eScan Vision Core XDR (eXtended Detection and Response) is a broader endpoint security solution that delivers real-time visibility, analysis, protection, and remediation for endpoints. This provides deeper insights and alerts the admin about malicious activity, which facilitates quicker investigation and restricts the attacks on endpoints as soon as detected.
The Vision Core XDR consists of the latest modules like Phishing simulation and IP Radar. Additionally, a MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework is included to give your network an expanded cybersecurity coverage. As an enterprise-grade security solution, it supports automated and manual actions to restrict the potential threats on the endpoint. It proactively reduces the attack, prevents malware infection, and neutralizes potential threats by detecting them in real-time. The Vision Core XDR is designed using in-demand and futuristic technologies available for Windows, Mac, and Linux based endpoints across the enterprise.
To experience the benefits of this product, why not give it a try and consider making it yours?
Write to us sales@escanav.com
English, German, French, Nederlands, Italian, Portuguese, Spanish, Turkish, Chinese Simplified, Chinese Traditional, Greek, Korean, Norwegian, Russian, Polish, Latin Spanish, Czech, and Slovak.
Assists in monitoring devices that are connected to the system. Using the Password Protection feature, unauthorized devices can be easily blocked.
Scans all emails in real-time for Viruses, Worms, Trojans, Spyware, Adware and hidden malicious content using powerful, heuristic driven Dual Anti-Virus engines.
Reduces Security Management costs through File Reputation Services, Asset Management, Print activity, ADS integration and Support for VMware, SYSLOG, SNMP, NAC and NAP.
Informs administrator about outbreaks in the network in order to take immediate action.
Prevents Malware Outbreaks, Data theft, Productivity loss and Security violations.
eScan has included MITRE ATT&CK framework to analyze every threat incident detected by Vision Core XDR. It displays the details of the TTPs (tactics, techniques, and procedures) involved in the attack. The framework shows information related to the TTPs used by the attackers to break into the systems. Organization's threat intelligence team can use this framework to detect adversarial behavior and to map observed activity to specific ATT&CK techniques to understand what stage of an attack they faced. This information of TTPs can also be used to share intelligence on emerging threats, helping organizations stay up-to-date with evolving attack methods.
eScan added IP Radar in its web console dashboard which is a global map where you can view all the Active and Established IP connections initiated and connected to eScan server. This feature allows you to trace all the connections that are currently running via eScan server. In simple terms, when IP communication is initiated between XDR sensor and other resources globally, it will be marked on the map with colored lines depending on the type of connection. Also, you can easily choose domestic, foreign, or all the connections for specific view on the map.
eScan offers Phishing Simulation which is a functionality that enables organization's threat intelligence team to assess employees' understanding of email phishing threats widely used by attackers. In simple terms, phishing simulation is an internal activity where a mock phishing email is sent to employees to assess whether they click on embedded links or ignore the email. These phishing mails are created by mimicking the actual phishing emails. If the employees respond to the mail by clicking the email links, the action gets stored for further analysis of conducting Phishing awareness program.
eScan’s new Secure Web Interface uses SSL technology to encrypt all communications. A summarized dashboard provides administrator the status of managed clients in graphical formats such as deployment status, protection status and protection statistics.
eScan’s Asset Management module provides the entire hardware configuration and list of software installed on endpoints. This helps administrators to keep track of all the hardware as well as software resources installed on all the endpoints connected to the network.
Role based administration through eScan Management Console enables the administrator to share the configuration and monitoring responsibilities of the organization among several administrators. Using this feature, pre-defined roles can be assigned to the administrators, each with own set of rights, permissions and groups.
With the help of eScan’s Client Live Updater, events related to eScan and security status of all endpoints are captured and recorded / logged and can be monitored in real-time. Also, the events can be filtered to retrieve exact required information to closely watch security level on all managed endpoints on a real-time basis.
This allows administrator to deploy outbreak prevention policies during an outbreak that restricts access to network resources from selected computer groups for a defined period of time.
The outbreak prevention policies will be enforced on all the selected computers or groups. Incorrect configuration of these policy settings can cause major problems with the computers.
eScan comprises of Print Activity module that efficiently monitors and logs printing
tasks done by all the managed endpoints. It also provides a detailed report in PDF,
Excel or HTML formats of all printing jobs done by managed endpoints through any
printer connected to any computer locally or to the network.
Note – Print Activity features are valid for endpoints with Windows Operating system
only.
Using One-Time password option, the administrator can disable any eScan module on
any client computer for a desired period of time. This helps to restrict user access
from violating a security policy deployed in a network.
Note – One Time Password features are valid for endpoints with Windows Operating
system only.
eScan Management Console monitors and logs the session activity of the managed computers. It will display a report of the endpoint startup/ shutdown/ logon/ log off/ remote session connects/ disconnects. With this report the administrator can trace the user Logon and Logoff activity along with remote sessions that took place on all managed computers.
With the help of Active Directory synchronization, the administrator can synchronize eScan Centralized Console groups with Active Directory containers.
New computers and containers discovered in Active Directory are copied into eScan Centralized Console automatically and the notification of the same can be sent to the system administrator. Administrator can also choose to Auto Install or Protect discovered Windows workstations automatically.
Policy deployment can be made easy through policy templates; this will allow the administrator to create policy templates and deploy it to the desired managed groups.
eScan's Patch Management Module auto-updates Windows OS security patch from Cloud or from EMC Console, on PC’s those are part of DMZ/Air-Gapped Networks. The module also reports patching availability for Critical Apps like Adobe, Java, etc.
It helps in monitoring USB devices that are connected to Windows or Mac endpoints in the network. On Windows endpoints, administrators can allow or block access to USB devices. Unauthorized access to USB devices can be blocked using password protection, thus preventing data leakage.
eScan sends notifications to administrator of the web-console when any data (which is not read-only) on the client system’s hard disk is copied to the USB.
It allows you to block / whitelist as well as define time restriction for allowing or blocking execution of applications on Windows endpoints. It helps in accessing only the whitelisted applications, while all other third-party applications are blocked.
eScan checks the content of outgoing and incoming mails as well as scans all the emails in real-time for Viruses, Worms, Trojans and hidden malicious content using powerful, heuristic driven Dual Anti-Virus engines. Thus, online threats are averted before they enter the network via emails.
The two-way firewall with predefined rule sets will help you in putting up a restriction to incoming and outgoing traffic as well as hacking. It provides the facility to define the firewall settings as well as to define the IP range, permitted applications, trusted MAC addresses and local IP addresses.
Privacy control allows scheduling the auto erase of your cache, ActiveX, cookies, plugins and history. It also helps you to permanently delete files and folders without the fear of having them retrieved through the use of third-party applications, thus preventing misuse of data.
eScan comes with an advanced Web Protection feature that allows administrators to define the list of websites to be blocked or whitelisted on endpoints connected to the network where eScan is installed. For Windows endpoints eScan also provides the facility for time-based access restriction.
Being very light on system resources, eScan facilitates faster scan of endpoints. This ensures that endpoint does not slow down, even while eScan is performing an On-demand scan of the files / directories that you access or copy onto your endpoint. It even allows you to select different files / folders, directories or running processes in your endpoint and scan them for viruses.
eScan comprises of Privacy Advisor that provides you the complete list of application using device permissions in a classified format. This helps you to keep a check on the security level of all applications installed.
eScan helps you in data blocking, data wiping, SIM watching and locating your Android-based device through GPS finder. With its Anti-Theft feature, eScan ensures complete protection to your Android from any unauthorized access on the event, if your device is lost or stolen.
eScan offers you an option for scheduled scanning, which will run seamlessly in the background without interrupting your current working environment. It performs scheduled scans for selected files / folders or the entire system for the scheduled period, thus providing you the best protection against cyber threats.
This rule blocks the executables and script files that autotun quickly after opening an email.
The malware can infect Office apps and manipulate them to run child processes. This rule blocks all office applications from creating child processes. The rule will block programs from running VBA macros, spawn commands, and Powershell to modify Registry Settings.
The Office apps can be used as a medium by malware and forced to save malignant files. These malignant files can avoid detection and reside on system to spread infection. This rule blocks all office programs from creating and saving a suspicious executable file, by blocking the malignant code from saving on the disk.
Cybercriminals can use programs to transfer malignant code into other process via code injection method, so the code appears completely genuine. This rule blocks programs from injecting code into other processes.
Running a malignant JavaScript or VBScript may download malicious payload or run other processes in background without the user’s knowledge. This rule blocks JavaScripts or VBScripts from running downloaded executable content.
To decrease script loading times or hide malicious code, cybercriminals obfuscate the scripts. As a result, malware easily avoids the detection by human eye and even cybersecurity solutions. This rule looks out for malicious code in an obfuscated scripts and upon detection blocks its execution.
With VBA macros, Office applications can make Win32 API calls. The malware can use this trick to their advantage and abuse Office apps to call Win32 APis and run malicious shellcode on endpoints without saving any data on the disk. This rule prevents VBA macros from calling win32 APIs.
All executable files on system are scanned for their genuineness. If the files appear as ransomware, this rule blocks those files from running. An exception can be made to specific files if added to an exclusion list.
Cybercriminals can steal NTLM hashes and cleartext passwords from Local Security Authority Subsystem Service (LSASS) by using hacking tools. This rule blocks credential stealing, by preventing access to the LSASS.
WMI and PsExec are capable of remote code execution. A malware can use this feature and run malicious commands on systems and infect an organization’s network. This rule blocks process creations from WMI and PsExec commands.
This rule blocks all untrusted and unsigned executables files (.exe, .dll, or .scr) from running from removable devices like USB drives and SD cards.
This rule blocks exploit code from abusing Outlook vulnerabilities and protects users from social engineering attacks. Additionally, the rule also protects users from forms exploits and outlook rules used by cybercriminals when a user’s credentials are leaked. Although this rule blocks Outlook from creating child process, it allows Outlook to perform genuine functions.
Via an exploit or social engineering, the malware can abuse Adobe Reader to download malicious payload and free itself from the program. This rule blocks all child processes from Adobe reader and thus reduces its chances of being used as a medium.
This rule prevents malware from abusing WMI to attain persistence on a device.
If you have any doubts regarding the eScan Vision Core XDR, send an email to Enterprise support team at support@escanav.com
*Note: Not all features are available on all platforms.