Information related to Network Attack Protection in Advanced EPDR/EDR

Information related to Network Attack Protection in Advanced EPDR/EDR

By May 16, 2023June 9th, 2023EDR, EPDR, Support
+34 900 840 407
support@cytomic.ai

Information related to Network Attack Protection in Advanced EPDR/EDR

Related Products_
  • Advanced EPDR
  • Advanced EDR

Cytomic offers a new technology called Network Attack Protection. Network Attack Protection scans network traffic in real-time to detect and stop threats. It prevents network attacks that attempt to exploit vulnerabilities in services that are open to the Internet and in the internal network.

Network Attack Protection enables the software to detect and prevent these attacks in the early stages:

  • DCShadow: Allows a hacker with compromised, privileged credentials to register a rogue domain controller. The adversary can then push any changes they like via replication, including changes that grant them elevated rights and create persistence.
  • EternalBlue: Exploits the CVE-2017-0144 vulnerability in the Microsoft implementation of the Server Message Block (SMB) Protocol. Windows machines not patched against this vulnerability can allow illegitimate data packets with malware such as a trojan or ransomware (for example, WannaCry ransomware attack).
  • BlueKeep: Exploits the CVE-2019-0708 vulnerability on Windows 7, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Vista, and Windows XP devices. The threat has the potential to devastate networks as it can spread between computers as a worm.
  • ZeroLogon: Exploits the CVE-2020-1472 vulnerability in the cryptography of Microsoft?s Netlogon process to allow an attack against Microsoft Active Directory domain controllers. ZeroLogon makes it possible for a hacker to impersonate any computer, including the root domain controller.

Settings
To enable Network Attack Protection, select the Settings tab, go to Workstations and servers, expand the Advanced Protection option and enable Network Attack Protection.

Exclusions
If needed, you can exclude the detection of a specific network attack on all computers in the account. When you exclude a network attack, your computers are still protected from the remaining network attacks in the list.

To add an exclusion, next to the network attack Action, click the tooltip. In the pop-up that opens, click Do not detect again. In the dialog box that opens, you can enter specific IP addresses for the devices you want to exclude from detection.