How does the anti-exploit technology work in Advanced EPDR/EDR?

How does the anti-exploit technology included in Advanced EPDR/EDR work?

• Advanced EPDR
• Advanced EDR

Advanced EPDR/EDR implements technologies to protect network computers against threatscapable of leveraging vulnerabilities in installed software. These vulnerabilities can be exploited tocause anomalous behaviors in applications, leading to security failures on customers’ networks.

These exploits leverage both known and unknown (zero-day) vulnerabilities, triggering a chain ofevents (CKC, Cyber Kill Chain) that they must follow to compromise systems. Advanced EPDR/EDR blocks this chain of events effectively and in real time, neutralizing exploit attacks and renderingthem harmless

In order to detect the vulnerability exploit techniques used by hackers, Advanced EPDR/EDR implements new hooks in the operating system, using them to locally and continually monitor allactions taken by the processes run on users’ computers. This strategy goes beyond the traditionalapproach used by other security products and consisting of searching for patterns and staticallydetecting CVE-payload pairs through signature files.

In short, Advanced EPDR/EDR leverages constantly-evolving technologies to provide globalanti-exploit protection against advanced vulnerability exploit techniques such as the following:

• Attack Surface Reduction (ASR)
• Data Execution Prevention (DEP)• Structured Exception Handling Overwrite Protection (SEHOP)
• Null Page Security Mitigation• Heap Spray Allocation
• Export Address Table Access Filtering (EAF)
• Mandatory Address Space Layout Randomization (ASLR)
• Bottom-Up ASLR Security Mitigation
• Load Library Check – Return Oriented Programming (ROP)