Ensuring Endpoint Protection for Enhanced Security

Solutions
NETRIO
Solutions

Managed IT services are essential for the modern organization. As your pace of digital transformation accelerates, your IT infrastructure will grow in both breadth and complexity. It takes a highly skilled team that has expertise in managing complex environments to provide the proactive support model necessary to stay ahead of the demands of the modern workplace.

EXPLORE SOLUTIONS
Managed IT Services

Cybersecurity

Network Operations Center (NOCaaS)

Connectivity

Hardware & Software Procurement

Voice Solutions
Are Managed Services a Good Fit For Your Organization?

We manage IT and technology assets to free up valuable internal resources to lead and deliver on strategic initiatives that advance business goals.

LEARN MORE
Partners
- White Label Partners
- Channel Partners
Why NETRIO?
Resources
- Blog
- Customer Resources
Contact
Book a Consultation
214-888-8500

By: Brian DeVault

View Video Transcript

Mike Cromwell

How many times do you get hit on an average month?

Brian DeVault

It just kind of depends on what the exposure to the Internet is. So we have a server that we leave online, that’s on the Internet. We call it a honey pot, but we just leave it essentially wide open on the Internet just to see what threat vectors are out there and what’s happening. It’s not part of any of our network or anything like that, and we don’t let it get compromised. But it’s a good piece of threat intelligence for us, because as we’re executing our cyber security program for customers, we need to know what’s out there.

Mike Cromwell

What kind of activity does a honey pot see?

Brian DeVault

Oh, it’s unbelievable. Unbelievable. Gigabytes per day of attack.

Mike Cromwell

Gigabytes per day.

Brian DeVault

Just a Windows server sitting on the Internet. The amount of threats coming inbound from the Internet is, but not even measurable.

Mike Cromwell

Where do you start on this front if you don’t have a good posture and what is good, what is the path to good.

Brian DeVault

So you definitely want to make sure you have endpoint protection in place. Microsoft offers Defender that comes natively with Windows OS. Its not good enough? You need a third party on top of it. Patching is where I would put way high on that list, and these 2 may be equal. But if you’re a business and you’re not patching your systems and you’re not running endpoint protection, you represent a high risk.

Mike Cromwell

If you’re watching this and you’re concerned that you don’t have the right posture here or you’re far down on that scale, what are the steps you can take to address that? And how long does it take to get there?

Brian DeVault

I’d say make sure you have endpoint protection in place. Antivirus third party antivirus. Go look at the Gartner Magic Quadrant top 20 and pick one. Right. They’re all going to be very similar and feature and benefit. Make sure you have a patch schedule and process in place and make sure that you’re following it. So if you’re a business decision maker, a CIO or CTO, go ask your systems administrators how you’re managing patching and ask them how they can report against it to let you know that things have been patched.

Brian DeVault

Talk to them about hardening. What are we doing to Harden our systems? Are we using imaging? Are we applying best practices? How do we ensure that happens to every asset when it comes in the door? Right? Nothing. Skips that process. IT departments have a tendency to if they’re in a hurry. If somebody is a new employee starting rather than pausing to do the security practice they need, they’ll just get it out the door. Right? Just trying to satisfy the end user. It’s not acceptable. You can’t do it.

Brian DeVault

Get a cyber security platform in place and use an agent right. Again, that preventative mentality in your head around this posture and what you’re trying to do and then use host based intrusion detection where possible.

Mike Cromwell

And if you’re a business and you don’t necessarily have the skills in place to manage this and you’re looking to entrust an MSP that has security practice or MSSP, what does it look like in that environment?

Brian DeVault

An MSSP is going to have all these tools ready to go like.

Mike Cromwell

Like, right out of the gate.

Brian DeVault

Right out of the gate. You can implement these on day one, which is a huge advantage. And probably another conversation about MSSP versus outsourced SOC.

Mike Cromwell

Conversation for another episode. Well, thanks for tuning in, folks. Great stuff, Brian. Been enlightening thus far. Stay tuned. Next week, we’re going to be digging into cloud on Prem, and then we have three more behind that one. So thanks for tuning in. Look forward to talking to you next week.

Brian DeVault

See you next week.

Why Is It Important?

An endpoint protection platform is a vital part of enterprise cybersecurity for many reasons. First of all, in today’s business world, data is often the most valuable asset a company has, and to lose that data, or access to that data, could put the entire business at risk of insolvency. Businesses have also had to contend with not only a growing number of endpoints, but also a rise in the number of types of endpoints. These factors make enterprise endpoint security more difficult on their own, but they’re compounded by remote work and BYOD policies, which make perimeter security increasingly insufficient and create vulnerabilities.

The threat landscape is becoming more complicated. Hackers are always coming up with new ways to gain access, steal information or manipulate employees into giving out sensitive information. Add in the opportunity cost of reallocating resources from business goals to addressing threats, the reputational cost of a large-scale breach, and the actual financial cost of compliance violations, and it’s easy to see why endpoint protection platforms have become regarded as must-haves in terms of securing modern enterprises.

What Ensures A Good Endpoint Security Plan?

With multiple endpoint security options available, it is important to remember that comprehensive protection involves much more than just installing anti-virus software. Here are four features that are crucial to a good security plan:

1. Policy Management

Effective endpoint protection allows organizations to define a set of rules regarding who gets to access the company server, the permissions for each user, and exceptions for overriding these protocols. Additionally, it should also provide you with the option to customize policies for every device and set guidelines for special cases requiring greater access.

In case of a protocol override, the ideal endpoint solution should have several measures in place, such as alarms and alerts. Moreover, it should provide an audit trail that allows administrators to trace unauthorized access to the compromised endpoint.

To round it off, a good endpoint solution should have a policy management component comprising:

– The option to customize device policies.
– The option to customize user policies.
– Policies in place for protocol overrides.

2. Patch Management

Patches are used to fix potential system vulnerabilities that, if exploited, could pave the way for unauthorized access and potential loss of data.

The ideal endpoint solution should include a patch management component that resolves such weak areas in your network, allowing you to repair each vulnerability as it’s detected. Here are the components of comprehensive patch management:

– Support for the discovery of vulnerabilities in various endpoint operating systems and apps
– Guidelines for creating and deploying patches to remote devices
– Patch deployment process
– The ability to schedule and prioritize patches

3. Centralized Management and Configuration System

The key aspect of managing every network endpoint is to have centralized control over every connected device. This comes in very handy, particularly in the case of an emergency in case you may need to lock down or shut off a device.

With a single security management dashboard, administrators can create and edit policies, get timely alerts about suspicious activity, schedule mass updates, and analyze the usage history for each endpoint. Other features include:

– Management for exceptions
– Control over applications
– Live security updates
– Remote installation and updating of security software
– Controls to manage scalability

4. Advanced Device Control

Once you’ve admitted an endpoint device to the system, your work is half done. Securing the endpoint already entails tracking it, but what about external devices connected to the endpoint?
Advanced device control allows organizations to monitor external devices, such as those connected through USB ports. Some systems may also provide the capability to monitor local disks, CD drives, Bluetooth connections, and cloud storage.

This means that you can grant system access to certain types of devices, such as a USB-connected mouse but not a USB-connected hard drive.

Also, such control supports the encryption of data that is exported outside trusted devices. Without the encryption key, hackers can’t actually access the data they stole, essentially rendering it useless. Advanced device control includes:

– Support and monitoring of multiple devices.
– Enforcing access control over USB-mounted devices.
– Enforcing company policies across all workstations and endpoints.
– Allowing for the transfer of encrypted data outside the network.
– Support for logging endpoint device activity, even when a device is offline

This blog post is part of NETRIO’s weekly Whiteboard Wednesday series. Follow along on Linkedin and YouTube each week as Brian and Mike discuss use cases, new technology, and trends.

NETRIO
Solutions

Are Managed Services a Good Fit For Your Organization?