End point security Suite plays a key role for any enterprise. Enterprise can be protect the environment from malware out brake, malicious hit, data leakage, SPAM, back door attacks. The end points (Desktop, Laptop, Servers) can be protected even better with the way we configure the policies/rules.
As a best practice, the signature updates plays a key role to avoid any malware outbreaks inside the environment. Most of the vendor release signatures at least twice a day and one signature release over the weekend. The policies should be in line to update the signatures at the end point level by having a distributed load for the management servers or by placing the different distribution servers to reach the end points for signature update. The frequency can be every 4-6 hours to check for any new signature release from the respective vendor.
End points suite can be configured in such a way to protect from malwares, Application blacklist/whitelist, Device Control, Firewall, Compliance check.
At the application level, you can capture the MD5 value of an .exe file (say for example googletalk.exe) and import the MD5 to blacklist inside the environment. Similarly you can allow set of application and block rest. To an extend you can capture the MD5/File finger print value of an entire machine and freeze the machine at that juncture. User/Attacker can be install/inject any file into the end point. This method can be achieved by System lock down procedure.
At the network level, you can fine tune the end point firewall rule available in the suites to block ports/traffic/intrusions.
Device Control, using this module you will be able to allow/block the USB/Peripheral devices using the Device ID/Class ID.
Compliance check, with the end point solutions the compliance check can be achieved by configuring the policies to check the host integrity. Before the machine gets connected to the network, the compliance can be checked for signature update/windows patches/applications etc..The machines will be allowed to get connect to the network only when the machines are compliance as per the policy else the machines can be directed to the remediation servers to bring it into compliance.
Restriction should be implemented at the end points for the users not to stop the services/kill the task/scan/change settings.
Policies can be fine-tuned in such a way for exceptions from scanning the directories/drives for critical servers like DC, AD, DB, DNS..Etc..
End point DLP/Encryption will further provide protection from the data leakage and configuring the rules based on the environment will prevent any data leakage at the end point level.
Note: The above best practice can be configured/implemented using any leading end point solutions suites. Only the configuration/policies differs from vendor to vendor.
View by - Prakash