“We’re seeing endpoint detection and response tools give more context around alerts. As the tools become more effective and precise, they can take more action. Essentially, endpoint security is automatic.”
The endpoint protection software DISA currently employs utilizes capabilities such as cyberhygiene reporting and risk scoring to help monitor and protect DOD networks.
“Having a commercial endpoint security solution provides us with situational awareness of what malicious activities are going on in our network on a daily basis so we can respond accordingly,” Phan says.
“It’s important for us to have situational awareness for who and what is connected to the DOD network, so we can identify that an endpoint is authorized to be on a component’s network and that it’s managed.”
DISA-supported agencies are also utilizing some of the security features in Windows 10. In 2015, well before the deadline for DOD’s migration to Windows 10, DISA and the National Security Agency established a Windows Secure Host Baseline, which included Windows 10 and its security features, plus additional secure preconfigured applications for uniformity.
“The majority of endpoints in the DOD are using Windows operating systems,” Phan says.
“Deploying a framework helps us maintain protection and establishes a baseline for the department so we know if something happens, we can react in a timely and appropriate manner.”
MORE FROM FEDTECH: Find out how file integrity monitoring can help feds improve cybersecurity.
Agencies Can Simplify Mobile Device Management
In March 2018, the Transportation Security Administration awarded McAfee a contract to provide cloud-enabled endpoint defense and threat response capabilities through its Endpoint Security, Active Response, Threat Intelligence Exchange, Server Security Suite and Advanced Threat Defense products.
McAfee states that the capabilities will let TSA “integrate and facilitate communication between more than 70 solutions from different vendors.”
Streamlining security operations in this way is valuable; having one endpoint security agent can help agencies avoid the amount of overhead required when using multiple tools, Sherman says.
It can also help facilitate efforts to ensure devices are patched against publicly known security vulnerabilities and are running the most current operating system.
That’s the most important defense against mobile device security threats, according to the Department of Homeland Security’s Study on Mobile Device Security, published in 2017.
“High-level endpoint security is focused on threat prevention, detection and response,” Sherman says. “Suites on the market automate actions between those three things in ways that allow them to seamlessly work in concert; the outcome is, you’re protected against file-based attacks involving portable executables and generally against exploits.”