A study shows Cortex XDRβs encrypted BIOC rules can be decrypted and analyzed, exposing detection logic intended to remain secure. This exposure could allow attackers to learn how to evade or manipulate endpoint detection, posing risks to sectors like finance, healthcare, retail, manufacturing, and government. #CortexXDR #BIOCRules
Keypoints
- Researchers demonstrated that Cortex XDR BIOC rules stored in encrypted form can be decrypted and inspected.
- Decrypted rules reveal internal detection logic that attackers could study to craft evasion techniques.
- Adversaries might manipulate or bypass BIOC rules, undermining endpoint detection effectiveness.
- Critical sectors such as finance, healthcare, retail, manufacturing, and government face heightened exposure.
- Organizations should reassess endpoint security assumptions and protect detection logic to reduce risk.
Read More: https://thecyberexpress.com/cortex-xdr-bioc-rules-security-risk/