Endpoint Protection Challenges
With an estimated 70% of breaches on endpoints (laptops, workstations, servers, and mobile devices), businesses need to gain insight into the devices connected to both network and cloud applications. Businesses need to be able to trust the devices that connect to resources holding sensitive information.
So how is it that you can determine whether the endpoints connecting to your organisation’s resources are trustworthy?
Ask yourself a few short questions:
- Can you automatically notify users about outdated software to reduce your help desk tickets or block devices that have been compromised? Or Quarantine files deemed to be malicious from causing a network-wide infection?
- Can you enforce endpoint controls on potentially risky or corporate-owned devices? What about third-party or contractor-owned devices connecting to your network?
- Can you enforce access policies based on application risk, or if the device is classified as healthy and compliant with security policies?
Gaining Trust in Endpoints
To effectively build trust in user devices, organisations should set up device-based policies to prevent access by risky or unknown devices. By ensuring that the device is healthy and compliant with security policies, you can ensure that it is trusted. Key components of the Cisco Zero Trust security approach.
Cisco implements Zero Trust with a three-tier approach to the entire workforce, workload, and workplace through:
- Establishing the trust of a user, device, application, etc. before granting access or allowing connections or communications.
- Enforcing trust-based policies with detailed controls based on changing contexts, such as the security of devices and the behaviour of applications
- Continuously verifying trust by monitoring for dangerous devices, non-compliance with guidelines, behavioural deviations and software vulnerabilities
With Duo and Cisco (AMP) Advanced Malware Protection for endpoints, organizations have the tools to effectively build trust in users’ devices that connect to protected applications. Preventing, detecting and reacting are important elements when considering the devices’ confidence in a zero confidence safety approach for the workforce.
More on Cisco (AMP) Advanced Malware Protection here – https://re-solution.co.uk/security-amp
Trust through protection and discovery
Setting up trust goes beyond managing device status and involves checking the device and controlling access based on risk assessments to ensure that only flawless devices that match your security controls gain access to your business systems. With Duo Trusted Endpoints, you can enforce controls and policies to prevent dangerous endpoints from accessing your applications.
This includes devices that are not managed. Do not meet the operating system requirements. Status of enabled security features (configured or disabled); full Disk Encryption.
AMP for Endpoints provides endpoint protection, advanced endpoint detection and response capabilities, and a holistic view of your endpoints, regardless of the operating system. AMP continuously monitors and analyses all file and process activity on your network to find and automatically blocks threats that other solutions overlook. It has more than 15 built-in protection and detection mechanisms to prevent threats from affecting your business. With just a few clicks in AMP’s browser-based management console, file execution on all endpoints can be blocked. AMP knows every other endpoint the file has reached, so the file can be quarantined for all users.
Integration between Duo Security and AMP for endpoints
Adding AMP to endpoints as a trusted endpoint in Duo provides the ability to protect applications from devices identified by AMP as malware-infected endpoints, Prevents access to applications containing sensitive data and reducing the risk of data loss.
The Duo Access Policies allow administrators to completely block access to devices marked by AMP without completely blocking the user. That way, they can access applications from an alternate device to ensure continued productivity.
By automatically isolating and blocking vulnerable devices, organisations can quickly resolve potential threats and reduce their risk footprint without completely impacting user productivity.
Duo and AMP provide enterprises with comprehensive tools to prevent, detect, and respond to potential endpoint threats, increasing overall confidence in these devices.
Learn more about DUO here and AMP above with complimentary trials available on both. https://re-solution.co.uk/security-duo
