S.No
|
Category
|
Description
|
How Endpoint Central helps
|
|
1
|
Govern
Organizational Context (GV.OC)
The circumstances — mission, stakeholder expectations, dependencies, and legal, regulatory, and contractual requirements — surrounding the organization’s cybersecurity risk management decisions are understood.
|
GV.OC-01: The organizational mission is understood and informs cybersecurity risk management.
GV.OC-02: Internal and external stakeholders are understood, and their needs and expectations regarding cybersecurity risk management are understood and considered.
GV.OC-03: Legal, regulatory, and contractual requirements regarding cybersecurity — including privacy and civil liberties obligations — are understood and managed.
GV.OC-04: Critical objectives, capabilities, and services that external stakeholders depend on or expect from the organization are understood and communicated.
GV.OC-05: Outcomes, capabilities, and services that the organization depends on are understood and communicated.
|
Endpoint Central has comprehensive reporting capability. Apart from providing deep insights about endpoint estate, it can also be used for governance and auditing purposes.
For auditing critical computers having sensitive applications, User Logon reports can help admins track users' access to critical endpoints.
Endpoint Central also provides detailed audit reports containing access requests for popular blacklisted applications.
A DPO Dashboard has rich insights on Bitlocker status, vulnerable system status, firewall status and much more.
|
|
2
|
Govern
Risk Management Strategy (GV.RM)
The organization’s priorities, constraints, risk tolerance and appetite statements, and assumptions are established, communicated, and used to support operational risk decisions.
|
GV.RM-01: Risk management objectives are established and agreed to by organizational stakeholders.
GV.RM-02: Risk appetite and risk tolerance statements are established, communicated, and maintained.
GV.RM-03: Cybersecurity risk management activities and outcomes are included in enterprise risk management processes.
GV.RM-04: Strategic direction that describes appropriate risk response options is established and communicated.
GV.RM-05: Lines of communication across the organization are established for cybersecurity risks, including risks from suppliers and other third parties.
GV.RM-06: A standardized method for calculating, documenting, categorizing, and prioritizing cybersecurity risks is established and communicated.
GV.RM-07: Strategic opportunities (i.e., positive risks) are characterized and are included in organizational cybersecurity risk discussions.
|
Endpoint Central helps in simplifying the communication and alignment of cybersecurity risk strategies with organizational goals using its centralized management console.
|
|
3
|
Govern
Roles, Responsibilities, and Authorities (GV.RR)
Cybersecurity roles, responsibilities, and authorities to foster accountability, performance assessment, and continuous improvement are established and communicated.
|
GV.RR-01: Organizational leadership is responsible and accountable for cybersecurity risk and fosters a culture that is risk-aware, ethical, and continually improving.
GV.RR-02: Roles, responsibilities, and authorities related to cybersecurity risk management are established, communicated, understood, and enforced.
GV.RR-03: Adequate resources are allocated commensurate with the cybersecurity risk strategy, roles, responsibilities, and policies.
GV.RR-04: Cybersecurity is included in human resources practices.
|
For IT admins and security ops to access the Endpoint Central console, Endpoint Central provides role-based access control and MFA.
|
|
4
|
Govern
Policy (GV.PO)
Organizational cybersecurity policy is established, communicated, and enforced.
|
GV.PO-01: Policy for managing cybersecurity risks is established based on organizational context, cybersecurity strategy, and priorities and is communicated and enforced.
GV.PO-02: Policy for managing cybersecurity risks is reviewed, updated, communicated, and enforced to reflect changes in requirements, threats, technology, and organizational mission.
|
Endpoint Central leverages its endpoint security features such as Endpoint DLP, Browser security, Risk-based Vulnerability and Patch management, Next-Gen Antivirus engine, Anti-Ransomware, and mobile security capabilities.
Endpoint Central helps with basic cyber hygiene practices such as:
-
Patching OS and apps regularly and ensuring high patch compliance
-
Enforcing Certificate based device authentication, restrictions on screen capture, and prohibiting public Wi-fi connections.
-
Data leakage prevention - Prevent uploading corporate data into public cloud, prevent copying data into the clipboard.
-
Containerizing Corporate and Personal data. Remote Wipes if the device gets stolen.
-
Bitlocker and FileVault encryption.
-
Security misconfigurations: Fix all the recommended solutions for misconfigurations and patch for critical vulnerabilities.
-
Comply with 75+ CIS benchmarks
|
|
5
|
Govern
Oversight (GV.OV)
Results of organization-wide cybersecurity risk management activities and performance are used to inform, improve, and adjust the risk management strategy.
|
GV.OV-01: Cybersecurity risk management strategy outcomes are reviewed to inform and adjust strategy and direction.
GV.OV-02: The cybersecurity risk management strategy is reviewed and adjusted to ensure coverage of organizational requirements and risks.
GV.OV-03: Organizational cybersecurity risk management performance is evaluated and reviewed for adjustments needed.
|
Endpoint Central has a vulnerability age matrix and vulnerability severity summary, which can provide rich insights about the impact of patch implementation. Besides, Endpoint Central also provides comprehensive reports on vulnerable systems and missing patches in your IT.
For auditing critical computers having sensitive applications, User Logon reports can help admins track users' access to critical endpoints.
Endpoint Central also provides detailed audit reports containing access requests for popular blacklisted applications.
A DPO Dashboard has rich insights on Bitlocker status, vulnerable system status, firewall status and much more.
|
|
6
|
Identify
Asset Management (ID.AM)
Assets (e.g., data, hardware, software, systems, facilities, services, people) that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to organizational objectives and the organization’s risk strategy.
|
ID.AM-01: Physical devices and systems within the organization are inventoried.
ID.AM-02: Inventories of software, services, and systems managed by the organization are maintained.
ID.AM-03: Representations of the organization’s authorized network communication and internal and external network data flows are maintained.
ID.AM-04: Inventories of services provided by suppliers are maintained.
ID.AM-05: Assets are prioritized based on classification, criticality, resources, and impact on the mission.
ID.AM-07: Inventories of data and corresponding metadata for designated data types are maintained.
ID.AM-08: Systems, hardware, software, services, and data are managed throughout their life cycles.
|
Endpoint Central delivers powerful asset management capabilities for both hardware and software, offering a comprehensive inventory of computers, devices, installed hardware, software, and stored files across your network.
Its Mobile Device Management (MDM) feature enhances these capabilities by providing detailed visibility into all mobile devices within your organization.
With advanced inventory reporting, Endpoint Central streamlines audit preparation and ensures adherence to industry compliance standards.
Endpoint Central agent scans the network periodically to fetch the installed software details.
Endpoint Central automates the entire lifecycle management of digital assets from deployment to decommissioning with real-time asset tracking, automated patch management, and compliance audits.
|
|
7
|
Identify
Risk Assessment (ID.RA):
The cybersecurity risk to the organization, assets, and individuals is understood by the organization.
|
ID.RA-01: Vulnerabilities in assets are identified, validated, and recorded.
ID.RA-02: Cyber threat intelligence is received from information sharing forums and sources.
ID.RA-03: Internal and external threats to the organization are identified and recorded.
ID.RA-04: Potential impacts and likelihoods of threats exploiting vulnerabilities are identified and recorded.
ID.RA-05: Threats, vulnerabilities, likelihoods, and impacts are used to understand inherent risk and inform risk response prioritization.
ID.RA-06: Risk responses are chosen, prioritized, planned, tracked, and communicated.
ID.RA-07: Changes and exceptions are managed, assessed for risk impact, recorded, and tracked.
ID.RA-08: Processes for receiving, analyzing, and responding to vulnerability disclosures are established.
ID.RA-09: The authenticity and integrity of hardware and software are assessed prior to acquisition and use.
ID.RA-10: Critical suppliers are assessed prior to acquisition.
|
Endpoint Central delivers robust vulnerability management by offering continuous assessment and comprehensive visibility of threats through a centralized console. Beyond vulnerability assessment, it also includes built-in tools for remediating detected vulnerabilities.
It also serves as a unified platform for IT operations and security teams to manage efficiently and secure endpoints. With role-based access control, security tasks within the IT environment can be delegated to dedicated security specialists, ensuring streamlined and focused management.
For information systems, Endpoint Central enables risk-based vulnerability management, allowing administrators to prioritize vulnerabilities using metrics such as CVSS scores, CVE impact types, patch availability, and more.
Endpoint Central helps in identifying all the assets in the network and performs agent-based scans periodically to uncover emerging vulnerabilities, network misconfigurations, high-risk software, active ports, and more.
Endpoint Central scans the assets in your networks to identify OS, third-party applications, and zero-day vulnerabilities and helps you understand the impact of the threats through the severity ranking dashboard.
Endpoint Central scans the network assets to detect OS vulnerabilities, third-party applications, and zero-day threats. It also assesses the potential impact using the severity ranking dashboard.
|
|
8
|
Identify
Improvement (ID.IM):
Improvements to organizational cybersecurity risk management processes, procedures and activities are identified across all CSF Functions.
|
ID.IM-01: Improvements are identified from evaluations.
ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties.
ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities.
ID.IM-04: Incident response plans and other cybersecurity plans that affect operations are established, communicated, maintained, and improved.
|
Endpoint Central helps in continuously assessing cybersecurity posture and simplify compliance evaluations using automated compliance reporting capabilities.
Endpoint Central also can help comply with 75+ CIS benchmarks
|
|
9
|
Identify
Identity Management, Authentication, and Access Control (PR.AA): Access to physical and logical assets is limited to authorized users, services, and hardware and managed commensurate with the assessed risk of unauthorized access.
|
PR.AA-01: Identities and credentials for authorized users, services, and hardware are managed by the organization.
PR.AA-02: Identities are proofed and bound to credentials based on the context of interactions.
PR.AA-03: Users, services, and hardware are authenticated.
PR.AA-04: Identity assertions are protected, conveyed, and verified.
PR.AA-05: Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties.
PR.AA-06: Physical access to assets is managed, monitored, and enforced commensurate with risk.
|
Endpoint Central leverages conditional access policies to validate authorized users to access business critical systems and data
Endpoint Central leverages the principle of least privilege and has a robust endpoint privilege management capability, providing for application specific privilege management and just-in-time access to the end users.
|
|
10
|
Protect
Data Security (PR.DS):
Data are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.
|
PR.DS-01: The confidentiality, integrity, and availability of data-at-rest are protected.
PR.DS-02: The confidentiality, integrity, and availability of data-in-transit are protected.
PR.DS-10: The confidentiality, integrity, and availability of data-in-use are protected.
PR.DS-11: Backups of data are created, protected, maintained, and tested.
|
Endpoint Central offers advanced data leakage prevention capabilities, enabling the detection and classification of personally identifiable information (PII). It provides complete control over data flow within your IT environment by allowing administrators to configure policies for data transfers through cloud services and peripheral devices.
With its BYOD policies, Endpoint Central ensures a clear separation between personal and corporate data on end-user devices, maintaining privacy and security.
It can block the transfer of sensitive information via unauthorized USB devices. It can also control the download and printing limit for trusted devices.
Endpoint Central can help admins to encrypt end-users Windows devices using its Bitlocker Management and Mac devices with FileVault encryption.
|
|
11
|
Protect
Platform Security (PR.PS):
The hardware, software (e.g., firmware, operating systems, applications), and services of physical and virtual platforms are managed consistent with the organization’s risk strategy to protect their confidentiality, integrity, and availability.
|
PR.PS-01: Configuration management practices are established and applied.
PR.PS-02: Software is maintained, replaced, and removed commensurate with risk.
PR.PS-03: Hardware is maintained, replaced, and removed commensurate with risk.
PR.PS-04: Log records are generated and made available for continuous monitoring.
PR.PS-05: Installation and execution of unauthorized software are prevented.
PR.PS-06: Secure software development practices are integrated, and their performance is monitored throughout the software development life cycle.
|
Endpoint Central helps in centralizing and managing user-based and computer-based configurations for improved efficiency.
Endpoint Central helps discover all installed applications and executables, and categorizes them as authorized or unauthorized based on the application control filter (blocklist/ allow-list) set by the admin.
It also helps maintain full visibility with a comprehensive inventory of all managed endpoints in the network.
Endpoint Central can blocklist or allow-list applications and stand-alone EXEs to prevent unauthorized application usage.
|
|
12
|
Protect
Technology Infrastructure Resilience (PR.IR):
Security architectures are managed with the organization’s risk strategy to protect asset confidentiality, integrity, and availability, and organizational resilience
|
PR.IR-01: Networks and environments are protected from unauthorized logical access and usage.
PR.IR-02: The organization’s technology assets are protected from environmental threats.
PR.IR-03: Mechanisms are implemented to achieve resilience requirements in normal and adverse situations.
PR.IR-04: Adequate resource capacity to ensure availability is maintained.
|
Endpoint Central regulates user permissions and strict access control policies to ensure only authorized individuals and devices can connect to your network.
Endpoint Central has Failover server capability (available as an add-on) and can be brought into action, in case if the primary server
|
|
13
|
Detect
Continuous Monitoring (DE.CM):
Assets are monitored to find anomalies, indicators of compromise, and other potentially adverse events.
|
DE.CM-01: Networks and network services are monitored to find potentially adverse events.
DE.CM-02: The physical environment is monitored to find potentially adverse events.
DE.CM-03: Personnel activity and technology usage are monitored to find potentially adverse events.
DE.CM-06: External service provider activities and services are monitored to find potentially adverse events.
DE.CM-09: Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events.
|
Endpoint Central leverages AI-driven behavior-based detection and advanced deep-learning antivirus to safeguard against both online and offline malware threats.
Endpoint Central limits cyberattacks by blocking non-business applications and malicious executables.
|
|
14
|
Detect
Adverse Event Analysis (DE.AE):
Anomalies, indicators of compromise, and other potentially adverse events are analyzed to characterize the events and detect cybersecurity incidents.
|
DE.AE-02: Potentially adverse events are analyzed to better understand associated activities.
DE.AE-03: Information is correlated from multiple sources.
DE.AE-04: The estimated impact and scope of adverse events are understood.
DE.AE-06: Information on adverse events is provided to authorized staff and tools.
DE.AE-07: Cyber threat intelligence and other contextual information are integrated into the analysis.
DE.AE-08: Incidents are declared when adverse events meet the defined incident criteria.
|
Endpoint Central delivers real-time alerts for suspicious activity, security incidents, and potential threats on managed endpoints.
Endpoint Central helps automate workflows to initiate incident response procedures, notify security teams, and escalate critical events.
|
|
15
|
Respond
Incident Management (RS.MA):
Responses to detected cybersecurity incidents are managed.
|
RS.MA-01: The incident response plan is executed in coordination with relevant third parties once an incident is declared.
RS.MA-02: Incident reports are triaged and validated.
RS.MA-03: Incidents are categorized and prioritized.
RS.MA-04: Incidents are escalated or elevated as needed.
RS.MA-05: The criteria for initiating incident recovery are applied.
|
Endpoint Central helps automate workflows to initiate incident response procedures, notify security teams, and escalate critical events.
In case of a suspicious event recorded into you IT network, following details will be sent to your Network Administrator/ SOC team
Attack Details:
- Detection Time -
- Reported Time -
- Attack Status -
- Agent Action -
- Attack Criticality - Low/ Medium/High
- Detection Source -
- Behaviour Engine
- Image Path -
- Process Name -
- SHA256 -
- Command -
Endpoint Details:
- Endpoint Name -
- Domain Name -
- Endpoint Status -
- Endpoint Version -
- Activated Time -
- Last Contact Time -
|
|
16
|
Respond
Incident Analysis (RS.AN):
Investigations are conducted to ensure effective response and support forensics and recovery activities
|
RS.AN-03: Analysis is performed to establish what has taken place during an incident and the root cause of the incident.
RS.AN-06: Actions performed during an investigation are recorded, and the records’ integrity and provenance are preserved.
RS.AN-07: Incident data and metadata are collected, and their integrity and provenance are preserved.
RS.AN-08: An incident’s magnitude is estimated and validated.
|
Endpoint Central's Next Gen Antivirus helps SOC team with incident forensics.
|
|
17
|
Respond
Incident Mitigation (RS.MI):
Activities are performed to prevent expansion of an event and mitigate its effects.
|
RS.MI-01: Incidents are contained .
RS.MI-02: Incidents are eradicated.
|
If the next gen antivirus engine detects a suspicious behavior in endpoints, it can quarantine those endpoints and, after a thorough forensic analysis, can be deployed back into production.
Endpoint Central also provides instant, non-erasable backup of the files in your network every three hours by leveraging Microsoft's volume shadow copy service.
If a file is infected with ransomware, it can be restored with the most recent backup copy of the file.
|
|
18
|
Recover
Incident Recovery Plan Execution (RC.RP):
Restoration activities are performed to ensure operational availability of systems and services affected by cybersecurity incidents.
|
RC.RP-01: The recovery portion of the incident
response plan is executed once initiated from the
incident response process
RC.RP-02: Recovery actions are selected, scoped, prioritized, and performed.
RC.RP-03: The integrity of backups and other restoration assets is verified before using them for restoration.
RC.RP-04: Critical mission functions and cybersecurity risk management are considered to establish post-incident operational norms.
RC.RP-05: The integrity of restored assets is verified, systems and services are restored, and normal operating status is confirmed.
RC.RP-06: The end of incident recovery is declared based on criteria, and incident- related documentation is completed.
|
If the next gen antivirus engine detects a suspicious behavior in endpoints, it can quarantine those endpoints and, after a thorough forensic analysis, can be deployed back into production.
Endpoint Central also provides instant, non-erasable backup of the files in your network every three hours by leveraging Microsoft's volume shadow copy service.
If a file is infected with ransomware, it can be restored with the most recent backup copy of the file.
|
