ZitoVault Z1 Agent
The Z1 Agent activates the Endpoint Detection & Response (EDR) solution.
Provides customers with deep visibility and effective responses to attacks.
ZitoVault’s Z1 Agent
ZitoVault’s Z1 Agent activates the endpoint security solution for customers. Z1 is a software agent that is built to be very small in size, with the ability to detect attacks early and respond to contain attacks automatically. By being present on the endpoint, the agent provides you with deep visibility to the sequence of events an attacker is attempting to perform on your endpoint. The high-granularity of visibility of your endpoint’s security posture provided by Z1, far exceeds what a firewall or a networked security appliance can provide you with.
In near real-time the Z1 Agent can monitor information on running processes, communication to and from outside IP addresses and domain names, user account logins and creations, modification to sensitive registries, modification to sensitive folders, file integrity monitoring (FIM), download of suspicious files, and several additional pieces of critical activities to protect your network.
The deep visibility enables the Z1 Agent to detect, in seconds, whether an attack is starting to formulate on one of your endpoints. This includes phishing and spear phishing attacks, malware attacks, ransomware attacks, communication with known bad addresses, reconnaissance activities, endpoints participating in DDoS attacks, and more.
The Z1 Agent communicates with the Ignite Security Platform via CryptoScale, ZitoVault’s patented secure communication technology. CryptoScale is built into the Z1 Agent, and is designed to enable a very large number of devices to connect to ZitoVault’s cloud, in a resource-efficient, bandwidth-efficient manner. CryptoScale dynamically allocates resources in the ZitoVault cloud, based on the connection loads. The secure connections from the agents to the cloud, ensure that customer data privacy is preserved in-transit.
Once attacks are detected, the Z1 Agent can take several important steps to assist customers in responding to the attacks rapidly, as listed on this page. Response actions can be performed automatically, or can be customized to be performed manually, if desired by the customer.
Cross platform support with low footprint:
- Supported on major versions of Windows, Linux, and MAC, Windows Server, Linux Server, and select IoT devices.
- Consumes under 10 MB code footprint with low CPU utilization.
Detects early and accurately:
- Enables customers to detect cyber attacks in earlier stages of the cyber kill chain.
- Runs in kernel mode, making it difficult for hackers to bypass or disable.
- Protects employees’ endpoints both inside your corporate network environment and outside it (at home, hotel, or coffee shop)
- Supports CryptoScale, ZitoVault’s patented technology for highly-scalable highly-efficient secure connections
- Enables you to manage all your endpoints remotely from the ZitoVault cloud portal.
PCI DSS 3.2 Compliant
- Supports a large number of PCI (Payment Card Industry) DSS version 3.2 security monitoring use cases out-of-the-box.
- These include data security, file integrity monitoring (FIM), policy monitoring, and intrusion detection.
Responsive Actions Supports:
- Terminating suspicious processes running malware
- Dropping connections with black listed IP address or domain
- Terminating brute-force login attempts
- Prevent suspicious files from executing
- Remove suspicious files from machine
- Quarantine endpoints of the network
- Deny access to unauthorized information, defined by customer business context.