Background

Cyber Crucible customer deployments routinely result in discovery of previously unknown infections. Networks are normally not infection-free, even if existing cybersecurity defensive tools have given the all-clear.

...

Cyber Crucible automatically begins suspending running programs that are observed to be behaving maliciously.

Roll-out of Cyber Crucible product can result in multiple programs across multiple machines being suspended as the environment is cleaned up.

At times, a partial roll-out of Cyber Crucible can result in the hacker attempting to regain control through the machines that do not have Cyber Crucible protection.

For example, Cyber Crucible was once installed on just a portion of the desktops, of a recent data breach victim. The hackers attempted to uninstall Cyber Crucible by connecting from the unprotected machines, then eventually started shutting the protected machines off.

What Happens to Dormant Malware, Waiting for Future Tasking?

Malware that is not taking action on behalf of attackers, is triggered after the malware starts to access data.

...

Machine A’s malware is trapped. The second (well, 100 milliseconds) it tries to access any data or identity information, Machine A’s malware is suspended. The client is protected, even though the malware exists for days, up to years, without the malware being detected by other tools.

Additional Details - Reboots Can Be Valuable

Some of our analytics are most accurate when the lifecycle of the process is able to be tracked from start of application to the present state.

...