End point protection platform
Case Study #1: Technology & Product Review for Endpoint Protection Solutions
Case Scenario:
Sifers-Grayson (the “client”) has requested that your company research and recommend an Endpoint Protection Platform, which will provide endpoint protection for the Apple MacBook laptop computers used by some of its employees. The MacBooks are bring your own device (BYOD) computers which some employees use to access company networks and servers while teleworking or working remotely (e.g. at the test range). The company has decided that, for now, it will continue to allow these devices on its networks but, an approved Endpoint Protection Platform must be used to manage the security of these devices.
The client wants an Endpoint Protection product that works with MacBooks (Apple OSX), is easy to use, and automatically updates itself (patches and virus definition files). The “automatic” updates could be a problem since some of the MacBooks are rarely connected to the company’s networks. This is especially true for employees who use an intermittent cellular connection to access the company’s networks while visiting customers or working at the engineering test range.
Research:
1. Review the Week 1 readings.
2. Using one of the product lists provided in Week 1, select a product that works on MacBooks. Research your chosen product using product information sheets (from the vendor’s website).
3. Find three or more additional sources which provide (a) product evaluations or reviews for your chosen product or (b) general information about Endpoint Protection Platforms.
Note: Since your client is a contractor to the US Government, you should be careful as to the reputation and nationality of the vendor you select. For example, Kaspersky AV products no longer have approval for installation on US Government networks due to sanctions against its home nation (See Department of Homeland Security Binding Operational Directive 17-01 https://cyber.dhs.gov/assets/report/bod-17-01.pdf). For this reason you may NOT use a Kaspersky-branded product for this assignment.
Homework help – Write:
Homework help – Write a 3 page summary of your research (“briefing paper”). At a minimum, your summary must include the following:
1. An introduction or overview for the security technology category (Endpoint Protection Platforms)
2. A review of the features, capabilities, and deficiencies for your selected vendor and product Make certain that you are reviewing the Apple MacBook version of the product.
3. Assignment help – Discussion of how the selected product could be used by your client to support its cybersecurity objectives by reducing risk, increasing resistance to threats/attacks, decreasing vulnerabilities, etc.
4. A closing section in which you restate your recommendation for a product (include the three most important benefits).
As you write your review, make sure that you address security issues using standard cybersecurity terminology (e.g. protection, detection, prevention, “governance,” confidentiality, integrity, availability, nonrepudiation, assurance, etc.). See the ISACA glossary https://www.isaca.org/pages/glossary.aspx if you need a refresher on acceptable terms and definitions.
An endpoint protection platform is a set of security solution tools that secure endpoint devices. The platform combines the security features such as intrusion prevention, antivirus, firewall and antiviruses among other protection solutions. The platform also covers the whole devices spectrum from standard workstation such as laptops and PCs to mobile devices such as tablets and smartphones (Balupari et al.2014). The endpoint protection platform protects devices in the IT environment. Endpoint protection solution is essential in teleworking or remote working environs. The employees are allowed to connect their devices to the company’s network hence the need for protection to prevent attacks and malfunctions. The paper presented will focus on the endpoint solution for Sifers-Grayson Company that seeks protection for their Apple MacBook devices. The company allows the employees to come up with their own devices to connect to the company’s network (Bhargava and Reese,2015). Therefore, the company needs a platform that can be used to manage the security of these devices. Also, the company requires the endpoint protection product to update itself automatically.
The best endpoint solution the MacBook OS is the MacAfee Endpoint Security. MacAfee security entails updated capacity and capabilities to tackle current network security challenges. For example, previously produced antivirus scanned individual files for threat solutions whereas recent antiviruses like McAfee involves speed and efficiency to counter malware threats in vast environs by examining only the items that it needs to scan. Also, McAfee allows the scanning to be efficient without requiring the configuration changes in the product. Moreover, what makes MacAfee the appropriate choice is because the anti-virus has been tested by third-party organizations such as the AV comparatives and the AV-TEST.org hence ensuring safety testing and high quality (Bhargava and Reese,2015).
The MacAfee endpoint security is qualified for the Mac OS because of its flexible scanning capabilities. MacAfee endpoint security performs on demand full scans as well as zero impact scanning that scans the system when it’s idle. The zero impact scanning entails acting when the system is on the inactive state by watching the presentation mode or the disk utilization. After three determining the system is idle, the endpoint security scans the computer. However, when the user starts using the system the scanning halts immediately to resume when the system is idle again (Chen and Gladstone,2012). The threat prevention module performs various scanning scopes such as on-demand scan, scheduled scans and idle scans that cover both the full scans and the quick scans. The timing depends on the preference settings of the users hence the scans can be default enabled, or they can be scheduled. For example (Balupari et al.2014), the scanning can be scheduled for 10am, but when the user is active on the computer, the full scan will immediately pause. And resume when the computer is idle again. Selecting the Scan Anytime option will enable the network to scan the computer at the time chosen until completion (Jackson,2008). Also, the opportunity to scan the computer when idle can be applied on laptops and desktops because these appliances can be intermittently idle throughout the day. The scan anytime option can be used to the servers because they do not usually enter the idle state.
The threat prevention module is the best choice because it provides and exploits a broader range of coverage against exploitation and vulnerabilities. The security focuses on content-based protection hence maximizing its prevention capabilities. The Sifers-Grayson company seeks an endpoint solution that automatically updates itself through patches and virus definition files. The MacAfee security is the best option because it is updated monthly hence providing flexibility in the patches application as well as protecting against zero-day exploits. The client will benefit through the interface that is touch-friendly, therefore, catering to users’ needs.Through the features such as the standard access, the clients can perform essential functions without accessing the configuration settings (Balupari et al.2014). The setup is most appropriate for desk administrators because it only requires a password to alter the configuration settings thus the client can access the settings in case of troubleshooting issues. The interface also has an option where the client is allowed access to the client interface without the need to enter a password, therefore, allowing the client to edit the settings in a self-managed system. The prevention module also scans the files acquired from the web hence allowing safe browsing for a wide range of clients. However, the threat prevention and web control must be installed in the system to enable the use of this feature.
The MacAfee security is the most appropriate module because it contains all the components that can reduce threats and attacks in the client’s as well as the organization’s interface (Bhargava and Reese,2015). The platform is flexible in its configurations hence promoting ease of use. The company allows its employees to bring their own devices thus the selected endpoint security is convenient because it provides enhanced preventions through the Access Protection capabilities. The module presents a flexible interface for administrators through various firewall modules integrated into the interface. The modules work together to cater for the client interface protection, self-protection, logging and scheduler which provides an overall enhanced experience that can serve a wide range of employees. The Sifers-Grayson will hugely benefit from the MacAfee endpoint security it offers an advanced endpoint defense while establishing operational simplicity for the diverse environment. Besides, the module is most appropriate to tackle core threats through firewall, essential anti-virus and web control during communication.
References
Bhargava, R., & Reese, D. P. (2015). U.S. Patent No. 8,938,800. Washington, DC: U.S. Patent and Trademark Office.
Balupari, R., Mahadik, V., Madhusudan, B., & Shah, C. H. (2014). U.S. Patent No. 8,677,487. Washington, DC: U.S. Patent and Trademark Office.
Jackson, G. M. (2008). U.S. Patent No. 7,458,094. Washington, DC: U.S. Patent and Trademark Office.
Chen, Y., & Gladstone, P. J. (2012). U.S. Patent Application No. 12/879,925.
