CIS Elements of Endpoint Protection for SME and Enterprise
Features and benefits
Harden the Environment
Remediation (inspection and cleaning) of the current information systems environment is the first step of implemented. The fact that approx. a third of all computers are found to be already infected with malware, (Report from the Anti-Phishing Network (Mello, 2014). By creating a standards foundation we ensure you have a proven framework to work with. We use the Australian cyber standard (ASD essential 8), the EU GDPR standards and the USA NIST standards in our work to harden your systems.
Our solution incorporates a layered defence model. Defence in depth requires layering security protocols in a series that protects, detects and responds to attacks on systems (Merkow & Breithaupt, 2014). This system would intelligently, using AI, monitor and respond to cyber threat from your internal network from each of the endpoints. The following would be required elements to have an effective multi-vector endpoint solution;
- Web protection - Prevents access to malicious websites, ad networks, scammer networks, and bad neighbourhoods.
- Application behaviour protection - Prevents apps from infecting the machine. (Signature-less).
- Application hardening - Reduces vulnerability surface and proactively detects fingerprinting attempts used by advanced attacks. (Signature-less, automated attacks).
- Exploit mitigation - Proactively detect and block attempts to abuse vulnerabilities and remotely execute code on machine.
- Payload analysis - Heuristic and behavioural rules, identify entire families of known and relevant malware..
- Anomaly Detection Machine Learning - proactively identifies unknown viruses and malware from known “good” files. (Signature-less).
- Ransomware mitigation - Detects and blocks ransomware via behaviour monitoring technology. (Signature-less).
Even if staff clicked on a dubious website or nefarious link within an email or email attachment, the CIS endpoint solution would still be able to prevent the attack and reduce the impact of that attack. Without an SME having to implement each of the Essential 8 strategies, this solution would protect them from the risks that several of these strategies seek to prevent (Whitelisting, OS and App patching, App hardening, Office Macros). Each of these Essential 8 mitigation strategies seeks to prevent malicious code from executing and limit access to sensitive data. These mitigation strategies should be considered and implemented where cost-effective. (CIS has developed a specialised cost driven security solution for SME’s)
Secure the endpoints
The last line of defence is the endpoint (PC, Tablet, Laptop, smartphone). This is generally where attacks begin and are launched from. Securing each endpoint will minimize any spread of compromised systems and work with the security fabric to reduce impact and eradicate the threat. The most common ways malware infects information systems is through nefarious websites and email attachments and links (phishing) (Furnell, 2010). This is further evidence that the endpoint must be protected over and above any other device for a small business.
Monitor the system and respond
It is great to have all the systems security in place but if nothing is keeping an eye on it, and preventing it, vulnerabilities will emerge and be exploited. By failing to monitor information systems, and preventing it entering - then the response becomes a reactive, and the damage such as ransom attack will be done and too late.
Endpoint Protection is implemented in two ways;
- Installed by the business with a link to the endpoint agent software
- Endpoint agent software sent to SME MSP to install
Key challenges addressed
- Hardening internal systems against known exploits.
- Monitoring systems against known and ‘zero-day’ threats.
- Endpoint response and remediation .
- Proactive cyber defence.
Click here to :-