Scribd Logo
Upload

Welcome to Scribd!

  • Xcitium Endpoint Protection - Drawio

    Uploaded by

    Mohit Pankhania
    18 views2 pages
    This document discusses endpoint security strategies before and after a malware or ransomware attack. It outlines the differences between traditional antivirus, endpoint detection and response (EDR), and extended detection and response (XDR). EDR provides detection, investigation and remediation capabilities at the endpoint but only achieves around 50-60% protection. XDR integrates multiple security products into a cohesive security operations system. The document claims that Xcitium's ZeroThreat technology can achieve 100% protection through auto containment using ZeroDwell and a zero trust model with kernel-level isolation to contain unknown threats.

    Original Description:

    Xcitium

    Original Title

    Xcitium Endpoint Protection.drawio

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses endpoint security strategies before and after a malware or ransomware attack. It outlines the differences between traditional antivirus, endpoint detection and response (EDR), and extended detection and response (XDR). EDR provides detection, investigation and remediation capabilities at the endpoint but only achieves around 50-60% protection. XDR integrates multiple security products into a cohesive security operations system. The document claims that Xcitium's ZeroThreat technology can achieve 100% protection through auto containment using ZeroDwell and a zero trust model with kernel-level isolation to contain unknown threats.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    18 views2 pages

    Xcitium Endpoint Protection - Drawio

    Uploaded by

    Mohit Pankhania
    This document discusses endpoint security strategies before and after a malware or ransomware attack. It outlines the differences between traditional antivirus, endpoint detection and response (EDR), and extended detection and response (XDR). EDR provides detection, investigation and remediation capabilities at the endpoint but only achieves around 50-60% protection. XDR integrates multiple security products into a cohesive security operations system. The document claims that Xcitium's ZeroThreat technology can achieve 100% protection through auto containment using ZeroDwell and a zero trust model with kernel-level isolation to contain unknown threats.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Endpoints

    Pre-Execution of Post Execution of Malware / Ransomware


    Malware / Ransomware After Attack
    Before Attack,Pre- Post-Infection
    Infection,Proactive Reactive

    Defense, Detection Response Detection Response


    To Attack and Containing it from To Attack and Containing it from
    Protection, Block After Attack
    spreading
    After Attack
    spreading

    Endpoint Detection Extended Detection


    and Response (EDR) and Response (XDR)
    Antivirus or Next-Gen antivirus Behavior Based Behavior Based
    (Signatures and ML)
    Search Processes, Recording Events, Search Processes, Recording Events,
    Host-based Firewall YARA Search YARA Search
    Host-based IPS
    Indicators of Compromise (IOC's) Indicators of Compromise (IOC's)
    Host-based URL Filtering
    Can not achieve 100% protection by design, even if you have the best tools in the market
    Host-based FIM
    Dwell Time = Meantime to Detect (MTD) + Meantime to Repair (MTR)
    Host-based DLP
    200 Days     =>    56 Days     =>     24 Days     =>     21 Days     =>     17 Days

    Gartner Definition of EDR:

    The Endpoint Detection and Response Solutions (EDR) market is defined as Gartner Definition of XDR:
    solutions that record and store endpoint-system-level behaviors, use various
    data analytics techniques to detect suspicious system behavior, provide Extended Detection and Response (XDR) is “a SaaS-based, vendor-
    50 to 60% contextual information, block malicious activity, and provide remediation specific, security threat detection and incident response tool that natively
    Protection Only suggestions to restore affected systems. EDR solutions must provide the integrates multiple security products into a cohesive security operations
    following four primary capabilities: • Detect security incidents • Contain the system that unifies all licensed components.”
    incident at the endpoint • Investigate security incidents • Provide remediation
    guidance
    100% Protection using Xcitium's
    ZeroThreat:

    ZeroDwell Technology Auto


    Containment which is a Protection
    / Proactive Deployment of Zero
    Trust for the Endpoint with kernel-
    level-API virtualization / isolation
    to contain unknown threats

    You might also like