ACSIA XDR Plus FAQs
These are some common questions we’re asked about ACSIA XDR Plus™. If you have a question we haven’t answered here, please get in touch for more information.
User and operational questions about ACSIA XDR Plus
Yes, ACSIA provides protection for Windows 2008 R2 and later, MAC OS v10.11 and later and Linux Kernel v2.6 and later.
Yes, ACSIA was designed as an enterprise cyber defense product and protects both Desktop and Server devices.
ACSIA can be used alongside any other cyber security product with zero impact on the operations or performance of other products.
No, ACSIA does not interrupt or imbalance any systems/processes/applications or infrastructure.
Most security products look for anomalies in traffic patterns, or for known signatures of malware active on a device being monitored. As virtually all traffic is encrypted it is only possible for these systems to anticipate if an encrypted traffic pattern is an anomalous threat. ACSIA consolidates event logs from our Threat Intelligence platform, EDR, IDS and IPS modules into our SIEM where they are analysed and remediated to provide forensic levels of analysis and automated remediation.
Our offensive tools detection and pattern recognition algorithms can detect obfuscated hacking tools, techniques and methods that we validate at Kernel (Linux) or Registry (Windows) level for granular threat analysis and validation.
Typically, ACSIA will eliminate over 98% of all false positives, leaving your personnel with more time to focus on the real and substantial cyber threats being detected. The small variance and reason why 100% of threats cannot always be eliminated is because some events will always require manual review as they may or may not be true.
For example, if your CEO traveled from London on Monday and then onto Ohio on Tuesday and onto Beijing on Wednesday while connecting to the office network in each location, ACSIA would detect and alert on user access requests from different geographies and provide the administrator with a clear explanation of the event, security threat level it represents and a prioritized list of recommended actions that can be performed by the selecting the preferred choice.
No, for the reasons provided in Q6 this is not possible. However, in 95%-98% of cases ACSIA can be set to operate automatically without user/administrator intervention. In the 5%-2% of cases where this is not possible, the administrator will be notified via real-time messaging to their desktop or mobile device.
ACSIA will provide detailed guidance on the nature of the threat detected – what it means, where it originated from and most importantly, the recommended response options available.
Yes, ACSIA gives real-time alerts on threats detected.
Yes, if an incident involves an internal legitimate user where the account has been used to perform some unauthorized activity or user action mandates immediate cessation of access, the ACSIA administrator can immediately block that specific user.
Until ACSIA is 100% sure that what has been detected is an actual threat it will not automate a response, so false positives are not possible.
We have a customer feedback channel where we encourage partners and customers to help us identify new needs and thereby influence our product roadmap.
Technical questions about ACSIA XDR Plus
Yes, the product was designed and built by Dectar as an extremely powerful cyber defense tool that combines the threat intelligence of multiple defense methods, correlating and analyzing the combined logs enabling ACSIA to deliver a highly accurate and efficacious cyber defense.
No, Anti-virus and Spam protection are not features contained in the ACSIA product. These types of products are typically related to email threat detection systems for desktops.
The blocking occurs in a similar way to any other IDS, at host level (since this is an endpoint solution) and the blocking instructions from ACSIA using Ansible playbooks through the user account on each host/domain that is created as part of the requirements.
Yes, each event actioned within ACSIA can be reversed in case of error/mistake by the administrator.
ACSIA won’t automatically block classless inter-domain routing (CIDR) subnets but just single IP addresses, however users can manually block or whitelist CIDR subnets on ACSIA by adding the subnet.
ACSIA reads the standard system and the most popular web application logs.
It could be the case that a client has developed a custom/bespoke web-app with a custom log format. For this to be monitored by ACSIA, we can evaluate the merit of ingesting bespoke logs into ACSIA.
By default, the following logs are ingested into ACSIA for analysis:
– winlogbeat (windows event logs)
– packetbeat (network traffic)
– falco (kernel traffic logs)
– auditbeat (audit logs)
– filebeat (main syslogs and webapp logs)
– ossec (security and audit related logs)
Yes, ACSIA has a published API and full documentation set accompanying it.
The ACSIA Core Engine must be deployed on a Linux instance which can be hosted on a physical/virtual/cloud or container platform. A typical deployment requires a minimum of 2 cores, 8GB Memory and 100GB storage which would support ~100+ monitored devices.
Yes. One of ACSIAs core strengths is the ability to scale to support thousands of devices. The product itself scales almost linearly by adding more cores, memory and storage depending on the nature and context of the environment being monitored.
The ACSIA engine itself deploys in under 15 minutes on physical/VM/Cloud/Container platforms.
ACSIA can be deployed with or without agents although some features are unavailable with the agentless client.
Both the ACSIA server and Client Agent are fully upgradable.
General product and sales questions
Our company name is Dectar Limited (registered in Ireland) and we designed and built ACSIA XDR Plus (Automated Cyber Security Intelligence Application) which is an advanced XDR solution with predictive and proactive Threat Intelligence defenses.
We are a partner centric company and have a rapidly expanding partner ecosystem across EMEA and South America consisting of:
✔ Value Added Resellers
✔ Managed Security Services Providers
✔ Services Partners
✔ Independent Software Vendors
✔ Managed Services Providers
Please contact us if you would like to join our expanding list of partners or if you would like us to connect you to a partner near you.
Like many open source solutions, ACSIA is sold on an Annual Subscription basis although it may be purchased through our Managed Service Providers on a monthly basis or pay as you go through cloud platforms. An active subscription enables the product to be downloaded from our servers (or consumed as a service), access our license database and comes with product updates, product upgrades, knowledge repositories and a support level agreement.
Subscriptions for ACSIA are sold based on the quantity of physical or virtual systems in an environment with each physical or virtual server consuming one device subscription.
Subscriptions for Containers (docker, CRI-O, Kubernetes, containerd, etc.) are consumed based on the number of physical or virtual servers on which they reside (the number of containers is unlimited).
Subscriptions for desktops and laptops are calculated on a 10:1 basis, with ten such devices equating to one server device.
Product releases are generally released quarterly or twice a year.
Yes, ACSIA XDR Plus upgrades are installed incrementally.
We are a product company and only offer existing customers with consultancy services in conjunction with our partners.
Yes, we are happy to provide demonstrations of the ACSIA XDR Plus product or trial copies of the product to test in your environment.
Yes, we need to be advised of such changes, but subscriptions can be transferred without penalty.