PHASR

The Proactive Hardening and Attack Surface Reduction (PHASR) solution provides organizations with a detailed view of their internal attack surface, identifying areas where attack vectors could potentially be exploited.

PHASR first goes into a learning phase, continuously monitoring user behaviors, learning typical behaviors and system interactions and analyzing them. This phase can last up to 30 days. If EDR is enabled for the company, and enough historical data is available, this period may shorten.

Once this learning phase completes, PHASR generates recommendations to reduce the attack surface by addressing identified possible attack vectors from one of the following categories: Living of the land binaries (LolBins), CryptoMiners, PiracyTools, Tampering Tools, and Remote admin tools. Each PHASR recommendation contains behavioral profiles on which the learning phase is completed. Behavioral profiles are pairs of users and their device. A single user may have multiple devices. As a result, different recommendations may contain same user but different devices.

The attack surface encompasses all potential entry points through which a malicious actor might exploit a system's vulnerabilities. This includes the misuse of legitimate operating system applications and tools, such as Living Off the Land Binaries (LOLBins) and Tampering tools, to evade detection and carry out attacks. It represents the totality of methods an attacker can use to gain unauthorized access to a system or its data.