Why eScan Vision Core XDR?
Uniform Management
Secured Web Interface with Summarized Dashboard
The web interface uses SSL technology to encrypt all communications. eScan's summarized dashboard provides administrators the status of managed endpoints in graphical format such as deployment status, protection status as well as protection statistics.
A Complete Asset Management
The Asset Management module displays entire hardware configuration and list of software installed on the endpoints. This helps administrators to keep track of all the hardware as well as software resources installed on all the endpoints connected to the network.
Exclusive Features
MITRE ATT&CK Framework
eScan has included MITRE ATT&CK framework to analyze every threat incident detected by Vision Core XDR. It displays the details of the TTPs (tactics, techniques, and procedures) involved in the attack. The framework shows information related to the TTPs used by the attackers to break into the systems. Organization's threat intelligence team can use this framework to detect adversarial behavior and to map observed activity to specific ATT&CK techniques to understand what stage of an attack they faced. This information of TTPs can also be used to share intelligence on emerging threats, helping organizations stay up-to-date with evolving attack methods.
IP Radar
eScan added IP Radar in its web console dashboard which is a global map where you can view all the Active and Established IP connections initiated and connected to eScan server. This feature allows you to trace all the connections that are currently running via eScan server. In simple terms, when IP communication is initiated between XDR sensor and other resources globally, it will be marked on the map with colored lines depending on the type of connection. Also, you can easily choose domestic, foreign, or all the connections for specific view on the map.
Phishing Simulation
eScan offers Phishing Simulation which is a functionality that enables organization's threat intelligence team to assess employees' understanding of email phishing threats widely used by attackers. In simple terms, phishing simulation is an internal activity where a mock phishing email is sent to employees to assess whether they click on embedded links or ignore the email. These phishing mails are created by mimicking the actual phishing emails. If the employees respond to the mail by clicking the email links, the action gets stored for further analysis of conducting Phishing awareness program.
Enhanced Endpoint Protection
Data Leak Prevention
The Data Leak prevention (DLP) offers additional capabilities like Attachment control, Content control, Sensitive file/folder protection, File activity monitoring, Workspace apps, and several other features, eScan protects organizations from the risk associated with unauthorized transfer of sensitive content. To use eScan DLP, an additional product license is required.
Two-Factor Authentication
The Two-Factor Authentication (2FA), also known as Multi-Factor Authentication (MFA), adds an extra layer of protection to your basic system logon. The 2FA feature requires personnel to enter an additional passcode after entering the system login password which itself is a next level security. To use 2FA, an additional product license is required.
Powered by Futuristic Technology
Proactive Behavior Analysis Engine
Proactive Behavior Analysis Engine (PBAE) provides real time protection for organizations and users against Ransomware attacks. It monitors the activity of all the processes and blocks the one whose behavior matches to a Ransomware’s working pattern.
Non- Intrusive Learning Pattern
eScan uses Non-Intrusive Learning Pattern (NILP), a revolutionary technology that uses Bayesian Filtering and works on the principles of Artificial Intelligence (AI) to analyze each email and prevents spam and phishing emails from reaching your inbox. It has self-learning capabilities and it updates itself by using regular research feeds from MicroWorld servers. It uses an adaptive mechanism to analyze each email and categorize it as spam or ham based on the behavioral pattern of the user.
Terminal Services Protection Module
Terminal Services Protection Module (TSPM) by eScan not just detects the brute force attempts but also heuristically identifies suspicious IP Addresses / Hosts. It blocks any unauthorized attempts to access the system.
MicroWorld Winsock Layer
eScan's MicroWorld WinSock Layer (MWL) is a revolutionary concept in scanning Internet traffic on a real-time basis. It has changed the way the world deals with Content Security threats. Unlike the other products and technologies, MWL tackles a threat before it reaches your applications. MWL is technically placed above the WinSock layer and acts as a ‘Transparent Gatekeeper’ on the WinSock layer of the operating system.
Key Features
eScan Management Console
Exclusive EDR Dashboard
eScan provides the summarized dashboard of the incidents that allows admins to gain deeper insights and taken quicker actions as and when detected. It gives overview of incidents such as eScan, Windows, Endpoints, and Network in graphical as well as in detailed form.
Excluded Clients
This feature will allow administrator to restrict the client endpoints from unmanaged computers being auto added in any group(s). The admin needs to add the computers using host name, host name with wildcard, IP address, or IP range in the list. Now, the listed computers will not be auto added in the managed group(s).
Policy Templates
Policy deployment can be made easy through policy templates. It allows administrators to create policy templates with certain department or user-wise restrictions and deploy the same to the managed groups/computers as per requirements.
Role Based Administration
Role Based Administration through eScan Management Console enables the administrator to share the configuration and monitoring responsibilities of the organization among several administrators. This improves task management equally over all the administrators.
Anti-Theft
eScan allows you to send commands like lock, alerts, scream, locate, and data wipe on the lost/stolen device. eScan ensures complete protection from any unauthorized access in the event if your device is lost or stolen. It requires additional product license for the Windows endpoints. To use Anti-Theft, an additional product license is required.
Event Collector (Security Events) and Co-relation
All Windows security events (unauthorized login attempts, RDP connections, and Policy changes) are monitored for behavioral changes, policy violations, and exceeding granted rights. These events are then forwarded to the server with secure protocols for threat analysis and storage. Besides, all the OS and app logs are collected which also improves real-time visibility, network safety, and time management.
Threat Analysis
All event logs are stored at a secured server and analyzed further for threats-based on the malware type and corruption. They are checked against rule-based policies and regulations, then identified and categorized for security threat nature and level.
Historical Investigation - RCA
With Windows events and Threat Analysis, a deep RCA is carried out against detected and potential threats to identify its root cause. The RCA helps you identify the loose ends in your network and take appropriate action to mitigate threats before the threat takes over the network.
EDR Violation events from endpoints
eScan XDR solution is equipped with advanced technologies that gathers the information from all the endpoints which are categorized as known and unknown zero-day attacks. eScan endpoints automatically detects and send the log & events to eScan XDR solution. Attacks includes credential stealing, malignant JavaScript or VBScript, potentially obfuscated scripts, untrusted or unsigned executable files from removable devices, creation of WMI and PsExec commands, Office and Adobe apps from creating child processes, injecting codes, creating executable content, and Win32 API calls from macros. eScan endpoints also prevents malware from abusing WMI to attain persistence on a device.
EDR Violation events from Advanced Ransomware
eScan XDR gather the log & events from endpoints protecting and blocking of executables (.exe, .dll, or .src) and script (.ps, .vbs, .js) files that autorun quickly after opening an email. eScan XDR uses its heuristic PBAE technologies to monitor and block all the apps that are suspected as ransomware through their activity or behavior. Along with this, it also terminates the network session, if any infected system tries to gain access of protected system.
eBackup & Restore
eScan enables admin to take a backup of all the files manually or automatically (scheduled basis) and store them in an encrypted and compressed format. It also allows administrator to take backup on a local drive, network drive, or on cloud. eScan allows admin to import/export the server data that can be restored in case of any system failure or disaster. To use eBackup, an additional product license is required.
Session Activity Report
eScan Management Console monitors and logs the session activity of the managed computers. It will display a report of the endpoint startup / shutdown / logon / logoff / remote session connect / disconnect. With this report the, administrators can trace the user logon and logoff activity along with remote sessions that took place on all managed computers.
Update Agent
The administrators can assign computers as Update Agents. This reduces the traffic between the eScan Corporate Server and the clients. Update Agent will take the signature updates & policies from the eScan server and distribute the same to other managed computers in the group. It saves bandwidth and improves the network performance.
One-Time Password
Using One-Time Password option, the administrator can enable or disable any eScan module on any Windows endpoint for a desired period of time. This helps to assign privileges to certain users without violating a security policy deployed in a network.
Print Activity Monitoring
eScan comprises of Print Activity module that efficiently monitors and logs printing tasks done by all the managed computers. It also provides a detailed report in PDF, Excel or HTML formats of all printing jobs done by managed computers through any printer connected to any computer locally or to the network.
Privacy Control
Privacy control allows scheduling the auto erase of your cache, ActiveX, cookies, plugins, and history. It also helps to permanently delete files and folders without the fear of having them retrieved through the use of third-party applications, thus preventing misuse of data.
Advanced Anti-Spam
With its advanced Anti-Spam facility, eScan prevents you from receiving spam mails. It checks the content of incoming and outgoing mails as well as quarantines advertisement mails. Moreover, eScan scans all the emails in real-time for Viruses, Worms, Trojans, Spyware, Adware and hidden malicious content using powerful, heuristic driven Dual Anti-Virus engines.
Mobile Device Scanning
Mobile Device Scanning enables the detection of viruses, malware, and suspicious files on Android and iOS devices when they are connected to an eScan installed endpoint. This helps prevent the spread of infections through mobile endpoints and adds an extra layer of protection by ensuring that devices are secure, clean, and compliant before accessing the organization network.
eScan Endpoints (Hybrid OS)
Advanced Web Protection
eScan comes with an advanced Web Protection feature (http/https) that allows administrators to define the list of sites to block or whitelist on Windows and Linux endpoints connected to the network where eScan is installed. For Windows endpoints eScan also provides the facility for time-based access restriction.
Enhanced Two-way Firewall
The Two-way Firewall with predefined rule sets will help you in putting up a restriction to incoming and outgoing traffic and hacking. It provides the facility to define the firewall settings as well as define the IP range, permitted applications, trusted MAC addresses and local IP addresses for both Windows and Linux based endpoints.
Device Control
The Device Control feature enables you to, allow or block access to USB devices connected to Windows, Mac and Linux endpoints in the network. On Windows, access can be restricted for Webcam, SD cards, Imaging devices, Bluetooth and Composite devices. Access to thumb drives can be restricted on Windows, Mac and Linux. Access to CD-ROM can be restricted on Windows and Linux.
Application Control
eScan's Application Control helps you outsmart cybercriminals and keeps your business secure and productive. It prevents zero-day and ATP attacks by blocking the execution of unauthorized applications. Using whitelisting, admins can prevents attacks from unknown malware by allowing only known whitelisted applications.
Schedule Scan
eScan offers you an option for scheduled scanning, which will run seamlessly in the background without interrupting your current working environment. It performs scheduled scans for selected files / folders or the entire system for the scheduled period, thus providing you the best protection against cyber threats.
Reverse Shell
eScan's Reverse Shell feature for Linux based endpoints, restricts reverse shell attack from remote machine. Thus preventing attackers from exploiting a remote command execution vulnerability using a reverse shell session.
File Integrity Monitor
eScan's File Integrity Monitoring validates the integrity of the files and folders value between the current and the original file state to detect potential compromises for Linux based endpoints.
