+34 900 840 407
support@cytomic.ai

How does the Advanced Protection for Windows, Linux and macOS in Advanced EPDR/EDR work?

Related Products_
  • Advanced EPDR
  • Advanced EDR
Introduction

The protection included in Advanced EPDR/EDR includes continuous monitoring of activity on Windows, macOS and Linux. This monitoring allows us to offer advanced protection in these systems, although the scope of it is not the same in all systems.

Features

The features included in the advanced protection of macOS and Linux in Advanced EPDR/EDR are the following:

  • Malware and PUPs detections show their life cycle.
  • Malware activity for macOS and Linux detections is displayed. This information helps us to identify the source of the infection, and in case the malware had started to run, to identify what actions it has taken.
  • The graphical view is shown with the activity of the malware for macOS and Linux detections, just as we do for Windows detections.
  • Telemetry and malware alerts are displayed in Cytomic Advanced Reporting Tool in the Install, Ops and Alerts tables.
  • In case the client has contracted Cytomic SIEMFeeder, he will receive in SIEM the telemetry of macOS and Linux, in addition to that of Windows.

The Zero-Trust Application Service and the associated protection modes (Audit, Hardening and Lock) are only available in Windows. The same is true with Anti-exploit protection.

The capability of searching in real-time Indicators of Attacks and files matching YARA Rules is only available in Windows. The Advanced security policies, that allow reducing the attack surface of the endpoints by denying the executing of double-use tools, such as Powershell, is only in Windows as well.

The THIS (Threat Hunting Cross) service, included by default in our Advanced EPDR/EDR solutions, detects advanced threats and attacks on Windows, macOS and Linux. Thanks to the telemetry sent, we can carry out investigations to detect new attacks on Windows, macOS and Linux.

If an investigation is confirmed as the detection of a new threat, it will be consolidated and taken to the endpoint (Windows / macOS / Linux) of all our clients, adding detection in the signature files or in Collective Intelligence, and ideally in Contextual detection way to stop the new detected attack pattern.

Related Articles