Endpoint Security - CompTIA Security+ SY0-701 - 4.5
Device Posture check
- Is it a trusted device - is it running anti-virus? which one? Is it updated? - Are the corporate applications installed? - Is it a mobile device? Is the disk encrypted? - The type of device doesn't matter - windows, Mac, iOS etc
Edge Security
- Your internet link - Managed primary through firewall riles - Firewall rules rarely change
Endpoint Detection and Response (EDR)
A different method of threat protection - Scale to meet the increasing number of threats Detect a threat - Signatures aren't the only detection tool - Behavior analysis, machine learning, process monitoring - lightweight agent on the endpoint Investigate the threat - Root cause analysis Respond to the threat - Isolate the system, quarantine the threat, rollback to a previous configuration - API driven, no user or technician intervention required
Agentless NAC
A network access control (NAC) agent that is not installed on an endpoint device but is embedded within a Microsoft Windows Active Directory domain controller.
Endpoint Security
A set of security procedures and technologies designed to restrict network access at a device level. The users access - Application and data Stop the attackers - Inbound and outbound attacks Many different platforms - mobile, desktop Protection is multi-faced - defense in depth
persistent agent
Agent software that is permanently installed on a device and that can provide robust security measures such as remote wipe, virus scanning, and mass messaging.
Dissolvable Agent
Agent software that remains on a device long enough to verify compliance and complete authentication, and then uninstalls. Devices might be required to periodically reinstall the agent to complete the authentication process again.
Extended Detection and Response (XDR)
An evolution of EDR - Improve missed detection's, false positives, and long investigation times - Attacks involve more than just the endpoint Add network based detection - Investigate and respond to network anomalies Correlate endpoint, network, and cloud data - Improve detection rates - Simplify security events investigations
Access Control
Control from wherever you are - Inside or outside Access can be based on many rules - By user, group, location, application, etc Access can be revoked or changed easily - Changing security posture at anytime
User Behavior Analytics (UBA)
XDR commonly uses this - Extend the scope of anomaly detection Watch users, hosts, network traffic, data repositories, etc - Create a baseline or normal activity - Requires data analysis over an extended period Watch for anything unusual - Use a set of rules, pattern matching, statistical analysis
posture assessment
assesses cyber risk posture and exposure to threats caused by misconfiguration and patching delays
