BlackFog consists of multiple layers of protection to combat the increasing sophistication of cyber attacks. Using BlackFog’s unique outbound network defense strategy it is possible to target the attack and multiple points of its cycle as detailed below.
Spyware and Ransomware
The Spyware and Ransomware layer blocks blocks more than 26 million known transmission sites for bad actors and prevents data leaking from your device to these sites. It includes all known command and control servers and suspicious transfers off your device.
The Forensic Tools layer disables data collection and remote access from software that can be installed in the BIOS of your device. This detects and terminates process in real time to ensure your device remains protected.
The Malvertising layer blocks Web Advertising in real time across the entire device regardless of browser. This reduces the total attack surface area to cyber criminals. It blocks display ads, modal popups and video based advertising. It does not require any browser based plugin to function. You can also combine this with whitelisting if you would like to bypass this filtering on specific web sites.
Profiling and Tracking
The profiling and tracking layer eliminates the collection of browsing and behavioral data while you are browsing the Internet. It also ensures that your information is not being shared with third parties for future marketing efforts. Many cyber criminals drop cookies onto your device to track you and to redirect your browser to sites used for dropping malware.
Suspicious Address
Many bad actors use direct IP addresses when communicating with their own servers. Unless you are a developer it should be rare that you need to use a direct IP address for a legitimate purpose. This option allows direct IP addresses to be automatically blocked.
The Dark Web is the primary communications channel for most ransomware and malware. Bad actors will use this to both activate and collect your data. By enabling this feature you can stop communication through the Dark Web. This will also prevent users from using Dark Web browsers such as TOR as well as many other tunneling and proxy servers for anonymizing outbound traffic.
Geofencing
Geofencing is a technique for blocking data transmission (exfiltration) to other countries. Since many attack vectors come from a small number of countries it is advisable to geofence them to protect your device. You can add specific countries in the Network > Geography settings.
Application Gateway
When bad actors target your machine over the network they commonly use firewall ports they know are already open, such as HTTP and HTTPS. They use these ports to send non-HTTP(s) traffic to send data back to Command and Control Servers (CC Servers) to steal data. BlackFog detects these messages and blocks them before they can do any damage.
Cryptocurrency mining is growing exponentially as a way for cyber criminals to make money. Rather than using there own computing resources, power and equipment they would rather use yours. They infect your computer with code to steal CPU cycles and ultimately mine digital currency to make a profit. This layer ensures that your device is protected from such attacks.
Malware
Malware and phishing attacks continue to rise rapidly using social engineering and other common techniques. This option protects you from known malware infecting your device and provides an immediate block screen for those sites affected.
PowerShell attacks now represent a major entry point for attack vectors. PowerShell is most commonly used to launch a fileless attack and launches directly into memory. BlackFog detects these attacks in real time and immediately terminates execution. This prevents the download of any further payloads to keep your device safe.
Facebook blocking is a new option provided in BlackFog 3.5.2 or later. This option is off by default. If you would like to block all access to Facebook and stop Facebook data collection across the Internet you can toggle this option on.