Endpoint security is nothing more than an approach to protecting computer networks that are remotely connected to client devices. The endpoint can be any device that has the ability to connect to the network. The most important of them are desktops, laptops, smartphones, tablets, printers and terminals. Thus, endpoint security is all protective measures to prevent and limit negative impacts on endpoint devices.
ENDPOINT DETECTION & RESPONSE (EDR)
Most of us think of endpoint security as antivirus, but antivirus is just protection against already known malware. The biggest threats to endpoints are phishing software vulnerabilities, malvertising, and polimorphic viruses that change their code to avoid detection by signatures.
EDR security solutions provide real-time visibility into endpoint devices as well as the ability to identify and respond to threats.
To enable these possibilities, EDR solutions use the following mechanisms:
- Data collection and logging – provides a historical database related to security events.
- Detection engine detects deviations from the baseline of end device behavior – suspicious processes? Sudden increase in data sent? Attempting to connect to a site with dubious reputation or unknown server? EDR uses behavioral algorithms as well as signatures to neutralize the threat in time.
- To ensure real-time visibility and analysis of endpoints, EDR solutions perform these tasks continuously. When a threat is detected, EDR will notify administrators and / or apply a preconfigured action.
EDR solutions allow you to control the edge of the network where the real border is – on the end device.
SERVER PROTECTION
The first end-to-end solution for securing mission-critical services in a hybrid IT infrastructure model that includes physical servers, virtual and cloud environments.
Server Protection combines security technologies to minimize CPU load, provides a toolkit for access control and threat detection, supports all major virtual environments, and centralizes security management.
If you are wondering how to ensure security for distributed resources – in the cloud, virtual and physical environments – we will help you:
- gain a central point of view for data and actions performed on servers,
- implement a host intrusion and malicious activity detection system,
- provide security basics such as firewall and antivirus for a hybrid environment.
With Server Protection, your increase in IT flexibility and scalability will not come at the expense of security.
SANDBOXING – PROTECTION AGAINST ZERO-DAY ATTACKS
Sandbox is an isolated testing environment that allows users to run programs or files without affecting the application, system, or platform on which they are run. Cybersecurity specialists use sandboxing to test for potentially malicious software.
Security teams appreciate sandboxing because without it:
- an application or other system process could have unrestricted access to all user data and system resources on the network;
- malware with an unknown signature – “zero day” – could easily penetrate the network hidden (code obfuscation) in seemingly harmless files.
For example, files such as PDF, MS Word, MS Excel downloaded from the Internet by users, thanks to sandboxing, are opened and analyzed in terms of identifying dangerous behaviors, e.g. establishing illegal network connections, making unauthorized changes to system files and entries in registers, downloading illegal code from the Internet.
Our technology protects your organization’s critical infrastructure from suspicious code because it runs in a separate system. It uses full system emulation (at the level of milliseconds of response from individual parts of the operating system) to avoid recognition by malware.
MULTI-FACTOR AUTHENTICATION (MFA)
User Multi-Factor Authentication (MFA) is based on 3 key elements:
- Something you know (password).
- What do you have (phone, token).
- Something who you are (biometric data).
Enabling MFA allows the administrator to impose an additional layer of security – obtaining a password and login is not enough to break into the system. In addition to providing these login details, the user must (in subsequent stages) provide the obtained code or phrase, e.g. from his mobile internet device (e.g. smartphone, tablet), by rewriting it from an SMS or confirming it in the mobile application.
MFA is a security standard recommended for every organization.
EXAMPLE:
Payment Card Industry (PCI) Data Security Regulation – Requirement 8.3 requires the use of MFA for all off-network remote network access to the Card Data Environment (CDE). As of PCI-DSS 3.2, the use of MFA is required for all administrative access to the CDE, even if the user is in a trusted network.
Another example is Google’s official recommendation for using Gmail accounts.
THREAT DETECTION AND RESPONSE
Threat detection and response is the use of Big Data analytics to find threats in a wide variety of data sets. Objective?
- Finding an anomaly.
- Analyzing their level of threat.
- Determine what mitigation measures may be required in response.
Demand for threat detection and response solutions has grown with the exponential growth in the amount of data generated by organizations and the evolution of the malware code.
The main benefit of threat detection and response solutions is their ability to automatically identify and respond to threats in real-time. By combining behavior-based detection and visibility into endpoint data activity, TDR solutions can capture threats that often go undetected by firewalls and antivirus software.