User and operational questions about ACSIA XDR Plus
1. My environment comprises both Windows and Linux servers, will the ACSIA cyber defence cover both environments?
Yes, ACSIA provides protection for Windows 2008 R2 and later, MAC OS v10.11 and later and Linux Kernel v2.6 and later.
2. Will ACSIA work for desktop clients as well as servers?
Yes, ACSIA was designed as an enterprise cyber defence product and protects both Desktop and Server devices.
3. Our company already uses existing cybersecurity products. Will ACSIA work alongside these without impacting their operation?
ACSIA can be used alongside any other cyber security product with zero impact on the operations or performance of other products.
4. Will ACSIA interfere with my existing systems and network performance?
No, ACSIA does not interrupt or imbalance any systems/processes/applications or infrastructure.
5. How is ACSIA so accurately detecting threats compared to other products?
Most security products look for anomalies in traffic patterns, or for known signatures of malware active on a device being monitored. As virtually all traffic is encrypted it is only possible for these systems to anticipate if an encrypted traffic pattern is an anomalous threat. ACSIA consolidates event logs from our Threat Intelligence platform, EDR, IDS and IPS modules into our SIEM where they are analysed and remediated to provide forensic levels of analysis and automated remediation.
Our offensive tools detection and pattern recognition algorithms can detect obfuscated hacking tools, techniques and methods that we validate at Kernel (Linux) or Registry (Windows) level for granular threat analysis and validation.
6. If ACSIA is so accurate at detecting threats, will the number of false positives synonymous with other solutions disappear?
Typically, ACSIA will eliminate over 98% of all false positives, leaving your personnel with more time to focus on the real and substantial cyber threats being detected. The small variance and reason why 100% of threats cannot always be eliminated are that some events will always require manual review as they may or may not be true.
For example, if your CEO travelled from London on Monday and then onto Ohio on Tuesday and onto Beijing on Wednesday while connecting to the office network in each location, ACSIA would detect and alert on user access requests from different geographies and provide the administrator with a clear explanation of the event, security threat level it represents and a prioritized list of recommended actions that can be performed by the selecting the preferred choice.
7. Can ACSIA be automated to act autonomously to all threats?
No, for the reasons provided in Q6 this is not possible. However, in 95%-98% of cases, ACSIA can be set to operate automatically without user/administrator intervention. In the 5%-2% of cases where this is not possible, the administrator will be notified via real-time messaging to their desktop or mobile device.
8. What type of information will a threat event contain?
ACSIA will provide detailed guidance on the nature of the threat detected – what it means, where it originated from and most importantly, the recommended response options available.
9. Does ACSIA operate in real-time?
Yes, ACSIA gives real-time alerts on threats detected.
10. Does ACSIA offer the ability to take immediate action on specific user accounts in an emergency?
Yes, if an incident involves an internal legitimate user where the account has been used to perform some unauthorized activity or user action mandates immediate cessation of access, the ACSIA administrator can immediately block that specific user.
11. Will ACSIA make decisions and disrupt my business based on false positives/negatives?
Until ACSIA is 100% sure that what has been detected is an actual threat it will not automate a response, so false positives are not possible.
12. How can partners and clients influence product direction?
We have a customer feedback channel where we encourage partners and customers to help us identify new needs and thereby influence our product roadmap.