In recent months CYBEROO has launched Cypeer Agent X: an advanced agent designed to enhance the Cypeer MDR (Managed Detection and Response) with an in-depth analysis of the company’s security posture. In this article, we look at what’s new in this agent.
Starting with the main functionalities, the agent makes it possible to detect various parameters of the monitored system, such as software installations or abnormal accesses, registry key changes, processes in progress, TCP connections, software installations, system accesses, etc.
Furthermore, it is able to integrate with end-point protection systems (such as advanced antivirus, anti-malware and others) and assimilate the evidence by integrating it into Cypeer. The primary purpose is to identify possible compromises or illegal activities, whether these are carried out by software (malware), or perpetrated by malicious users.
The Cypeer Agent X communicates constantly with Cyberoo’s Cypeer Manager, sending relevant data in real time via an encrypted and authenticated channel. Thanks to the agent it is possible to intervene on endpoints with Automatic Remediation: it recognises events and logs of the applications on which it is installed.
On the basis of conditions predefined by Cyberoo and shared with the customer, it can apply the execution of scripts of any nature, facilitating the intervention process in the face of anomalies.
Cypeer Agent X: main Capabilities
Among its main capabilities, the agent is able to collect logs and data from both workstations and servers, enabling continuous monitoring of activities. It is designed to recognise abnormal behaviour and support the detection of threats such as rootkits, ransomware and malware. It also monitors security policies and responds quickly to incidents with Automatic Remediation and Prevention solutions.
Mass deployment can be done via GPO or other third-party management tools, facilitating large-scale deployment. The agent also controls access, logging in and out, and manages the installation, start-up and termination of services and programmes.
It is particularly effective at detecting anomalous connections or to malicious addresses and identifying behavioural anomalies, such as unusual PowerShell executions, registry key changes and shadow copy deletions, thus ensuring robust and proactive protection.
Cypeer Agent X: security analysis and continuous monitoring
The tasks performed by Cypeer Agent X are highly customisable and depend on the configuration chosen during installation or upgrade. The agent is able to collect a wide range of data including:
- System logs: Windows event logs, Linux/MacOS syslogs, application logs.
- Security events: user login/logout, security policy changes, privileged system activity.
- Process information: process name, process ID, associated user, resources used.
- Network connections: source and destination IP addresses, ports, protocols used during connections to and from the network, both internal and to the Internet.
- Changes to system files: creation, modification or deletion of critical system files.
- Results of system requests: information on the system, installed applications and configurations found as a result of specific agent requests based on the investigation context.
This allows continuous monitoring of running processes, network connections and changes to system files in order to detect suspicious activity.
In addition, Cypeer Agent X can perform queries to gather system information, thus enriching the available security data. With regard to threat detection, the agent applies rules based on signatures and behaviours to identify potential indicators of compromise (IoC), while also providing behavioural analysis for threat identification.
Another key feature is the Automatic Remediation capability, which allows the agent to intervene at the system level to mitigate threats, following remediation requests from the Cypeer Core system. Lastly, it enables preventive threat prevention and response through autonomous actions on files and processes.
Data Security
Data security is a key priority for Cypeer Agent X. The data collected by the agent is encrypted during transmission using the TLS (Transport Layer Security) protocol, thus guaranteeing the confidentiality and integrity of the information and preventing unauthorised interception. In addition, authentication between the agent and the Cypeer Manager platform is based on certificates, ensuring that communications are protected and confidential.
GDPR compliance
Cypeer Agent X is designed to be GDPR compliant, adopting the principle of data minimisation. The agent collects only the information strictly necessary for legitimate IT security purposes, limiting personal data to user identification information associated with security events and system activity. This data is only used for detection, analysis and response to security incidents or threats, avoiding any use for employee activity monitoring. This approach ensures that users’ privacy is respected, while maintaining a high level of protection against cyber threats.
Update by Roberto Veca – Head of Cybersecurity, CYBEROO
