Exploit protection - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-13
Category
Administrator Guide
Abstract

Cortex XSIAM prevents exploit attempts and provides protection on endpoints based on the different operating systems.

An exploit is a sequence of commands that takes advantage of a bug or vulnerability in software or hardware to gain unauthorized access or control.

To combat an attack in which an attacker takes advantage of a software exploit or vulnerability, Cortex XSIAM employs Endpoint Protection Modules (EPM). Each EPM targets a specific exploit type in the attack chain. Some capabilities that Cortex XSIAM EPMs provide are reconnaissance prevention, memory corruption prevention, code execution prevention, and kernel protection.

The following table lists the types of exploits for which Cortex XSIAM provides protection.

Exploit protection type

Description

Reconnaissance prevention

Prevents attackers from probing the network for vulnerabilities while preserving the option to perform internal reconnaissance testing.

Memory corruption prevention

Prevents adversaries from exploiting memory corruption vulnerabilities.

Code execution prevention

Prevents malicious code that could allow attackers to deploy additional malware to steal sensitive data.

Kernel protection

Protects the kernel against kernel threats and exploits.