posted by csadmin

ClearSkies™ NG Endpoint Detection & Response (EDR) Agent Version 6.3

Overview

ClearSkies™ NG EDR Agent v6.3 is a comprehensive Endpoint Detection & Response solution, fully integrated with ClearSkies™ SaaS NG SIEM. It complements the detection of and response to never-before-seen targeted attacks and insider threats with the use of Behavioral Monitoring and Analysis (BMA), and by leveraging Advanced Security Analytics complemented by Threat Intelligence and signature-based detection.

What’s New in v 6.3

New Features:

Detection of missing/recommended security patches as well as related vulnerabilities that could impact the integrity and availability of information assets
Automatic updating of policy changes and related updates using an encrypted tunnel when working remotely
Collection and analysis of SQL Trace (Audit) Events
Correlation of DHCP log and event data within UEBA
And many more that improve effectiveness and user experience…

Enhancements

Several major new enhancements are introduced in this new ClearSkies™ NG Endpoint Detection & Response (EDR) Agent version 6.3:

Behavioral Analysis Tool/Application

Redesigned and upgraded graphical user interface
Watchdog service enhancement/upgrade:
- Improved detection capability through refined Sysmon configurations
- Performance enhancements
File Integrity Monitoring (FIM) enhancements:
- Redesigned and upgraded graphical user interface
- No file count and file size restrictions
- Capability to monitor entire drive volumes
- Improved performance

Management Tool/Application

Redesigned and upgraded graphical user interface:
- New overview page illustrating important metrics
- Global iCollector and Incident/Alert settings can now only be configured in the ‘Policies’ page
- Policies can now only be scheduled in the ‘Policies’ page
- Versions can now only be scheduled in the ‘Schedules’ page
- Schedules can now be deleted
- Endpoints that exhibit loss of communication with the iCollector for more than 30 days are automatically removed, and they can reappear when they become active
New information logsource prerequisites are now displayed in the agent policy configuration screen

General

Log and event data forwarding to the iCollector using SFTP now uses higher compression:
- The Agent compresses and forwards log and event data via SFTP to the iCollector for improved performance and bandwidth utilization

Redesign of the Agent’s services architecture:
- The Agent now supports the collection of logsources and other functionalities contained in multiple services for improved service integrity and performance

Bug Fixes

This version resolves a number of stability and performance issues identified.

Previous Versions Highlights

Version 6.0.2

Support for SWIFT Alliance Entry
LogFile Forwarder support for compressed files. File Types supported: AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT, GPT, GZip, HFS, IHEX, ISO, LZH, LZMA, MBR, MSI, NSIS, NTFS, QCOW2, RAR, RPM, SquashFS, UDF, UEFI, VDI, VHD, VMDK, WIM, XAR, Z, Zip
Performance fixes and improvements

Version 6.0.3

Support for OSI Soft Pi Historian

Version 6.1

Automated Response Actions (Simulated Block, Block, Quarantine)
Signature-Based Analysis
Application Control
Operational Status and Configuration Interface
Real-Time Visibility of Suspicious and/or Malicious Activities
New Log Sources Supported
- Microsoft DNS logs client/server
- W3C logs
Enhanced Reporting Capabilities
Online and Offline Protection
Behavioral Monitoring & Analysis (Watchdog)
Built-In Threat Intelligence
User & Entity Behavior Analysis (UEBA)

Version 6.1.4

Active Directory information forwarding.
Enhanced W3C logs support.
Log File Forwarder customization.
Improved automated response logic.
Windows OS & Patches.

Version 6.2

Watchdog performance enhancements
Log File Forwarder bug fixes

Version 6.2.1

Removed “Discarding old log” functionality pertaining to old IIS logs
New log message in IIS logs when date and time fields are absent

Version 6.2.2

Support for IIS nested folders
DNS analytical performance enhancements

Version 6.2.3

New functionality for Agent services to detect and workaround .Net Runtime errors
Windows module configuration bug fixes

Appendix: Minimum system requirements

The minimum system requirements for ClearSkies™ NG Endpoint Detection & Response (EDR) Agent v6.3 are as follows:

CPU: Intel quad core or equivalent processor

Memory (RAM): 8 GB

Available free hard disk space: 20 GB free space

Share Tweet Share

Cookie	Description
_dc_gtm_UA-110097014-1
_ga	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, camapign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randoly generated number to identify unique visitors.
_gcl_au	Used by Google AdSense for experimenting with advertisement efficiency across websites using their services.
_gid	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
GPS	This cookie is set by Youtube and registers a unique ID for tracking users based on their geographical location

Cookie	Description
_fbp	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
fr	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the users' browser supports cookies.
VISITOR_INFO1_LIVE	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	This cookies is set by Youtube and is used to track the views of embedded videos.