Endpoint Security

 

Endpoint Security add-on to Desktop Central: Breaking the silos between endpoint management and security

The major challenge of growing organizations, these days, are the increasing number of endpoints. With the steep increase in the endpoints, traditional anti-virus, file scanning, and security solutions are no match to the security loopholes that these devices pose to the network. In a study conducted by CISO MAG, close to 37% of the respondents didn't use any kind of endpoint protection solutions or were just in the process of evaluating potential security solutions. The same study had around 33% say that their biggest challenge with endpoint security solutions, lay in its complexity of deploying, managing, and using.

Multiple dashboards, agents, and complex security processes would more often cause confusion than help secure the network. To avoid the hassle involved with multiple security solutions, Desktop Central now features the Endpoint Security add-on. Desktop Central powered with the Endpoint Security add-on will handle the holistic security and management of all the managed endpoints in your network.

This document will elaborate on the features of the Endpoint Security add-on. For other details, check out our FAQ page.


Desktop Central's endpoint security features

1. Vulnerability management and threat mitigation

Regularly scan all your managed endpoints for known vulnerabilities, threats, and default/poor misconfigurations to seal the entry points of cyber attacks with our thorough vulnerability assessment and mitigation features

  • Vulnerability assessment: Identify and assess real risks from a plethora of vulnerabilities spread across your network
  • Security configuration management: Keep track of configuration drifts and deploy secure configurations to eliminate security loopholes.
  • Zero-day-vulnerability mitigation: Identify and mitigate zero-day vulnerabilities with pre-built, tested scripts.
  • Web server hardening: Detect and remediate expired SSL, inappropriate web root directory access and other web server flaws.
  • High-risk software audit: Analyse and uninstall software that are unsafe, unauthorized and unsupported by the vendor.
  • Anti-virus audit: Get information on systems in which antivirus is absent, inactive, and not-up-to-date.
  • Port audit: Monitor the ports in use and processes running in it, and identify unintended ports that may be activated by malware or unknown applications.

2. Patch management

Automate the entire patch management process across your heterogeneous network and keep all applications up-to-date with our integrated set of patch management features.

  • Automate patch management: Automate all phases of patch management - from scanning, assessment, deployment and reporting.
  • Cross-platform support: Seamlessly handle every aspect of Windows, Mac and Linux patch management.
  • Third-party application patching: Manage and deploy patches to over 350+ 3rd party applications such as Adobe, Java, WinRAR and more.
  • Flexible deployment policies: Customize patch deployment policies at ease, to meet your unique business needs.
  • Test and approve patches: Create test groups, test patches and approve for deployment to production environments automatically.
  • Decline patches/applications: Prioritize your deployment by declining less critical patches, declined patches can be rolled back and revoked for deployment.
  • Patch compliance: Achieve 100% patch compliance status across all systems, through endpoint evaluation and remediation techniques.
  • Patch management is a part of Desktop Central. When the Endpoint Security add-on is enabled, vulnerability management and patch management features will be available under the Threats & Patches tab.

3. Browser security

Browsers are probably the most neglected endpoints and the most common entry points for malware. Monitor and enforce security measures on the browsers used in your organization with our inclusive set of features for browser security.

  • Add-on control & management: Exercise control over installation and usage of browser extensions and plugins.
  • Web filter: Control access to the internet by providing or denying access to specific sites.
  • Download filter: Restrict file downloads from unauthorized websites and ensure secure browsing.
  • Browser routing: Automatically direct legacy web-applications to legacy browsers when opened in modern browsers.
  • Java Rules Manager: Assign specific Java versions to web-applications based on requirements.
  • Browser customization: Manage bookmarks, set default browsers, configure policies to enhance browser security, and tailor browser settings to suit your Organizational requirements.
  • Browser Lockdown: Enforce kiosk mode with IT approved websites and business web applications.
  • Browser compliance: Discover computers' compliance status with security configurations and achieve 100% compliance.

4. Application control

Unauthorized applications posing a risk to your organization's security and productivity? Use our comprehensive set of features to control applications by blacklisting, whitelisting, or greylisting applications with ease.

  • Application whitelisting: Create whitelists automatically by specifying your pre-requisites in the form of application control rules.
  • Application blacklisting: Curb unproductivity and limit cyber attack risks by blocking non-business applications and malicious executables.
  • Flexibility regulator: Regulate the level of flexibility preferred during the enforcement of application control policies.
  • Endpoint privilege management: Prevent privilege elevation attacks by assigning need-based application specific privileged access.

5. Device control

Say goodbye to stray USBs in your network. Regulate, and restrict peripheral devices in your organization and closely monitor file transfer in and out of your network with our carefully curated features for device control.

  • Device & port control: Control all ports and connected removable devices, block unauthorized access to your data and monitor all device & file actions effectively.
  • File access control: Prevent data loss with strict role based access control policies - set read only permission, block copying of data from devices and do more.
  • File transfer control: Curb unprecedented data transfers - limit file transfers by setting the maximum file size and type of file that can be transferred from your computer.
  • Trusted device list: Create exclusive access for devices to access your computer by adding them to the trusted device list.
  • Temporary access: Create secure and temporary access for devices to access your computers when they want to access what they want to access.
  • File shadowing: Effectively secure files involved in data transfer operations by creating and storing mirror copies in password-protected shares.
  • File tracing: Monitor file actions in real time, record salient details such as file names and locations along with the computers, devices and users involved.

6. BitLocker management

Enable data storage only in BitLocker encrypted devices in order to protect sensitive/corporate data from theft. Monitor BitLocker encryption and TPM status in all managed devices.

For more details about the Endpoint Security add-on, check out some FAQs about the add-on and other features of endpoint security in Desktop Central.