Supported products

Advanced EPDR

Advanced EPDR is a solution based on multiple protection technologies that replaces and fills the gaps of traditional antivirus solutions, protecting computers against all types of malware, including APTs (Advanced Persistent Threats) and other advanced threats. To do that, Advanced EPDR monitors and classifies all processes run on IT networks based on their behavior and nature. The service protects workstations and servers by allowing only those programs classified as trusted to run. Additionally, the product provides the following features:

  • User productivity control: The service can prevent access to Web resources unrelated to the company’s activity and filter corporate email to prevent spam-related performance loss.

  • Application control, firewall, intrusion detection system, and anti-theft system for mobile devices (smartphones and tablets).

  • Monitoring, forensic analysis and remediation tools to determine the scope of detected issues and resolve them.

  • Cloud-based, cross-platform service compatible with Windows, macOS (on the Cytomic platform), Linux, iOS and Android devices, as well as with persistent and non-persistent VDI environments (on the Cytomic platform).

Advanced EPDR covers the security needs of all types of devices with a single tool. Additionally, it doesn’t require new IT infrastructures on the company’s premises for management and maintenance, significantly reducing the solution’s TCO.

Advanced EDR

Advanced EDR is a solution based on multiple protection technologies that complements traditional antivirus solutions, protecting computers against all types of malware, including APTs (Advanced Persistent Threats) and other advanced threats. To do that, Advanced EDR monitors and classifies all processes run on IT networks based on their behavior and nature. The service protects workstations and servers by allowing only those programs classified as trusted to run. Additionally, it incorporates monitoring, forensic analysis and remediation tools to help determine the scope of detected issues and resolve them.

Finally, Advanced EDR doesn’t require new IT infrastructures on the company’s premises for management and maintenance, significantly reducing the solution’s TCO.

Cytomic Insights module

Advanced EDR allows all the information collected from the client’s computers to be automatically and seamlessly sent to Cytomic Insights, a service designed to store and leverage security knowledge.

All actions triggered by the processes run across the IT network are sent to Cytomic Insights, where they are analyzed and correlated in order to extract security intelligence. This provides administrators with additional information about threats and the way users use corporate computers. This information is delivered in the most flexible and visual way to make it easier to understand.

Cytomic Insights module

This module is designed to help organizations comply with the data protection regulations governing the storage and processing of personally identifiable information (PII).

Cytomic Data Watch discovers, audits and monitors the entire lifecycle of PII files in real time: from data at rest to data in use (the operations performed on personal data) and data in motion (data exfiltration). With this information, Cytomic Data Watch generates an inventory showing the evolution of the number of files with personal data found on each computer on the network.

Cytomic Insights module

This service reduces the attack surface of the Windows workstations and servers in the organization by updating the vulnerable software found on the network (operating systems and third-party applications) with the patches released by the relevant vendors.

Additionally, it finds all programs on the network that have reached their EOL (End of Life). These programs pose a threat as they are no longer supported by the vendor and are a primary target for hackers looking to exploit known unpatched vulnerabilities. Administrators can easily locate all EOL programs in the organization and design a strategy for the controlled removal of this type of software.

Also, in the event of compatibility conflicts or malfunction of the patched applications, Cytomic Patch allows organizations to roll back/uninstall those patches that support this feature, or exclude them from installation tasks, preventing them from being installed.

Cytomic Encryption module

The ability to encrypt the information held in the internal storage devices of computers is key to protecting the data they contain. This additional protection is critical in case of loss or theft of devices or when systems are disposed of without properly deleting data. Cytomic Encryption leverages BitLocker technology to encrypt hard disk contents at sector level, centrally managing recovery keys in the event of loss or hardware configuration changes.

Cytomic Encryption lets you use the Trusted Platform Module (TPM), if available, and provides multiple authentication options, adding flexibility to computer data protection.

Cytomic Insights module

This module centralizes, in the partner’s SIEM solution, all detections, processes, and programs run on the partner’s clients’ devices.

To detect the appearance of malware, security service providers need a high level of visibility into the activity that occurs on clients’ computers. This enables them to anticipate the problems caused by the advanced threats that proliferate in corporate environments. Cytomic SIEMConnect for Partners provides the following features to help security service providers achieve that objective:

  • Anticipates potential security problems by finding run programs that have not yet been classified as goodware or malware, and getting information about how they reached computers (infection vector).

  • Receives IOA (Indicators of Attack) alerts and detects suspicious activity, such as Windows registry modifications or driver installations.

  • Monitors the execution of legitimate software often exploited by attackers to go unnoticed on clients’ networks, such as scripting or remote access tools.

Cytomic SIEMConnect for Partners simplifies operations for the partner’s SOC and provides the following benefits:

Comprehensive visibility of everything that is run on clients’ devices

This module helps monitor and manage security. It detects anomalies continuously in each client’s execution environment.

Centralized configuration

Centralized management console (CYTOMIC Nexus) that enables partners to configure Cytomic SIEMConnect for Partners settings for clients easily and visually.

Easy to install, secure, and scalable

Configure the telemetry download service only once and add new clients without having to deploy or install any additional components on their infrastructures. Safe downloads via secure TLS (Transport Layer Security) connections from the Cytomic cloud.

Reduced SIEM storage costs

It filters required events before they reach the security service provider’s infrastructure, minimizing storage costs.

Compatible with most SIEM solutions on the market

It downloads telemetry in the LEEF and CEF formats, compatible with the leading SIEM solutions on the market such as QRadar, AlienVault, Splunk, Devo, etc., and natively with ArcSight.