Endpoint Security: The Key to Combatting Sophisticated CTAs

Source: CIS

If you’re like other U.S. State, Local, Tribal, and Territorial (SLTT) organizations, you face a stark challenge in mounting a proper defense against cyber threat actors (CTAs), whose attacks continue to increase in sophistication and volume. The contemporary remote and hybrid work models further complicate your cybersecurity program, widening the attack surface and complicating your security team’s job of endpoint protection and vulnerability management.

To help you overcome this challenge, the Center for Internet Security® (CIS®) offers CIS Managed Detection and Response™ (CIS MDR™), an endpoint protection solution fully managed and monitored by the 24x7x365 U.S.-based CIS Security Operations Center (SOC). CIS MDR strengthens your endpoint security with advanced features in GovCloud and Commercial Cloud environments — all while relieving your teams of tedious work. It also offers access to MDR Spotlight™ and MDR Mobile™, additional capabilities you can use to streamline your vulnerability management processes and gain real-time visibility into your mobile devices.

Protect All Devices Regardless of Their Network Connections

CIS MDR offers a Managed Detection and Response solution that features a full-time cybersecurity defense partnership with the 24x7x365 U.S.-based CIS SOC. As a function of our MDR, the CIS SOC becomes an extension of your security team; it continuously monitors and manages CIS MDR software by analyzing malicious activity, escalating actionable threats to you, and removing false positives so that you can save your time for things that matter. The CIS SOC runs continuous operations, so it’s around to monitor your endpoints even when your cybersecurity staff is not.

What’s more, the CIS SOC has one of the most complete data sets in the industry related to threats facing U.S. SLTT organizations, including non-public known threats. This means you receive protection from a service that’s specifically tailored to you.

CIS MDR ultimately consists of a solution that is deployed directly on your endpoint devices to help you identify, detect, respond to, and remediate security incidents and alerts. It includes various ways to protect endpoints, such as Next Generation Antivirus (NGAV), Endpoint Detection and Response (EDR), enterprise asset and software inventory, USB device monitoring, user account monitoring, and host-based firewall management. These capabilities can complement other security measures you already have in place.

By deploying CIS MDR directly on your workstations, servers, and other endpoints, you can use it to address threats that some of your other measures can’t. It does this by safeguarding your devices regardless of whether they’re connected to networks in offices, homes, coffee shops, or any other remote location.

Five‑Pronged Endpoint Security

Stop an Attack in Its Tracks

CIS MDR defends against cybersecurity threats by helping you actively mitigate and remediate malware affecting your devices. It can stop an attack in its tracks upon identifying a threat on one of your endpoints. CIS MDR doesn’t just block malicious activity; it can kill or quarantine files through the NGAV component. Want to learn more about CIS MDR? Check out our video below.

Block Threats You Don’t Even Know About

You can’t know every threat confronting your organization. The threat landscape is constantly changing, and you don’t have time to stay on top of every new threat. For adequate endpoint protection, you ultimately need to be able to block both known (signature-based) and unknown (behavioral-based) malicious activity.

Fortunately, CIS MDR can protect you against unknown threats like zero-day attacks by looking for and detecting unusual behavior on devices. In doing so, it takes the manual effort out of defending against new threats as they arise. This means more time and resources for other parts of your cybersecurity program.

Let’s remember what you’re up against. CTAs operate with increasing sophistication, using crypto-ransomware and other malware to bypass your cybersecurity measures.

Network-based cybersecurity measures can’t “see” encrypted traffic. But CIS MDR can. It can detect and defend against such traffic once it becomes decrypted at the endpoint.

Work with Trusted Cybersecurity Defensive Partners

Working with the 24x7x365 U.S.-based CIS SOC isn’t the only cybersecurity partner available through our MDR solution. Another is NGAV. A core capability of CIS MDR, this offering protects you against security issues before they develop into incidents.

Whatever your size or resources, you can use the various options within CIS MDR to
tailor a protection profile that meets your needs even if you’re on a limited cybersecurity
budget.

Additionally, you can use CIS MDR to request the assistance of the Cyber Incident Response Team (CIRT) under the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) when you experience a cybersecurity incident. Our CIRT analysts can reach directly into an affected system and conduct digital forensics remotely. They can then acquire evidence to uncover what happened and perform analysis to determine the root cause, the scope of the incident, attack methodologies, and other information that you can use to remediate the incident and prevent a similar one from occurring in the future.

Achieve Another Level of Vulnerability Management

CIS MDR can now be paired with MDR Spotlight to provide your security team greater visibility and management capabilities of vulnerabilities on endpoints across your environment. MDR Spotlight is a low-cost vulnerability management service that arms security teams with real-time assessment of vulnerability exposure on their endpoints through a scan-less, single lightweight agent.

Legacy vulnerability management tools are useful only to an extent. They require you to run a scan every time you want to find a vulnerability. If the scan uncovers a vulnerability, the tools only let you know where the issue resides. This puts the onus on you to maintain a regular vulnerability scanning schedule and to know how to fix a vulnerability when it arises.

None of this is the case with MDR Spotlight. It doesn’t rely on scheduled scans to spot vulnerabilities. Instead, it continuously monitors your systems and their data for vulnerabilities in real time. It then follows up by providing immediate protection against vulnerabilities. This makes it more difficult for CTAs to find and exploit known weaknesses in your systems, thus complicating their efforts to establish an initial foothold in your network.

Proactively Protect Your Mobile Devices

Your endpoint security strategy wouldn’t be complete without insight into your mobile devices. This is where MDR Mobile comes in. Available as a stand-alone option or an addon module, MDR Mobile™ helps to illuminate blind spots in your threat detection approach across your managed Android and iOS devices in real time. You can then use the intelligence yielded by MDR Mobile’s automated threat protection to quickly mitigate potential mobile threats.

MDR Mobile is designed with your users in mind. Its privacy-centric design supports your risk mitigation efforts without compromising user privacy. It also produces a net-zero impact on battery life and bandwidth usage, which means users don’t need to change the way they interact with or perform work-related functions on their managed devices.

Finally, MDR Mobile seamlessly integrates into your existing mobile device management (MDM) solution and features a zero-touch enrollment process, helping you to scale your mobile security program according to your needs.

Meet Your Endpoint Security Needs with CIS MDR

Endpoint security is a vital component of defending against sophisticated CTAs. Through CIS MDR, along with its additional MDR Spotlight and MDR Mobile capabilities, you can take advantage of a competitively priced, fully managed and monitored endpoint protection solution that is specifically tailored to meet the needs of organizations like yours and save your teams time.

Learn More about CIS MDR

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__atuvc	1 year 1 month	AddThis sets this cookie to ensure that the updated count is seen when one shares a page and returns to it, before the share count cache is updated.
__atuvs	30 minutes	AddThis sets this cookie to ensure that the updated count is seen when one shares a page and returns to it, before the share count cache is updated.

Cookie	Duration	Description
at-rand	never	AddThis sets this cookie to track page visits, sources of traffic and share counts.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
uvc	1 year 1 month	Set by addthis.com to determine the usage of addthis.com service.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
__gads	1 year 24 days	The __gads cookie, set by Google, is stored under DoubleClick domain and tracks the number of times users see an advert, measures the success of the campaign and calculates its revenue. This cookie can only be read from the domain they are set on and will not track any data while browsing through other sites.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
loc	1 year 1 month	AddThis sets this geolocation cookie to help understand the location of users who share the information.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
_mkto_trk	2 years	This cookie, provided by Marketo, has information (such as a unique user ID) that is used to track the user's site usage. The cookies set by Marketo are readable only by Marketo.

Cookie	Duration	Description
GoogleAdServingTest	session	No description
xtc	1 year 1 month	No description

Endpoint Security: The Key to Combatting Sophisticated CTAs

Protect All Devices Regardless of Their Network Connections

Five‑Pronged Endpoint Security

Meet Your Endpoint Security Needs with CIS MDR

Archives