Call a Specialist Today! 877-352-0546

Fileless Attacks
A Uniquely Intelligent Approach To Combating Fileless Attacks


Our AI-driven threat prevention and response solutions protect you from threats, no matter how they operate

Combating fileless attacks requires a departure from traditional, file-based countermeasures. Blackberry Cylance uses memory defense, script and macro control, and our Context Analysis Engine (CAE) to keep your organization safe.

Combating the Scourge of Fileless Attacks

What is a Fileless Attack?

Fileless attacks originally described threats existing and operating exclusively in volatile memory. The term later evolved to include threats that maliciously utilize legitimate system resources without writing new files on disk. Today, any cyber attack using fileless elements within the attack chain may also be described as fileless.

Traditional EDR vs. AI-Driven EDR: A Comparison


Memory Resident

Memory Resident
Malware is memory resident instead of residing on disk

Script Based

Script Based
Script-intensive malware uses Jscript/JAVAScript to launch initial infection and to assist with attacks

Exploits Resources

Exploits Resources
Malware exploits resources like PowerShell, WMI, and other legitimate Windows admin tools to conduct activities

System Registry

System Registry
Malware achieves persistence through modification of the system registry


How do you combat a fileless attack?

The key to defeating fileless malware is to deny it system resources, such as with a combination of tools found in CylancePROTECT and CylanceOPTICS.

Script Management

Memory Exploitation Detection and Prevention

Context Analysis Engine (CAE)

Hacking Exposed Demo from RSA - Examples of Fileless Threats

See how recent threats – including fileless attacks – operate in the wild
The replay of our Hacking Exposed demo at RSA illuminates the tools and techniques of memory-based, fileless, script-based, and app-based attacks, and more.

Threat Spotlight: Kovter Malware Fileless Persistence Mechanism
Join us as we take a closer look at Kovter, a pervasive click-fraud trojan that uses a fileless persistence mechanism to maintain a foothold in an infected system.

DirtySecurity Podcast: Memory-Based Attacks and How To Stop Them
In this episode of DirtySecurity, we chat with security engineer Josh Fu about fileless attacks - why they're so prevalent, how they work, and how to prevent them.

Prevention - CylancePROTECT

Memory Exploitation Detection and Prevention

Add an additional layer of security and strengthen the OS’s basic protection features – preventing attackers from using memory to exploit vulnerabilities.

Script and Macro Management

Monitor, detect, and protect against malicious scripts and/or script paths that may be running in your environment – before they can execute.

Response - CylanceOPTICS

Powering Dynamic Threat Detection and Automated Response

Our approach pushes the threat detection and response to the endpoint, allowing every endpoint in your organization to act as a virtual SOC, dynamically detecting threats and taking response actions around the clock and without human intervention.