Endpoint Security
EDR, antivirus, device management, and endpoint protection platforms.
Overview
Endpoint security protects individual devices from threats.
Security Stack
Architecture Diagram
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā EDR/XDR ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā¤
ā Antivirus ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā¤
ā Firewall ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā¤
ā Patch Management ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā¤
ā Device Control ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
EDR Features
| Feature | Purpose |
|---|---|
| Real-time monitoring | Detect threats |
| Behavioral analysis | Identify anomalies |
| Threat hunting | Proactive search |
| Incident response | Contain threats |
| Forensics | Investigate incidents |
Antivirus Scanning
# ClamAV scan
clamscan -r /home
clamscan -r --bell -i /
# Update signatures
freshclam
Device Management (MDM)
# MDM Policy
device_policy:
encryption: required
passcode:
min_length: 8
complexity: high
expiry_days: 90
allowed_apps:
- whitelist:
- com.company.app
- blacklist:
- com.games.*
jailbreak_detection: true
Endpoint Protection Platforms
| Product | Features |
|---|---|
| CrowdStrike | EDR, threat intelligence |
| SentinelOne | AI-powered protection |
| Microsoft Defender | Integrated with Windows |
| Carbon Black | Behavioral analysis |
| Cylance | AI prevention |
Compliance Checks
# Check encryption status (Windows)
manage-bde -status C:
# Check firewall status (Linux)
sudo ufw status
# Check antivirus (Windows)
Get-MpComputerStatus
Best Practices
- Enable MFA ā Multi-factor authentication
- Full Disk Encryption ā BitLocker, FileVault
- Auto-Updates ā Keep software current
- Least Privilege ā Standard user accounts
- Backup ā Regular data backups
Practice
Deploy and configure an EDR solution on test endpoints.