Transparency First
Then Trust
The world needs
more transparency
in the cybersecurity
One of the cornerstones of cybersecurity is to ensure that data and systems are protected from serious consequences. It is difficult to choose a product if a customer does not have the opportunity to check whether the software meets certain standards. Endpoint cybersecurity is a multibillion-dollar industry that lacks standardized policies, yet it impacts businesses around the world.
Endpoint security software is designed to minimize risk. A good way to make it clear for a user that a developer helps to mitigate that risk is to be transparent about how the application works and the processes in the developer’s infrastructure. By disclosing certain statistical information, it is possible to know and understand strengths of a product. This may lead to the resolution of the basic problem, that is the elimination of all remaining gaps. On the other hand, developers who are taking the difficult path of disclosing statistical data from end devices may face public criticism and control, but it is beneficial for all companies and institutions.
In an interpersonal relationship, clear rules are needed to build mutual trust. Transparency should be the cybersecurity industry’s motto to strengthen the end customer’s trust in the people who are responsible for the brand’s image. This is the only way to improve collective thinking about cybersecurity.
What is this audit?
Definition of "Cyber Transparency Audit"
As part of the “Cyber Transparency Audit”, the testing body as the Auditor checks data from a provider of a cybersecurity solution for historical compliance.
The audit is an independent assessment of a given system, organization, process, or entire project. The data is examined for compliance with specific guidelines that must be met. The main advantage of the audit is the participation of an external Auditor who is able to thoroughly check, and objectively indicate areas that need to be improved.
Obtaining the “Cyber Transparency Audit – Certified” certificate by a provider means that its effectiveness regarding historical data is confirmed.
The methodology and policy are available to anyone who meets the criteria, therefore anyone can join the project as the Auditor or Developer.
Security incidents in telemetry data
This report contains analyzed and anonymized telemetry data that originated from devices protected against malicious software by a product called Xcitium Advanced. The presented data show a correlation between potentially malicious activity on a Windows device, and actually confirmed malware. This is important because unknown files on employees’ computers that are not confirmed malware yet, can be a backdoor to serious threats such as ransomware or spyware.
Based on the analyzed historical data, we confirm that from 1 April 2024 to 30 June 2024, among 1 196 552 unknown 0-day files, no malware infection was recorded on systems that at this time were protected by Xcitium Advanced.
Key audit insights
- Audited period: 1 April 2024 – 30 June 2024
- Purpose of the audit: Confirmation of compliance with data from the audited period, indication of key information about malware and data leaks.
- Scope of the conducted audit: Audit of telemetry data concerns devices protected by the developer's software and file metadata as part of access to its static threat infrastructure.
- Data comes from software of the class: EDR, XDR, MDR Xcitium. The developer did not disclose which operating systems the audited period covers. Based on the audited file extensions for malware and clean samples, we conclude that this is a Windows environment.
- Name of the audited developer: Xcitium
-
Public Data:
https://www.xcitium.com/labs-statistics https://verdict.xcitium.com
The audit was prepared taking into account the following data set
- Devices with potentially malicious activity (virtualized files).
- Devices with confirmed malware status (virtualized files).
- The number of 0-day files classified as secure.
- Number of 0-day files classified as PUAs.
- Number of 0-day files classified as malware.
- Potential data leaks and active infections.
Audit Summary
This part of the report is a summary of the statistics collected from devices protected by Xcitium where potentially malicious activity has been detected in relation to confirmed malware as a result of uploading a file from a device for the analysis in the cloud.
The risk of unknown files on employees’ computers can lead to infections with ransomware, spyware, or other malicious software. Employees may accidentally download unknown files from the Internet, bring them to the company on their mobile devices, or download them from an email. These files can damage operating systems which consequently leads to loss of important data, and even encryption of infrastructure and deletion of backups.
From 1 April 2024 to 30 June 2024, out of 1 196 552 unknown 0-day files, not a single system infection with malware or potentially unwanted software (PUA) was detected that could contribute to data leakage.
