info@qualityplusconsulting.com l +1 262-553-6510

Secure Endpoint Strategy for 2021

Why do I care?

Anyone who has a computer wishes for it to be reliable and trustworthy. We require computing systems provide CIA to the data stored on and accessed by the computing platform.

  • Confidentiality
  • Integrity
  • Availability

If malicious actors have compromised the CIA of the system in any way, they can destroy your life, your business, and cost you immense amount of time and money.

QPC Secure Endpoint 2021

In order to have endpoint protection, an entire strategy is required that involves daily labor from humans that know you, your business, and genuinely care about your success.

What is an endpoint? An endpoint is a Windows computer. It could be a server, laptop, desktop PC, or virtual machine. Each device must be protected. EPP is not required for desk phones, smart TVs, NAS, surveillance cameras, thermostats, or other network attached devices because those devices are secured using a network layer security appliance. Sometimes a device-level firewall is used also, as in the case of a NAS.

This article from ISACA explains what zero trust posture is at a very high level.

Security by Design: Are We at a Tipping Point? (isaca.org)

The previously used EPP product does not have key elements that are required for modern effective risk management in today’s high threat landscape. It no longer meets the current security criteria for an effective endpoint protection strategy.

Today’s reality

In order to effectively mitigate risk in today’s threat landscape, a zero-trust architecture approach backed by depth and bidirectionality of the cybersecurity kill chain is required. Bidirectionality is ingress/inbound and egress/outbound traffic.

The necessary components of any viable strategy are:

  • Sophisticated network layer security with logging and security reports inclusive of proactive management and monitoring. This is primarily accomplished with network layer security appliances, yet secondary protection must exist on the endpoint itself.
  • Sophisticated endpoint protection that includes MDR, proactive management, reporting and vulnerability assessment.
  • Proactive and validated patch management for Windows OS, drivers, firmware, and third-party software.
  • Remote monitoring and management with ticketing that also facilitates the asset status reporting required for compliance. An ideal RMM also allows for scripting and reporting for assessing on an ongoing basis (and automating the configuration of) necessary cybersecurity remediations in Windows security environments.
  • QPC RMM is IP access control restricted, hardened, MFA protected, and there are less than five humans alive that have access to it. Our security posture is considerably harder than most MSSPs.

AttackVectors

Necessary components of endpoint protection

QPC uses Panda Adaptive Defense 360 with Advanced Reporting Tool and Patch Management in combination with other tools, appliances, and QPC-designed strategies to create a correlated bi‑directional cybersecurity kill chain to reduce organizational risk. AD360 is a single agent that has many modules which replace several other products. Panda has been a security market leader since 1998, and it recently became a WatchGuard company. QPC has been a WatchGuard Gold partner for more than 10 years.

  • EPP – endpoint protection platform
  • EDR – endpoint detection and response
  • MDR – managed detection and response
  • Patch management services
  • Proactive configuration by security engineers
  • Alert monitoring and incident response
  • Weekly security report review
  • Correlated network layer security intelligence
  • End user awareness training
  • Phishing testing of staff’s response to security threats
  • High quality email content filtering to reduce malicious emails getting delivered to staff inboxes
  • High quality network layer security and deep packet inspection for network traffic
  • Always on network security posture for remote endpoints, especially in a work from home scenario

EndpointLayers

EPP features

  • Antimalware
  • Antivirus technologies
    • Signatures
    • Heuristic detection
    • Blocking of ransomware URLs
  • Firewall
  • Device control (blocking of USB flash drives if client security policy requires this)
  • Email protection (for POP/SMTP-based email)
    • Microsoft365 email security is provided by a cloud-plugin service to Exchange Online
  • Antispam and content filtering (for POP/SMTP-based email)
  • URL filtering
  • Web browsing monitoring

EDR features

  • Fileless (memory-based) attack and malware attack protection
    • Script-based attacks
  • Zero trust security posture
  • Context-based prevention and detection
    • Vulnerabilities in web browsers
    • Vulnerabilities in commonly targeted applications (Java, Office, Adobe Reader, Flash)
  • Anti-exploit technology (vulnerabilities in existing installed software that can be exploited)
  • Cloud-based machine learning

AdvancedEDR

MDR features

  • Managed detection and response service (24x7 datacenter personnel)
  • Monitor and identify abnormal behaviors that are indicative of malicious activity
  • Help achieve regulatory compliance
    • 100% attestation service and (THIS) threat hunting investigation service

ThreatHunting

Facilitate cybersecurity compliance

  • Advanced Reporting Tool includes 12 months of event and telemetry data retention natively
  • SIEM feeder, SOC service, and retention of log data longer than 12 months is available for an additional fee

Patch management

  • Lower risk by keeping software on endpoints fully patched on schedule with validation and reporting
  • Audit, monitor, prioritize updates
  • Identify deprecated software for removal
  • Assess vulnerabilities for governance

 

Linkedin