Why Ringfencing™?

Under normal operations, all applications permitted on an endpoint or server can access all data that the operating user can access. This means if the application is compromised, the attacker can use the application to steal or encrypt files.

Attackers can also use fileless malware which runs in the computer's memory, to evade detection by antivirus or EDR that are focused on detecting changes to files or registry keys. These attacks, often called living off the land attacks, leverage native tools and trusted applications to carry out malicious instructions in the background without ever touching the file system.