Latest Posts

Ozer Metin 22 Jul, 2024 1454 Views
Why Xcitium does not have same problem as Crowdstrike

Why Xcitium Does Not Have Same Problem as Crowdstrike ? In endpoint protection agent release cycle, the focus should be on stability, security, and minimizing disruptions. The cycle should begin with a thorough planning phase where up...

Read More
Ozer Metin 19 Jul, 2024 938 Views
The Update Trap: How Cybersecurity Vendors Risk Your Operations ?

The Update Trap: How Cybersecurity Vendors Risk Your Operations ? Recently, CrowdStrike experienced a significant issue causing widespread Blue Screen of Death (BSOD) incidents on Windows computers running its software. The company ac...

Read More
kaseya breach news
Ozer Metin 08 Jul, 2021 579 Views
Kaseya VSA Breach – Consequences of Security Failures

The world has witnessed another large-scale cyber-attack. On July 2, 2021, Kaseya, an IT Systems Management software firm, disclosed a security incident impacting their on-premises version of Kaseya's Virtual System Administrato...

Read More
quarantine
Ozer Metin 23 Dec, 2020 259 Views
SunBurst : APT against Solarwinds , mapped to Kill Chain

Following the attack on FireEye, the details are revealed and the US Department of Homeland Security (DHS) has issued an Emergency Directive (ED) regarding a backdoor being exploited in SolarWinds Orion products. Several victims have...

Read More
Attack Surfaces
Ozer Metin 10 Oct, 2020 264 Views
Attack Surface Reduction

First, consider a few definitions and terminologies before we proceed: Threat Actor: A threat actor or malicious actor is a person, entity, or object responsible for an event or incident that impacts, or has the potential to impact,...

Read More
open edr
Ozer Metin 19 Sep, 2020 221 Views
Open EDR Components

This post describes the architecture of Open EDR components. The documentation for a component usually includes an information which is enough for understanding how it works and for developing it. However, these documents don’t...

Read More
XDR Secured Xcitium
Ozer Metin 01 Sep, 2020 149 Views
Xcitium XDR: eXtended Detection and Response : Discovering Unknowns, Revealing Hidden Threats

Xcitium was one of the pioneers of Extended Detection and Response into network (XDR), web and cloud and I guess I am the one to blame as I charted and executed the strategy for this in 2017. A few months later, starting seeing oth...

Read More
mitre kill chain
Ozer Metin 27 Aug, 2020 336 Views
MITRE Kill Chain and Xcitium API Virtualization

Endpoint Protection Kernel API Virtualization The Cyber Intrusion Kill Chain, aka Kill Chain, was adapted from military concepts. Lockheed Martin’s engineers were the first to apply it to cyber security attack stages. The core fra...

Read More
Diagram Unknown file
Ozer Metin 17 Aug, 2020 311 Views
Behind the Scenes of Xcitium’s Kernel API Virtualization

When it comes to securing your enterprise endpoints, it's important to have a foundational understanding that there are three types of files: the good, the bad and the unknown. Approaches such as Antivirus (both vendor-branded "next ...

Read More