Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Xcitium Advanced with OpenEDR Combined
Message
<blockquote data-quote="Victor M" data-source="post: 1071250" data-attributes="member: 96560"><p>Since this thread is on product reviews, I would like remind readers that there is No Such Thing as 100% perfect security. Technical defenses, which include firewalls, AV's, IPS etc can all be defeated given enough time and effort. And hackers have that advantage.</p><p></p><p>And then, take into consideration that this is a white box test - my red team ( and the guest ) knows exactly what defenses I have. And they correctly chose a Network based attack, without using any malware which would be virtualized by Xcitium OpenEDR.</p><p></p><p>An important defense layer is having backups. This is your last layer of defense. One must always have backups. And this attack on logonui is the perfect example, I can not login.</p><p></p><p>The solution is restore from image backup, and then vritualizing logonui.exe in Xcitium's Auto Containment Rules. The solution was simple, figured it out and completed in 20 mins.</p><p></p><p>The guest hacker then attacked again, and this time, the attack failed.</p><p></p><p>For those readers who are new, the red team and I play this game constantly. The aim is to find the holes in our security and then fix them, in preparation for the Real Thing.</p><p></p><p>I am adding this post to illustrate that Xcitium OpenEDR is configurable, and can be adapted to defend against new attacks. Xcitium OpenEDR s a nice tool. Other AV's defenses cannot be configured. The AV would let you choose what to scan, what to exclude etc, but you cannot add new definitions to it. You have to wait till the vendor adds a capabiltiy, so, in the mean time, when you are under attack, what do you do?</p></blockquote><p></p>
[QUOTE="Victor M, post: 1071250, member: 96560"] Since this thread is on product reviews, I would like remind readers that there is No Such Thing as 100% perfect security. Technical defenses, which include firewalls, AV's, IPS etc can all be defeated given enough time and effort. And hackers have that advantage. And then, take into consideration that this is a white box test - my red team ( and the guest ) knows exactly what defenses I have. And they correctly chose a Network based attack, without using any malware which would be virtualized by Xcitium OpenEDR. An important defense layer is having backups. This is your last layer of defense. One must always have backups. And this attack on logonui is the perfect example, I can not login. The solution is restore from image backup, and then vritualizing logonui.exe in Xcitium's Auto Containment Rules. The solution was simple, figured it out and completed in 20 mins. The guest hacker then attacked again, and this time, the attack failed. For those readers who are new, the red team and I play this game constantly. The aim is to find the holes in our security and then fix them, in preparation for the Real Thing. I am adding this post to illustrate that Xcitium OpenEDR is configurable, and can be adapted to defend against new attacks. Xcitium OpenEDR s a nice tool. Other AV's defenses cannot be configured. The AV would let you choose what to scan, what to exclude etc, but you cannot add new definitions to it. You have to wait till the vendor adds a capabiltiy, so, in the mean time, when you are under attack, what do you do? [/QUOTE]
Insert quotes…
Verification
Post reply
Top
