Advanced Cyber Resiliency Solution
Countervail is a software- and data-authentication solution that increases the cyber resiliency of mission-critical and support systems by assuring the integrity of operating systems, applications and data. Its feature set can be customized to address a wide range of deployment use cases.
Countervail’s threat model assumes the attacker already has privileged access to the system.
Integrated public/private critical infrastructure and Department of Defense weapons systems are increasingly reliant on software-powered control and support systems, making them prime targets for cyber adversaries. And because a system with multiple endpoints is only as secure as its weakest link, hackers may find indirect paths to compromise their targets by exploiting support systems with weaker cyber protections.
The increasing use of commercial off-the-shelf (COTS) systems worsens this problem. All the upsides of using COTS solutions in the enterprise – fast technical advancement, easy acquisition, and low costs – are also enjoyed by adversaries who can easily acquire and exploit identical hardware and software. When a poorly-protected COTS support system is compromised, an adversary can penetrate even heavily-secured primary systems much more easily.
And while risk management framework controls, commercial information assurance tools and vendor security mechanisms can prevent some basic attacks, they’re not effective as a singular line of defense.
Securing the mission
Countervail is off-the-shelf cyber resiliency software that secures devices running modern Windows and Linux operating systems.
The easy-to-use solution actively maintains the integrity of software and files -- both on disk and in memory -- by creating a trusted, authenticated environment that prevents unauthorized execution without modifying files on protected systems or requiring major changes to existing organizational processes.
When paired, Countervail and Raytheon Technologies’ Boot Shield deliver a comprehensive software and hardware root-of-trust framework for detecting, preventing, and responding to cyber threats in real time.
Validates and maintains operating system integrity, protecting the OS from attacks.
Ensures that a system is being operated in its intended configuration, actively preventing all users from modifying, moving, deleting, or changing a protected file’s attributes.
Stops unauthorized applications, libraries and drivers from being executed on a protected system, preventing attackers from running malicious code or introducing malware tools to gain introspection.
Detects and logs suspicious events – including user attempts to execute unauthorized applications, access protected data or remove Countervail protections -- that may indicate a security threat.
Loads as early in the boot sequence as possible, and can be paired with Boot Shield to secure the early boot process.
Real-Time Response and Healing
Can be configured to detect modification of applications or data in memory, respond in real time to help fight through an attack, and actively heal damage sustained during a memory-based attack.
Supports the application of regular updates to Windows and Linux system software, and to protected data and applications installed on the system.