08-09-2023 01:14 AM
Hello,
Can you help with the difference between Critical environment and Normal Version of Cortex XDR?
When should an organisation use critical environment ?
Regards,
Shashank Sinha
08-09-2023 06:06 AM - edited 08-09-2023 06:09 AM
Hi @Shashanksinha ,
Thank you for writing to live community!
Critical Environment version of Cortex XDR agent is released as a performance issues mitigation release for highly critical and highly regulated endpoints. Some examples of the same would include some "Do not Touch" servers which have to be decommissioned because of some OS functionality issues, application criticality issues etc, but that has not yet been prioritised and any install/uninstall or changes to the environment can lead to further damages(eg could be a use case where the OS patch got corrupted and has broken some registry modules and any new changes to registry can cause the server OS to crash).
These devices are such where they do not interact much to the outside world as they are kept well secured and any changes on these servers could pose a high risk to production environment as they are already low scaled systems. In such situations where risks against the latest cyber attacks has to be sidelined to prioritise the business operations, CE version can come in handy as in circumstances, it provides support the agent functions and protection in form of content updates against all the attack vectors that can be included in a content version. The advantage of CE version is that is allows the agent to stand and get support for a very long period of time without the need to upgrade frequently.
However, the demerits follow. The CE version agents are released for specific versions only and they have a release cycle for almost more than 1 year. This means, that any feature or capability that is included in new versions of cortex xdr, which have the latest agent dependency will not work on the CE versions. Lets take example of 7.5 CE. As of today's date, if a customer is on 7.5 CE version on any agent, he loses following:
The above list can go on....
Hence, as a use case as for organisations to opt for CE versions would not be organization specific and has to be used only in very very limited use cases considering the fact that security on the endpoint with help of cortex agent will not be a top notch priority. It has to be taken into consideration that there will be some manual regulation beyond the purview for Cortex XDR agent for maintaining a balance between confidentiality, integrity and availability.
In short, the CE version will provide stability and balance to prevent the natural regulation of agent management because of higher End of Life cycles, but at the cost of protection and new security enhancement based capabilities in today's fast paced evolving cyber world with new technologies and new adversaries.
Hope this helps!
Please mark the response as "Accept as Solution" if it answers your query.
08-09-2023 06:06 AM - edited 08-09-2023 06:09 AM
Hi @Shashanksinha ,
Thank you for writing to live community!
Critical Environment version of Cortex XDR agent is released as a performance issues mitigation release for highly critical and highly regulated endpoints. Some examples of the same would include some "Do not Touch" servers which have to be decommissioned because of some OS functionality issues, application criticality issues etc, but that has not yet been prioritised and any install/uninstall or changes to the environment can lead to further damages(eg could be a use case where the OS patch got corrupted and has broken some registry modules and any new changes to registry can cause the server OS to crash).
These devices are such where they do not interact much to the outside world as they are kept well secured and any changes on these servers could pose a high risk to production environment as they are already low scaled systems. In such situations where risks against the latest cyber attacks has to be sidelined to prioritise the business operations, CE version can come in handy as in circumstances, it provides support the agent functions and protection in form of content updates against all the attack vectors that can be included in a content version. The advantage of CE version is that is allows the agent to stand and get support for a very long period of time without the need to upgrade frequently.
However, the demerits follow. The CE version agents are released for specific versions only and they have a release cycle for almost more than 1 year. This means, that any feature or capability that is included in new versions of cortex xdr, which have the latest agent dependency will not work on the CE versions. Lets take example of 7.5 CE. As of today's date, if a customer is on 7.5 CE version on any agent, he loses following:
The above list can go on....
Hence, as a use case as for organisations to opt for CE versions would not be organization specific and has to be used only in very very limited use cases considering the fact that security on the endpoint with help of cortex agent will not be a top notch priority. It has to be taken into consideration that there will be some manual regulation beyond the purview for Cortex XDR agent for maintaining a balance between confidentiality, integrity and availability.
In short, the CE version will provide stability and balance to prevent the natural regulation of agent management because of higher End of Life cycles, but at the cost of protection and new security enhancement based capabilities in today's fast paced evolving cyber world with new technologies and new adversaries.
Hope this helps!
Please mark the response as "Accept as Solution" if it answers your query.
08-10-2023 12:02 AM
Thank you for the solution.
Regards,
Shashank
08-11-2023 03:49 AM
Hello,
Can you let us know the missing features in 7.9.101-CE as compared to 8.0/8.1 standard version?
08-11-2023 10:45 AM
Hi @RamyashreeMada ,
Please refer to the release information of Cortex XDR 8.1 which will guide in for the capabilities difference. Though some of the capabilities may get through the CE, but more or less, all the features and fixes which cannot be incorporated in a content update is fixed in agent upgrades version for Cortex XDR. This means that CE versions might have some known issues, which might have been addressed in 8.1 and/or in upcoming versions.
01-22-2024 08:01 AM
Hello, could you please elaborate on the Cortex XDR CE agent recommended requirements for Red Hat servers? I mean, recommended amount of RAM, CPU, Disk in order for the CE agent to run properly.
Regards.
03-07-2024 06:15 AM
How can we get the agent 7.9CE these days? It is not available anymore from the management console. I need it for a 2008 R2 SP1 Windows server.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
