Advanced EDR services

Cytomic provides other services, some of which are optional, which enable customers to integrate the solution into their current IT infrastructures and benefit directly from the security intelligence generated at Cytomic labs.

Zero-Trust Application service

This service, included in the product by default for Windows computers, is designed to allow only Cytomic certified programs to run. To do this, it uses a combination of local technologies on the user’s computer and cloud-hosted technologies in a Big Data infrastructure. These technologies are capable of automatically classifying 99.98 percent of all running processes. The remaining percentage is manually classified by malware experts. This approach enables us to classify 100 percent of all binaries run on customers’ computers without creating false positives or false negatives.

All executable files found on users’ computers that are unknown to the platform are sent to the Big Data analytics infrastructure for analysis.

Unknown files are sent only once for all customers using Advanced EDR, which reduces the impact on customers’ networks virtually to zero. Additionally, bandwidth management mechanisms are implemented, as well as per-computer and per-hour bandwidth limits.

Threat Hunting Investigation Service (THIS)

A service that detects living-off-the-land attacks and threats designed to bypass the protections installed on computers. This service leverages the Cytomic Orion product, the advanced threat hunting platform developed by Cytomic.

Thanks to the telemetry sent from computers, Cytomic Orion performs cross-analytics of the processes run in customers’ IT infrastructures to detect new threats and create advanced hunting rules. When an indicator of attack is detected, it is validated by the Cytomic team of cybersecurity experts. After it is validated, Advanced EDR shows the associated indicator of attack (IOA) in the console, along with a description of its characteristics and recommendations for the administrator to resolve the situation.

This service is included in all the Advanced EDR and Advanced EPDR licenses

For more information about how to configure the indicators of attack module, see “Configuring indicators of attack (IOA)”.

MDR (Managed Detection and Response) service

A 24/7 cybersecurity service that enables partners to provide a managed detection and response service to customers with minimum investment in a SOC (Security Operations Center). The service monitors the security of computers in the organization, searching for threats, detecting attacks, investigating, and providing guided recommendations about how to restore affected assets and improve customer security.

The MDR service leverages innovative technologies that use artificial intelligence algorithms. Additionally, the service is fully managed by a team of cybersecurity experts, which improves customer security and cyber resilience overall and minimizes detection and response times.

For more information about the MDR service, see MDR service settings.

Cytomic Insights service (optional)

Advanced EDR automatically and transparently sends all the information collected from user computers to Cytomic Insights, a knowledge storage and leverage system.

All actions triggered by the processes run across the IT network are sent to Cytomic Insights, where they are correlated and analyzed in order to extract security intelligence. This provides administrators with additional information on threats and the way users use corporate computers. This information is delivered in the most flexible and visual way to make it easier to understand.

The Cytomic Insights service is directly accessible from the Advanced EDR web console dashboard.

See the Cytomic Insights User Guide (accessible from the product web page) for information about how to configure and take advantage of the knowledge analytics and advanced search service.

Cytomic SIEMConnect service (optional)

Advanced EDR integrates seamlessly with the third-party SIEM solutions installed by customers on their IT infrastructures. The activities performed by the applications run on the network are delivered to the SIEM server, ready to use and enriched with the knowledge provided by Advanced EDR.

The SIEM systems compatible with Advanced EDR are:

  • QRadar

  • AlienVault

  • ArcSight

  • LookWise

  • Bitacora

See the Cytomic SIEMConnect User Guide for a detailed description of the information collected by Advanced EDR and sent to the customer SIEM system.

Cytomic Data Watch service (optional)

This is a security module integrated in the Advanced EDR platform and designed to help organizations comply with the applicable data protection regulations that govern the storage and processing of personally identifiable information (PII).

Cytomic Data Watch discovers, audits, and monitors in real time the full lifecycle of the PII files stored on Windows computers: from data at rest to data in use (the operations taken on personal data) and data in motion (data exfiltration). With this information, Cytomic Data Watch generates an inventory showing the evolution of the number of files with personal data found on each computer on the network.

For more information about this service, see Cytomic Data Watch (Personal data monitoring).

Cytomic Patch service (optional)

This service reduces the attack surface of the Windows workstations and servers in the organization by updating the vulnerable software found (operating systems and third-party applications) with the patches released by the relevant vendors.

Additionally, it finds all programs on the network that have reached their EOL (End-Of-Life) stage. These programs pose a threat as they are no longer supported by the relevant vendor and are a primary target for hackers looking to exploit known unpatched vulnerabilities. Administrators can easily find all EOL programs in the organization and design a strategy for the controlled removal of this type of software.

Also, in the event of compatibility conflicts or malfunction of the patched applications, Cytomic Patch enables organizations to roll back/uninstall those patches that support this feature, or exclude them from installation tasks, preventing them from being installed.

Vulnerability Assessment service

This free service searches for software with vulnerabilities on computers. To prevent malware from exploiting security holes to damage and infect workstations and servers, it informs about the availability of patches that can mitigate those vulnerabilities.

To centrally install available patches, you must have a Cytomic Patch license.

Cytomic Encryption service (optional)

The ability to encrypt the information held in the internal storage devices of the computers on your network is key to protecting the stored data in the event of loss or theft or when the organization recycles storage devices without having deleted their contents completely. Advanced EDR uses Windows BitLocker and macOS FileVault technologies to encrypt hard disk contents at sector level, centrally managing recovery keys in the event of loss or hardware configuration changes.

The Cytomic Encryption module enables you to use the Trusted Platform Module (TPM), if available, and provides multiple authentication options, adding flexibility to computer data protection.