Halcyon Arms Itself Against BYOVD Attacks with Major Anti-Ransomware Platform Upgrade
- Cyber Jack
- 39 minutes ago
- 2 min read
In the escalating war between ransomware gangs and defenders, cybersecurity startup Halcyon is betting that an attacker-first mindset is the key to survival. Today, the company announced a sweeping set of new capabilities for its anti-ransomware platform, aimed squarely at neutralizing one of the fastest-growing tactics in the attacker playbook: Bring Your Own Vulnerable Driver (BYOVD) attacks.
The latest spring platform update introduces Kernel Guard Protection, a feature designed to spot and block the exploitation of legitimate but vulnerable drivers that attackers use to disable security software and burrow deeper into systems. This move comes as ransomware operations increasingly weaponize trusted drivers—often signed and widely distributed—to slip past traditional defenses.
"Attackers are always a step ahead, constantly rolling out new techniques to bypass defenses, infiltrate organizations, encrypt and extort them," said Jon Miller, CEO and co-founder of Halcyon. "Over the last few years, we’ve seen attackers rapidly improve their skills when it comes to exploiting vulnerable drivers and using them in their attack campaigns."
The company's updates go beyond Windows systems. Halcyon also bolstered protection for Linux environments—an increasingly popular target in ransomware campaigns—with enhancements to its Data Exfiltration Protection (DXP) engine. The new DXP 2.0 automatically triggers an investigation if data transfer thresholds are exceeded, aiming to catch exfiltration attempts in progress.
Halcyon’s philosophy centers on stopping the operational fallout of ransomware attacks rather than merely detecting them. Their platform uses AI and machine learning to identify ransomware behaviors early, block encryption processes, and intercept attackers’ attempts to steal or lock critical data.
New features in this update also include:
EDR Last Gasp:Â Detects and alerts when ransomware actors attempt to shut down security tools like CrowdStrike Falcon, SentinelOne Singularity, Microsoft Defender for Endpoint, and Palo Alto Cortex XDR.
Enterprise Policy Management:Â Allows organizations and managed service providers to group assets and apply tailored security policies with granular precision.
UX and Workflow Enhancements:Â Upgrades like intuitive protection management, easy data exports, updated webhook configuration, and improved asset filtering aim to streamline security teams' day-to-day tasks.
Miller emphasized that Halcyon’s product development is deliberately "attacker-led," meaning the company prioritizes defending against techniques actually seen in the wild, rather than theorizing future threats. "To defend against Advanced Ransomware Threats (ART)," Miller said, "organizations need a solution that insulates them from the operational impact, evolving at the speed of business to eliminate an attacker's ability to carry out the operation."
The announcement comes at a critical time. Ransomware remains one of the most financially devastating threats to businesses worldwide, with the average cost of an attack now topping $4.4 million. Today, over 10,000 unique ransomware strains circulate on the dark web, targeting everything from global corporations to regional healthcare providers.
Halcyon, which claims to be the only cybersecurity company focused exclusively on eliminating ransomware’s business impact, also offers a notable differentiator: its platform comes backed by a warranty, a bold move intended to give organizations additional financial assurances if defenses are breached.
The company will be showcasing the new platform features at the RSA Conference this week, offering demos at booth #3324.
As ransomware operators continue to sharpen their weapons, Halcyon’s attacker-informed defense strategy may offer beleaguered security teams a badly needed shield in an increasingly asymmetric battle.