Endpoint Protection focuses on securing all devices that connect to an organisation’s network, such as laptops, desktops, mobile devices, and other endpoints. This sector involves deploying security measures like antivirus software, endpoint detection and response (EDR) tools, firewalls, and ensuring that devices are properly configured and updated to protect them from malware, ransomware, and other cyber threats. By ensuring that endpoints are secured, businesses can significantly reduce the risk of attacks spreading throughout the network and maintain the integrity of their data.

———————————————————————————————————

Level 1 Certification

———————————————————————————————————

Measure 14.1: Install Antivirus Software on All Endpoints

Does your enterprise ensure that antivirus software is installed and regularly updated on all devices that access your network?
Example: Deploy basic antivirus software such as Windows Defender, Avast and AVG on all laptops, desktops, and mobile devices to protect against malware and viruses.

Measure 14.2: Enable Endpoint Firewalls

Does your enterprise ensure that endpoint firewalls are enabled on all devices?
Example: Enable built-in firewall features on operating systems, such as the Windows Firewall or macOS firewall, to block potentially harmful network traffic.

Measure 14.3: Ensure Regular Device Updates

Does your enterprise ensure that all devices are regularly updated to address vulnerabilities?
Example: Set all devices to automatically install operating system updates and patches to fix security holes and prevent exploits.

Measure 14.4: Use Strong Passwords and Encryption on Devices

Does your enterprise enforce the use of strong passwords and encrypt devices to protect sensitive data in case of theft or loss?
Example: Require employees to use strong passwords with multi-factor authentication (MFA) where possible, and enable device encryption to protect data in case of device theft.

———————————————————————————————————

Level 2 Certificaton

To achieve Level 2: Level 1 must also be achieved.

———————————————————————————————————

Measure 14.5: Deploy Endpoint Detection and Response (EDR) Tools

Does your enterprise deploy Endpoint Detection and Response (EDR) tools to monitor and respond to endpoint threats in real time?
Example: Use EDR tools such as CrowdStrike, Carbon Black or Sophos Intercept X to detect and respond to advanced threats that traditional antivirus software may miss.

Measure 14.6: Implement Device Control Policies for USB Devices

Does your enterprise enforce device control policies, such as limiting the use of USB devices, to prevent malware from spreading through removable media?
Example: Disable USB ports on endpoints or restrict access to only approved devices, preventing employees from connecting unapproved or potentially harmful external devices.

Measure 14.7: Enable Mobile Device Management

Does your enterprise implement Mobile Device Management (MDM) solutions to secure mobile devices used by employees?
Example: Use MDM solutions like VMware Workspace ONE or Microsoft Intune to enforce security policies, manage device configurations, and remotely wipe lost or stolen devices.

Measure 14.8: Conduct Regular Endpoint Security Audits

Does your enterprise conduct regular audits of endpoint security to identify vulnerabilities and ensure compliance with security policies?
Example: Schedule quarterly audits to check for outdated software, missing updates, or non-compliant security configurations on employee devices.

———————————————————————————————————

Level 3 Certificaton

To achieve Level 3: Level 2 and Level 1 must also be achieved.

———————————————————————————————————

Measure 14.9: Implement Advanced Threat Protection for Endpoints

Does your enterprise deploy advanced threat protection (ATP) for endpoints to detect sophisticated threats like zero-day exploits and ransomware?
Example: Use ATP solutions like Microsoft Defender for Endpoint to gain advanced protection and proactive threat hunting capabilities on all endpoints.

Measure 14.10: Automate Endpoint Security Management and Remediation

Does your enterprise automate endpoint security management, such as patching and remediation, to ensure consistent protection across all devices?
Example: Use automated patch management tools such as Ivanti or ManageEngine to ensure all endpoints are consistently updated with the latest security patches and that vulnerabilities are automatically remediated.

Measure 14.11: Enforce the Principle of Least Privilege

Does your enterprise enforce the principle of least privilege for all endpoint users, ensuring they have only the necessary access to systems and data?
Example: Implement least privilege access by using tools like Microsoft Active Directory and Windows Group Policies to restrict endpoint user permissions, ensuring that users cannot install or run unauthorised applications.

Measure 14.12: Implement Endpoint Isolation and Containment for Threats

Does your enterprise have capabilities to isolate and contain compromised endpoints to prevent the spread of malware or data breaches?
Example: Use network segmentation, endpoint isolation tools, or quarantine systems that can isolate infected devices and prevent them from accessing critical network resources until they are cleared.

Measure 14.13: Integrate Endpoint Protection with Centralised Security Operations

Does your enterprise integrate endpoint protection with your centralised Security Operations Centre (SOC) for real-time monitoring and incident response?
Example: Ensure that endpoint security tools like EDR are integrated with your SOC to enable faster detection, automated responses, and centralised management of security incidents across all devices.

Measure 14.14: Ensure Compliance with Endpoint Security Regulations

Does your enterprise ensure that endpoint security practices comply with industry-specific regulations and standards?
Example: Ensure endpoint security practices comply with frameworks like GDPR, PCI-DSS, and HIPAA, and conduct regular compliance assessments to meet regulatory requirements.
———————————————————————————————————