No devices have to be installed on the client premise. XyberShield runs on any server as a single line of code. It collects threat data from websites around the world -- rolling up collection points to regional sites and then to the central processing site. The company's technologies reside in XyberShield ShieldPoints. Xybershield's multi-tiered global infrastructure is called CXS, RXS and MXS: CXS is used for management and analytics, RXS is geographically regional and is used for analytics and detection, MXS is geographically distributed and is used for threat remediation.
Using this global data, XyberShield creates threat profiles, called Xyberframes, which detect threat signatures and attack pattern correlations. XyberShield then analyzes the behavior of users on any protected site and takes remedial action before an attack occurs. Acceptable parameters for site usage and navigation patterns are analyzed as they are occurring. Therefore, any user session behavior pattern that is identified as a threat during the live analysis is remediated before it becomes a problem. This approach enables the service to prevent previously unknown and unidentified malicious attacks.
The Java-based user interface/reporting site has a clean appearance and was easy to navigate and use. We were skeptical at first of the single line of code protection. But, after running though the live demonstration and watching the threat profiles built in real time protecting the next attempt to breach a system, we were satisfied that the solution performs as advertised. It doesn't protect the first victim, but certainly can protect the second victim once it learns the malicious behavior.