Part 1, Protecting your Endpoints

Overview
There are many different solutions and ways to protect the environment you manage in today's IT infrastructures. We are all confined by one main thing, and that is budget. Budget is the four-letter word of security, but we all do what we can to stretch those dollars no matter how big or small the budget is. My experience is in small and medium business sizes with around 500-700 users ranging from field workers to the C-Suite. In this article, I will go over technologies and not products that I believe work well for me in the past and other types of solutions that I think have a space in the infrastructure.
Key Components of Endpoint Protection
Endpoints are the first line of defense when it comes to protecting the infrastructure, and since that's what our users work on, it is a good starting point. The first thing we think about with endpoints, besides the users, is protecting them. Using an antivirus product is a given, but today’s antivirus products need to do more than protect from viruses. They need to feed data back to the security team, automate response, and have built-in forensics tools. EDR is the new standard technology in this space. Endpoint detection and response should be the first technology solution in this space. If your staff is low on staffing to manage this system, there is also MDR, or managed detection and response; this way, your team has more time to solve other issues or innovate than monitoring and tweaking the EDR application. There are many great products in this space; I would find the one that fits your staff or partner with an MSSP to provide the service. Email protection is another technology in this area that I only add here instead of infrastructure thanks to cloud services and its being end user-focused. Finding excellent email protection is not hard, but I would make sure all the features and tools you care about are built into the system. I have all my experience in Office 365 and trying to do mail flow searches in Office 365; I have always felt it was missing some features. Using other third-party email protection makes phish hunting in emails much more straightforward. Searching large data sets is much easier on third-party platforms. Instead of specific data pulls, you have to wait for a report on an excel spreadsheet to be produced from office 365; in third-party platforms, you can get a near-instant reporting. Secure email is another portion of this; I always felt Office 365 secure email looks too much like a phishing scheme itself, or maybe I just seen so many phish emails made to look that way that I always think a secure email from Exchange Online seems phishy.
Optional Tools
A web filter is an excellent tool for mobile endpoints. This adds another layer to the security onion that provides protection against bad links. My go-to example for this is you get a phishing email, but the email is from Dropbox or One Drive, so most email protection tools will scan it and say, “ Hey man, this is a legit URL and email” your security awareness training will still tell you to watch out. Now you get the link, and you click on it, it brings you to the dropbox page, and you see a file or another link. You click on the file, and there is some phishing format like an invoice or something and says click here to sign a document or something to get you to click on the URL. All this is not covered by your email URL protection or email security; now, it is on the browser and your web filter to protect the endpoint. When you click that URL, that web filter should block the action, or if it tries to download a file, the web filter or the EDR solution will protect the endpoint.
Comments