Endpoint Security - 4.5
Summary
Endpoint security is the practice of protecting devices that connect to a network. It includes Network Access Control to ensure devices meet security standards before accessing the network, Endpoint Detection and Response (EDR) to detect and respond to threats on devices, and Extended Detection and Response (XDR), which expands detection across multiple layers like cloud and network. User Behavior Analytics (UBA) monitors user actions to detect unusual behavior that may signal a security threat.
Notes:
Network Access Control - NAC
- Performs health and posture checks during log-ons and log-outs, allowing or denying access to the network when an endpoint does not meet the required security posture.
Endpoint Detection and Response - EDR
- Endpoint agent that can identify and respond the threats.
- Detection includes: checking signatures, machine learning, behavioral analysis, etc
- Response includes: isolating systems, quarantining files, restoring to prev configs, etc
Extended Detection and Response - XDR
- Improvements on EDR that allow for the identificaiton and reponsible of more complicated attack vectors.
- Combination of endpoints, clouds, and networks in corrolating data to improve detection rates and overall performance.
User Behavior Analytics
- Gathering and alalysis of date via the XDR to determine noraml base lines of operation over long periods of time.
- This baseline will help identify anomalie and repsond in real time to threats.