Security Systems
-
Click 'Security' on the menu bar.
The 'Security' menu provides access
to various security components of Xcitium Enterprise.
It has two sections:
-
Endpoint Security - Lets you view the security status of managed devices, run antivirus scans, view alerts and events and more. You can also investigate and analyze security events logged by various AEP security components and Xcitium Endpoint Detection and Response (EDR).
-
Xcitium EDR is a powerful event analysis tool that provides real-time monitoring and detection of malicious events on Windows endpoints.
-
Generates alerts on security events, determined by its security policy.
-
Logs all events, on a monitored endpoint and forwards them to Xcitium , allowing you to investigate events with different parameters and queries.
-
EDR requires an agent installed on each managed endpoint to monitor events and report to the Xcitium console. You can remotely install the EDR agent on managed Windows devices from the Xcitium console.
-
See Remotely Install and Manage Packages on Windows Devices for help to remotely install the EDR agent on managed Windows devices.
-
Managed Detection and Response (MDR) - Opens the Xcitium MDR interface that lets you view threats and behavioral anomalies on your network and managed endpoints.
-
Featuring 24/7 threat monitoring and comprehensive reports, MDR provides the network-wide intelligence admins need to remediate existing threats and anticipate future threats.
-
MDR leverages a combination of technologies deployed at the host and network layers, advanced analytics, threat intelligence, and human expertise in incident investigation with Xcitium's 24/7 Security Operations Center (SOC) service.
-
See the dedicated online guide for MDR at https://help.Xcitium.com/topic-285-1-976-13887-Introduction-to-Xcitium-cWatch-MDR.html for help to login to, configure and use the service.
The rest of this chapter explains the features under 'Endpoint Security'. The 'Endpoint Security' lets you:
-
View details of alerts and events generated by EDR and security clients on endpoints
-
Investigate events generated at endpoints.
-
View the infection status of managed devices.
-
Run antivirus and file-rating scan on devices.
-
Update the virus database on devices.
-
View and manage quarantined files.
-
View and modify the trust rating of files discovered on devices.
-
View unknown files currently running in the container on an endpoint.
-
View unknown files which were automatically submitted to Valkyrie for analysis.
-
View a consolidated list of all security events on all managed Windows endpoints.
-
View a list of external connection attempts from devices.
- Run data loss prevention (DLP) scans on devices
- View the files containing sensitive information detected by DLP scans
The following sections contain more details on each area: