The Problems

That Come With


There are 19 ransomware attacks

attempted every second.


The average recovery cost for a

ransomware attack is $4,620,000.


The average time for recovery

for a ransomware attack

is 21 days of downtime.

But you don’t need to be left

vulnerable to ransomware!

As ransomware groups evolve, their methods of operation, encryption techniques, and evasion tactics continues to become more sophisticated. ransomMDR is built with the foresight and adaptability to evolve beyond ransomware and advanced threats.

Customers are struggling with ransomware despite having a robust security stack and endpoint protection being more advanced than ever.

The current generation of endpoint protection is outmatched and endpoint detection and response platforms and are too slow to stop ransomware.

ransomMDR uses Vertek’s security services to keep your systems safe. Vertek monitors security and event logs and filters out false alarms to help our security analysts focus on real threats.

Current technologies cover a broad range of basic threat protection, but ransomware behaves differently than run of-the-mill malware.

hal-rep (004)

Two Big Problems with EPP and EDR

EPP/EDR can be bypassed: ransomware attackers are constantly evolving their techniques to evade detection by EDR solutions. This means that EDR cannot always be relied upon to stop ransomware attacks.

EPP/EDR does not provide automated decryption: if ransomware is successful in encrypting files, EDR cannot automatically decrypt them. This means that organizations will need to rely on manual decryption methods, which can be time-consuming and expensive.

ransomMDR brings a low-cost, high-value managed solution to customers of all shapes and sizes

``In the realm of cybersecurity, the adversaries are relentless, and the landscape is
perpetually shifting. Our alliance with Vertek is not just strategic; it's essential. By
melding Halcyon's state-of-the-art anti-ransomware capabilities with Vertek's
profound expertise in managed detection and response, we're not merely
addressing the threats of today. We're anticipating the challenges of tomorrow,
ensuring that businesses have a proactive, agile, and resilient defense in an era
where cyber risks are omnipresent.``

How the Halcyon Agent & Platform Works


Using a capsule network approach to AI models, the Halcyon cloud and agent have accelerated learning abilities compared to previous generations of ML-based tools. With a “suspiciousness score” that follows parent/child processes, even if an initially benign application commits a malicious action later, Halcyon’s agent will retroactively convict all associated processes along the entire event chain.


Exploiting the tactics, techniques and procedures attackers deploy during ransomware campaigns is crucial. By tricking a ransomware actor’s tools into thinking a system is high-value or invalid target, we can expose additional indicators of maliciousness and prevent execution even if the first layer of protection did not initially block the process.


The Halcyon agent looks at millions of dimensions of a program including provenance, behavior, and communication paths throughout the process lifecycle to determine the true nature of a process and prevent harmful ones from executing.

Recovery + Resilience

The platform is designed with an understanding that security controls will fail, and it has been built accordingly. If all prevention layers are unsuccessful, our
resiliency layer allows for near-instant recovery via key material capture or keyless recovery

Halcyon Agent Performance

Halcyon understands every admin has “agent fatigue,” and we value the importance of system impact

• We are deployed on over one million systems with zero compatibility or endpoint security controls issues
• The initial deployment period in “Learning Mode” ensures the Halcyon Platform is rolled out with little to no negative impact

Performance is of paramount importance to us, for not only us, but to our customers’ benefit:
• Halcyon has a robust performance testing regimen leveraging operating system vendors’ latest performance tuning and instrumentation.
• This ensures minimal impact and transparent performance:
• CPU Footprint: ~3%
• Memory Footprint: ~100 MB

Performance Testing

• Driver I/O Performance
• CPU Usage and Performance
• Memory Usage and Performance
• File I/O Usage and Performance

Halcyon Anti-Ransomware Prevention

Halcyon Anti-Ransomware Recovery

Halcyon Anti-Ransomware Data-Exfilitration