Detection with Consensus-Based Defense: Safety In Numbers.
Immediate visibility to the SOC, without alert overload, of only actual exploits.
Iguana vs. all other products
In engineering, it’s standard practice to measure twice, cut once. And, it’s an even better practice to use two different pieces of measuring equipment, from different manufacturers or at least different lot numbers, in case one of them was made faulty.
However, this is not yet an available practice in cybersecurity. If an attacker can compromise one webserver, such as a Windows/IIS server with one exploit, even if that exploit would not work on a Linux/nginx server, it’s game over for the defender.
This product solves the problem of security when an exploit is available for one web server, but not another.
In an analysis of Google Project Zero data, we have found that at no point in the past 10 years have unpatched
remote code execution vulnerabilities been in two different web servers at the same point in time, or within
a one-month window of each other.
Iguana is different than all other security products. Existing cybersecurity solutions require either identification of the threat at some point, or comparison to a known baseline, using any number of techniques; from the first generation of signature-based detection; to the second generation today of AI, Machine Learning, and heuristic techniques today. This product does not assume that such an identification or baseline is known or even able to determined with the complexity of the company’s environment.
Attackers can use AI to rewrite and test their exploit thousands of times per second, until it is not caught by the target antivirus or EDR product.
Iguana's solution does what 3 distinct products are trying to do: Server-Based Exploit Detection and Response, Server-Based Threat Hunting, and Server-Based Data Loss Prevention.
1. Server-Based IPS & EDR (Intrusion Prevention System & Exploit Detection and Response)
Companies currently rely on tools which are prone to excessive false-positives, alerting on every signature, and on every action that might be part of an exploit, leading to alert fatigue or an excessive amount of alerts that cannot be addressed. Additionally, an attacker can blend in and be dismissed as a false positive.
This product only produces an alert when there is at least a bug or a vulnerability in one of the servers, that would have led to a disclosure of sensitive information.
2. Cyber Threat Intelligence (CTI) & Threat Hunting
Existing approaches rely on examining a pre-made list of indicators in the environment, and analyzing them to determine that
something abnormal has taken place. This is vulnerable to something called "expanding the strike zone": if a baseball pitcher starts out by
pitching squarely in the strike zone, then later in the game, baseball umpires will tend to allow more pitches that are just outside of the strike zone
(in the major leagues, this human bias has been widely recognized and is now being addressed by supplying the umpires with a
computerized assistance system).
Similarly, when an attacker gets in your system, over time, their behavior will come to be recognized as normal.
Instead, this product only needs to know that a web server has behaved against what, de facto,
another web server just simultaneously returned on the same request/input.
It does not rely on an identification or enumeration of any indicators of compromise (IoCs) in advance,
unlike existing threat hunting techniques.
3. Server-Based Data Loss Prevention
This product also solves the issue of Server-Based Data Loss Prevention, which so far, is provably not addressed with any existing Data Loss Prevention products. Existing encoding and encryption algorithms can be used to encrypt or encode data in an infinite number of ways, producing a mess that Data Loss Prevention is not able to detect. In our product, we only need to detect whether the data from the two subordinate servers matches up exactly after being normalized, which should always be the case when none of the subordinate servers were subjected to an exploit.
Join the private beta by sending us a message today!