Overview
ClearSkies™ NG EDR Agent v6.3 is a comprehensive Endpoint Detection & Response solution, fully integrated with ClearSkies™ SaaS NG SIEM. It complements the detection of and response to never-before-seen targeted attacks and insider threats with the use of Behavioral Monitoring and Analysis (BMA), and by leveraging Advanced Security Analytics complemented by Threat Intelligence and signature-based detection.
What’s New
- Detection of missing/recommended security patches as well as related vulnerabilities that could impact the integrity and availability of information assets
- Automatic updating of policy changes and related updates using an encrypted tunnel when working remotely
- Collection and analysis of SQL Trace (Audit) Events
- Correlation of DHCP log and event data within UEBA
- And many more that improve effectiveness and user experience…
Enhancements
Several major new enhancements are introduced in this new ClearSkies™ NG Endpoint Detection & Response (EDR) Agent version 6.3:
Behavioral Analysis Tool/Application
- Redesigned and upgraded graphical user interface
- Watchdog service enhancement/upgrade:
- Improved detection capability through refined Sysmon configurations
- Performance enhancements
- File Integrity Monitoring (FIM) enhancements:
- Redesigned and upgraded graphical user interface
- No file count and file size restrictions
- Capability to monitor entire drive volumes
- Improved performance
Management Tool/Application
- Redesigned and upgraded graphical user interface:
- New overview page illustrating important metrics
- Global iCollector and Incident/Alert settings can now only be configured in the ‘Policies’ page
- Policies can now only be scheduled in the ‘Policies’ page
- Versions can now only be scheduled in the ‘Schedules’ page
- Schedules can now be deleted
- Endpoints that exhibit loss of communication with the iCollector for more than 30 days are automatically removed, and they can reappear when they become active
- New information logsource prerequisites are now displayed in the agent policy configuration screen
General
- Log and event data forwarding to the iCollector using SFTP now uses higher compression:
- The Agent compresses and forwards log and event data via SFTP to the iCollector for improved performance and bandwidth utilization
- Redesign of the Agent’s services architecture:
- The Agent now supports the collection of logsources and other functionalities contained in multiple services for improved service integrity and performance
Bug Fixes
This version resolves a number of stability and performance issues identified.