Difference between Critical environment and Normal Version

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Difference between Critical environment and Normal Version

L3 Networker

Hello,

Can you help with the difference between Critical environment and Normal Version of Cortex XDR?

When should an organisation use critical environment ?

Regards,

Shashank Sinha

1 accepted solution

Accepted Solutions

L5 Sessionator

Hi @Shashanksinha ,

 

Thank you for writing to live community!

 

Critical Environment version of Cortex XDR agent is released as a performance issues mitigation release for highly critical and highly regulated endpoints. Some examples of the same would include some "Do not Touch" servers which have to be decommissioned because of some OS functionality issues, application criticality issues etc, but that has not yet been prioritised and any install/uninstall or changes to the environment can lead to further damages(eg could be a use case where the OS patch got corrupted and has broken some registry modules and any new changes to registry can cause the server OS to crash). 

 

These devices are such where they do not interact much to the outside world as they are kept well secured and any changes on these servers could pose a high risk to production environment as they are already low scaled systems. In such situations where risks against the latest cyber attacks has to be sidelined to prioritise the business operations, CE version can come in handy as in circumstances, it provides support the agent functions and protection in form of content updates against all the attack vectors that can be included in a content version. The advantage of CE version is that is allows the agent to stand and get support for a very long period of time without the need to upgrade frequently.

 

However, the demerits follow. The CE version agents are released for specific versions only and they have a release cycle for almost more than 1 year. This means, that any feature or capability that is included in new versions of cortex xdr, which have the latest agent dependency will not work on the CE versions. Lets take example of 7.5 CE. As of today's date, if a customer is on 7.5 CE version on any agent, he loses following:

  • Java Deserialisation Protection for Windows will not work on 7.5CE as it needs a minimum of 7.6.2 for detection and 7.7.1 for protection
  • Linux agent scanning  and isolation would not be available
  • New OS versions support will not be applicable for 7.5CE
  • ASPX webshell tracking is available only with 8.0 and above and will be missed on 7.5CE
  • Certain Forensics triage for Windows 10 will not be available
  • disable prevention rules would not work
  • Some new modules and capabilities of BTP included with agent 8.0.* and above will not be available(though this stands for agent versions lower than this),

The above list can go on....

 

Hence, as a use case as for organisations to opt for CE versions would not be organization specific and has to be used only in very very limited use cases considering the fact that security on the endpoint with help of cortex agent will not be a top notch priority. It has to be taken into consideration that there will be some manual regulation beyond the purview for Cortex XDR agent for maintaining a balance between confidentiality, integrity and availability.

 

In short, the CE version will provide stability and balance to prevent the natural regulation of agent management because of higher End of Life cycles, but at the cost of protection and new security enhancement based capabilities in today's fast paced evolving cyber world with new technologies and new adversaries.

 

Hope this helps!

 

Please mark the response as "Accept as Solution" if it answers your query.

View solution in original post

7 REPLIES 7

L5 Sessionator

Hi @Shashanksinha ,

 

Thank you for writing to live community!

 

Critical Environment version of Cortex XDR agent is released as a performance issues mitigation release for highly critical and highly regulated endpoints. Some examples of the same would include some "Do not Touch" servers which have to be decommissioned because of some OS functionality issues, application criticality issues etc, but that has not yet been prioritised and any install/uninstall or changes to the environment can lead to further damages(eg could be a use case where the OS patch got corrupted and has broken some registry modules and any new changes to registry can cause the server OS to crash). 

 

These devices are such where they do not interact much to the outside world as they are kept well secured and any changes on these servers could pose a high risk to production environment as they are already low scaled systems. In such situations where risks against the latest cyber attacks has to be sidelined to prioritise the business operations, CE version can come in handy as in circumstances, it provides support the agent functions and protection in form of content updates against all the attack vectors that can be included in a content version. The advantage of CE version is that is allows the agent to stand and get support for a very long period of time without the need to upgrade frequently.

 

However, the demerits follow. The CE version agents are released for specific versions only and they have a release cycle for almost more than 1 year. This means, that any feature or capability that is included in new versions of cortex xdr, which have the latest agent dependency will not work on the CE versions. Lets take example of 7.5 CE. As of today's date, if a customer is on 7.5 CE version on any agent, he loses following:

  • Java Deserialisation Protection for Windows will not work on 7.5CE as it needs a minimum of 7.6.2 for detection and 7.7.1 for protection
  • Linux agent scanning  and isolation would not be available
  • New OS versions support will not be applicable for 7.5CE
  • ASPX webshell tracking is available only with 8.0 and above and will be missed on 7.5CE
  • Certain Forensics triage for Windows 10 will not be available
  • disable prevention rules would not work
  • Some new modules and capabilities of BTP included with agent 8.0.* and above will not be available(though this stands for agent versions lower than this),

The above list can go on....

 

Hence, as a use case as for organisations to opt for CE versions would not be organization specific and has to be used only in very very limited use cases considering the fact that security on the endpoint with help of cortex agent will not be a top notch priority. It has to be taken into consideration that there will be some manual regulation beyond the purview for Cortex XDR agent for maintaining a balance between confidentiality, integrity and availability.

 

In short, the CE version will provide stability and balance to prevent the natural regulation of agent management because of higher End of Life cycles, but at the cost of protection and new security enhancement based capabilities in today's fast paced evolving cyber world with new technologies and new adversaries.

 

Hope this helps!

 

Please mark the response as "Accept as Solution" if it answers your query.

Thank you for the solution.

Regards,

Shashank

👍👍👍👍

Hello,

 

 Can you let us know the missing features in 7.9.101-CE as compared to 8.0/8.1 standard version?

Hi @RamyashreeMada ,

 

Please refer to the release information of Cortex XDR 8.1 which will guide in for the capabilities difference. Though some of the capabilities may get through the CE, but more or less, all the features and fixes which cannot be incorporated in a content update is fixed in agent upgrades version for Cortex XDR. This means that CE versions might have some known issues, which might have been addressed in 8.1 and/or in upcoming versions.

L1 Bithead

Hello, could you please elaborate on the Cortex XDR CE agent recommended requirements for Red Hat servers? I mean, recommended amount of RAM, CPU, Disk in order for the CE agent to run properly.

 

Regards. 

L1 Bithead

How can we get the agent 7.9CE these days? It is not available anymore from the management console. I need it for a 2008 R2 SP1 Windows server.

Others - “Cybersecurity is becoming the most important security topic of the future – particularly in the age of digitalization.” Me - It is right now!
  • 1 accepted solution
  • 3011 Views
  • 7 replies
  • 0 Likes
  • 78 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!