SupportCan CyberSight replace my anti virus products?CyberSight has the ability to detect more threats than your average AV product. However, we recommend that you use both products to increase your detection capabilities. AV products detect around 12 categories of theats, CyberSight however currently detects over 320 and has the ability to detect the unknown.. Can CyberSight replace my Network based IDS system?In most cases we believe it can. Network based IDS has a fundamental flaw in that it only detects threats once they are active and that the threat has not tried to conceal its protocol. Network based IDS systems are also vulnerable to attack. For example the stick threat can flood an IDS system by sending thousands of false positives and rendering the reporting engine useless with floods of false positivies. Is there an overhead on my client machines using an AV product and CyberSight agent?CyberSight's agent uses on average 0.05% of your CPU. Therefore running it alongside existing security products will have no noticable effect on the performance of the systems being monitored. What network traffic is generated by the agent updating its virtual image?CyberSight's agent generates about 80k's worth of traffic for every 1,000 files modified. On average only 100 files are changed per day in a typical environment. Can the end user remove the CyberSight agent?The agent is designed not to be detected. If for some reason it has been discovered, it is very difficult to remove. You cannot delete the file, or remove its registry entries. Can the agent run over the internet or on slow dial up links?Yes. The agent has been designed to run over a 9.6k dialup. The configuration options allow you to change the size of the packets optimising it for LAN or dialup connectivity. Can I add my own files to the detection engine?Yes. You can add up to 250,000,000 files to the detection engine without ANY impact on the performance of the clients being monitored. Can I retrieve files from a monitored client?Yes. Not only can you retrieve multiple files, but they are sent in a compressed encrypted tunnel. More secure and faster than FTP. Is there a scripting engine?Yes. Over 30 example scripts are included, almost any facility in CyberSight can be scripted. Can executable files be blocked at the client even when not connected to the server?Yes.You can block any executable file at the agent endpoint. |
||
