Enhance cybersecurity awareness and survivability for DoD, industry partners, and academia in the face of the ever-increasing threat of cyber attacks. Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.
Endpoint protection
This topic contains 7 replies, has 7 voices, and was last updated by 
-
Topic
-
Looking for advice on endpoint protection for a busy SMB environment. Is the AV “sandbox” of threats and subsequent monitoring effective? Have any other admins outsourced endpoint protection?
-
Replies
-
Service in question: https://www.secureworks.com/
-
This reply was modified 7 months, 3 weeks ago by
jreade. Reason: Added text version of url
-
This reply was modified 7 months, 3 weeks ago by
-
Do anyone know of any test on Stealth’s ability to protect at the endpoint that occurred outside of Unisys?
-
In my experience, I will suggest this service to be done internally rather than hiring a third party provider to remediation the issue you noted in your post. Reason been that you have total control of all the activity that will be performed in this process. As regards suggesting best solution for remediation, we used both an end-point protection solution for both the servers and the endpoints connecting to the network then implement and IPS/IDS appliance to monitor and retrieve data traffic going in and out of the network. So, far we were able to protect, identify, and resolve very issue relating to malware intrusion into the environment.
https://www.mcafee.com/us/products/endpoint-protection/index.aspx
http://www.infosectoday.com/Articles/Deep_Packet_Inspection_Technologies.htm -
I’ve seen where the endpoint solution market is broken down into solutions that preform 4 different functions. Predict, Prevent, Detect and Respond. There are solutions that what will span the more then one function. Would would not need a solution to predict. Solutions that do detection & response come with more complexity. For a SMB, you would first look for a good prevent foundation. More then the traditional signature based AV and can get into heuristics detection (more commonly referred to NextGen AV). Some of those solutions also bleed into the capabilities of detect and respond. If you look to outsource to a MSSP, you most likely get the software and operations for a subscription cost. An outsource like Secureworks, can keep the software up to date, pull the telemetry over their Threat Intelligence and notify you of incidents and remediation support when needed.
-
Our CISO did a fair amount of testing in the endpoint area and Cylance performed extremely well (https://www.cylance.com/en_us/blog/sans-nges-test.html). We’ve deployed their solution at a number of our clients and they seem to be very pleased.
-
We’ve been using Sophos for several years and more recently their newest product InterceptX for our endpoints. It has been working great and isn’t CPU intensive. Central management is great as well. https://www.sophos.com/en-us/products/intercept-x.aspx. I really like their licensing model: it’s user based and not device based. One user can have multiple devices and you only pay for one license which is great for any one, but especially SMB’s.
-
I agree with @oare2017 that endpoint protection is best done in house. Gartner rates a number of them here: https://www.gartner.com/reviews/market/endpoint-protection-platforms. Been using Symantec for a number of years and it does a decent job and is easy to administrate.
You must be logged in to reply to this topic.
