Endpoint Security capabilities in Endpoint Central: Breaking the silos between endpoint management and security
The major challenge of growing organizations, these days, are the increasing number of endpoints. With the steep increase in the endpoints, traditional anti-virus, file scanning, and security solutions are no match to the security loopholes that these devices pose to the network. In a study conducted by CISO MAG, close to 37% of the respondents didn't use any kind of endpoint protection solutions or were just in the process of evaluating potential security solutions. The same study had around 33% say that their biggest challenge with endpoint security solutions, lay in its complexity of deploying, managing, and using.
Multiple dashboards, agents, and complex security processes would more often cause confusion than help secure the network. To avoid the hassle involved with multiple security solutions, Endpoint Central - ManageEngine's unified endpoint management solution now comes with Endpoint Security features. Endpoint Central powered with the Endpoint Security features will handle the holistic security and management of all the managed endpoints in your network.
With this addition to Endpoint Central, you get the combined benefits of endpoint management and the five aspects of endpoint security namely: vulnerability management, browser security, device control, application control, and BitLocker management.
This document will elaborate on the features of the Endpoint Security. For other details, check out our FAQ page.
Visit this page to know about the security features supported in Endpoint Central Cloud.
Endpoint Central's endpoint security features
1. Vulnerability management and Compliance
Regularly scan all your managed endpoints for known vulnerabilities, threats, and default/poor misconfigurations to seal the entry points of cyber attacks with our thorough vulnerability assessment and mitigation features
- Vulnerability assessment: Identify and assess real risks from a plethora of vulnerabilities spread across your network
- Security configuration management: Keep track of configuration drifts and deploy secure configurations to eliminate security loopholes.
- CIS compliance: Audit and maintain your systems in line with 75+ CIS benchmarks, instantly identify violations, and view detailed remediation insights.
- Zero-day-vulnerability mitigation: Identify and mitigate zero-day vulnerabilities with pre-built, tested scripts.
- Web server hardening: Detect and remediate expired SSL, inappropriate web root directory access and other web server flaws.
- High-risk software audit: Analyse and uninstall software that are unsafe, unauthorized and unsupported by the vendor.
- Anti-virus audit: Get information on systems in which antivirus is absent, inactive, and not-up-to-date.
- Port audit: Monitor the ports in use and processes running in it, and identify unintended ports that may be activated by malware or unknown applications.
2. Browser security
Browsers are probably the most neglected endpoints and the most common entry points for malware. Monitor and enforce security measures on the browsers used in your organization with our inclusive set of features for browser security.
- Add-on control & management: Exercise control over installation and usage of browser extensions and plugins.
- Web filter: Control access to the internet by providing or denying access to specific sites.
- Download filter: Restrict file downloads from unauthorized websites and ensure secure browsing.
- Browser routing: Automatically direct legacy web-applications to legacy browsers when opened in modern browsers.
- Java Rules Manager: Assign specific Java versions to web-applications based on requirements.
- Browser customization: Manage bookmarks, set default browsers, configure policies to enhance browser security, and tailor browser settings to suit your Organizational requirements.
- Browser Lockdown: Enforce kiosk mode with IT approved websites and business web applications.
- Browser compliance: Discover computers' compliance status with security configurations and achieve 100% compliance.
3. Device control
Say goodbye to stray USBs in your network. Regulate, and restrict peripheral devices in your organization and closely monitor file transfer in and out of your network with our carefully curated features for device control.
- Device & port control: Control all ports and connected removable devices, block unauthorized access to your data and monitor all device & file actions effectively.
- File access control: Prevent data loss with strict role based access control policies - set read only permission, block copying of data from devices and do more.
- File transfer control: Curb unprecedented data transfers - limit file transfers by setting the maximum file size and type of file that can be transferred from your computer.
- Trusted device list: Create exclusive access for devices to access your computer by adding them to the trusted device list.
- Temporary access: Create secure and temporary access for devices to access your computers when they want to access what they want to access.
- File shadowing: Effectively secure files involved in data transfer operations by creating and storing mirror copies in password-protected shares.
- File tracing: Monitor file actions in real time, record salient details such as file names and locations along with the computers, devices and users involved.
4. BitLocker management
Enable data storage only in BitLocker encrypted devices in order to protect sensitive/corporate data from theft. Monitor BitLocker encryption and TPM status in all managed devices.
5. Application control
Unauthorized applications posing a risk to your organization's security and productivity? Use our comprehensive set of features to control applications by blocklisting, allowlisting, or handling unmanaged applications with ease.
- Application allowlisting: Create allowlists automatically by specifying your pre-requisites in the form of application control rules.
- Application blocklisting: Curb unproductivity and limit cyber attack risks by blocking non-business applications and malicious executables.
- Endpoint privilege management: Prevent privilege elevation attacks by assigning need-based application specific privileged access.
- Flexibility regulator: Regulate the level of flexibility preferred during the enforcement of application control policies.
- Just-in-time access: Handle interim user who needs by enabling temporary application and privileged access that are automatically revoked after a set period.
- Child process control: Create global policies that allow the exercise of control over the execution of the child process.
- Request access: Grant on-demand access to unmanaged applications requested by users.
6. Endpoint DLP
Protect your enterprise critical data from disclosure and theft by leveraging advanced data loss prevention strategies.
7. Next-Gen Antivirus
Secure your endpoints from malware intrusion
- Real-time AI-assisted malware detection: Embrace cutting-edge AI-driven malware detection that operates 24/7, delivering continuous protection against evolving threats.
- Comprehensive Incident Forensics: Access detailed reports that align with MITRE Tactics, Techniques, and Procedures (TTPs), offering in-depth insights into attack methods, pathways, and kill-chain analysis.
- Immediate Intrusion Mitigation: Swiftly neutralize intrusions to mitigate potential threats and minimize any harm to your systems.
- Effortless Device Isolation: Seamlessly isolate infected devices with minimal disruptions to your network's operations, ensuring business continuity.
- One-Click File Recovery: Easily restore compromised files to their original, pre-malware state with a simple click.
Note : Next-Gen Antivirus is currently available in Early Access and will not be a part of Security Edition.Learn more
What is Endpoint Security?
Endpoint security is the process of protecting the various endpoints or devices (such as desktop computers, laptops, smartphones, and tablets) that connect to a network or the internet. This includes protecting these endpoints from malware, viruses, spyware, and phishing attacks. Often endpoints are the weakest links in any organization's security infrastructure. Attackers can exploit vulnerabilities in endpoints to gain access to sensitive data, steal login credentials, or launch attacks against other parts of the network. Experts recommend employing an effective endpoint security measures to safeguard against these threats and prevent data loss and breaches. With Endpoint Central's wide range of Endpoint Security tools, you can protect your endpoints with vulnerability management, browser security, application control, anti-ransomware, endpoint DLP, intrusion detection and prevention systems, and bit locker management tools.