...
Reports for incidents and telemetry are stored on disk for offline scenarios.
Due to tampering attempts observed against multiple EDR/XDR logging stores, Cyber Crucible enabled kernel-level protection against the disk-stored data before deploying this capability.
Increased protection of the service process used for backend communication and updates, as part of look-ahead zero-trust hardening.
This was not in response to an existing threat, but proactive for one the Team sees upcoming.
...