Endpoint Security

Scanning for known bad files using a signature based system, whilst an older method, still provides the backbone for the majority of endpoint security solutions. Provided a regular update methodology is followed you can achieve a very high prevention rating against known malicious files.

Modern day computing allows for many different data transfer methods through just as many data channels. This has made locking down your secure data an increasingly complex task, and a suitable tool is required before even attempting to tackle such a daunting project. Luckily there is a plethora of products designed to tackle this exact problem. However this section focuses on the endpoint as a data source. You can leverage a DLP Endpoint solution to prevent the transmission of confidential data through External Storage, Email, Web, Sharing applications and more through an agent driven system that allows full scanning and control over data transfer at the OS level.

Protecting your data is not as simple as preventing it from leaving your network ecosystem. With mobility still rising as a global work phenomenon it’s ever more important to ensure that any data accessible from or on a remote device is secured. The simplest way to do this is to ensure the endpoint is encrypted using a variety of full disk encryption. Be that via Bitlocker with a management overlay or through a proprietary encryption system, you can prevent access to your data on manageable endpoints. It is also worth considering encrypting your static data using a file and folder encryption product, which could also be leveraged to provide encryption to removable storage or cloud services.

As we all know, a traditional AV solution just doesn’t cut it anymore for the security conscious administrator. In order to provide a reasonable layer of protection you need to add additional layers to your security that do not rely on spotting a known bad file. This is where a Host Intrusion Prevention product comes in, preventing known bad behaviours helps eliminate the reliance on having seen a file before, and therefore circumvents the ease of which a bad file can be re-compiled into a completely new and unseen version in just a few minutes. It also allows for the detection of file-less attacks, and helps prevent script based and memory injection attacks.

Whilst some people overlook installing some basic web security on their endpoints, it can be a valuable asset, especially for an organisation that is not using a cloud based web security solution. As the security is on the endpoint, it can be used to ensure at least a basic level of protection even when off network and provide a fallback for existing systems.

“Next Generation Endpoint” seems to be the new buzz word in the security industry, however you can distil this to mean any endpoint security solution that leverages a non-signature based solution to prevent never seen before attacks at point of discovery, with no intervention required from security engineers in a lab dissecting and producing a signature. They come in many types and flavours, and it’s important to understand how they function in order to pick out the best solution to suit you and your network; this is where we will strive to assist in providing the understanding of each solution and how it can fit your network.

In low change environments there is little better than simply not allowing unknown applications to run. Almost all threats have some form of executable element at the very least to provide a restart mechanic. A good application control solution should allow you to both whitelist and blacklist known applications. This is especially effective for legacy solutions that need to be maintained for business purposes, whilst reducing the risk to your network.

Being able to control a users access to external devices from their endpoint is crucial not only from a data loss prevention aspect but also from a security aspect. Not being able to remove data from the environment using an external device, be that a USB or a Printer, has obvious merits. However the traditional solutions of disabling USB ports using a GPO is not usually elegant enough to provide true cover. It is quite often the case that a user may require the ability to pull data off a USB device, making the device read only and preventing the execution of files and scripts is a much more suitable solution and a Device Control product should aim to address this.

Security is about more than simply preventing the breach of your network. No system or solution is perfect and malicious actors will always be developing new ways to cause disruption and ultimately make money. You need a scalable, concise and simple tool that allows you to understand the cause of a breach, see the actions taken and files involved and then take a remediation action that takes a few clicks, not a few months to resolve the root cause. This is what an EDR solutions is designed to do; to allow easy, manageable and fast reaction to bad events in your environment, massively cutting down the man hours required to reach a full remediation. From smaller scale businesses that cannot spare the man hours in the case of a breach, all the way through to large enterprises that want to empower their internal SOC, an EDR solution is a must for top notch endpoint security.

An area that is much overlooked is the implementation of a 3^rd party desktop firewall in favour of Windows Firewall. Having a firewall that is integrated with your endpoint security solution can allow you to leverage more immediate responses from your central security management solution. Something as simple as automatically allowing known good secure traffic to automatically locking down the firewall to enforcing security management traffic only is very useful. Especially in the case of an infected endpoint.

The number one cause of infection is using old, outdated and vulnerable software. From your Operating System to Adobe Reader, you need to stay on top of patching your software to ensure that the known and published vulnerabilities in the software are not exploited to allow an easy breach of your network. Using a centrally managed patch management solution can allow you to overview and take re-mediating action where required, to ensure all your devices are as up to date as possible.