Cortex XSIAM prevents exploit attempts and provides protection on endpoints based on the different operating systems.
An exploit is a sequence of commands that takes advantage of a bug or vulnerability in software or hardware to gain unauthorized access or control.
To combat an attack in which an attacker takes advantage of a software exploit or vulnerability, Cortex XSIAM employs Endpoint Protection Modules (EPM). Each EPM targets a specific exploit type in the attack chain. Some capabilities that Cortex XSIAM EPMs provide are reconnaissance prevention, memory corruption prevention, code execution prevention, and kernel protection.
The following table lists the types of exploits for which Cortex XSIAM provides protection.
Exploit protection type | Description |
---|---|
Reconnaissance prevention | Prevents attackers from probing the network for vulnerabilities while preserving the option to perform internal reconnaissance testing. |
Memory corruption prevention | Prevents adversaries from exploiting memory corruption vulnerabilities. |
Code execution prevention | Prevents malicious code that could allow attackers to deploy additional malware to steal sensitive data. |
Kernel protection | Protects the kernel against kernel threats and exploits. |