Endpoint Security
EDR, antivirus, device management, and endpoint protection platforms.
Overview
Endpoint security protects individual devices from threats.
Security Stack
π±
Device Control
π§
Patch Management
π₯
Firewall
π‘οΈ
Antivirus
π
EDR/XDR
EDR Features
| Feature | Purpose |
|---|---|
| Real-time monitoring | Detect threats |
| Behavioral analysis | Identify anomalies |
| Threat hunting | Proactive search |
| Incident response | Contain threats |
| Forensics | Investigate incidents |
Antivirus Scanning
# ClamAV scan
clamscan -r /home
clamscan -r --bell -i /
# Update signatures
freshclam
Device Management (MDM)
# MDM Policy
device_policy:
encryption: required
passcode:
min_length: 8
complexity: high
expiry_days: 90
allowed_apps:
- whitelist:
- com.company.app
- blacklist:
- com.games.*
jailbreak_detection: true
Endpoint Protection Platforms
| Product | Features |
|---|---|
| CrowdStrike | EDR, threat intelligence |
| SentinelOne | AI-powered protection |
| Microsoft Defender | Integrated with Windows |
| Carbon Black | Behavioral analysis |
| Cylance | AI prevention |
Compliance Checks
# Check encryption status (Windows)
manage-bde -status C:
# Check firewall status (Linux)
sudo ufw status
# Check antivirus (Windows)
Get-MpComputerStatus
Best Practices
- Enable MFA β Multi-factor authentication
- Full Disk Encryption β BitLocker, FileVault
- Auto-Updates β Keep software current
- Least Privilege β Standard user accounts
- Backup β Regular data backups
Practice
Deploy and configure an EDR solution on test endpoints.