Comply with Confidence: Endpoint Central for NIS2

2(a) policies on risk analysis and information system security;

• Endpoint Central can leverage its endpoint security features such as Endpoint DLP, Browser security, Risk based Vulnerability and Patch management, Next- Gen Antivirus engine, Anti -Ransomware and mobile security capabilities.

• Endpoint Central also can restrict or manage peripheral devices accessing the information systems

2(b) incident handling;

• In case of a malware attack, Endpoint Central can alert the SOC team and IT admins and enable them to quarantine the system safely. After a thorough forensic analysis, the system can be brought back to production.

• Endpoint Central also guards enterprise endpoints against Ransomware and provides instant, non-erasable backup in case of a ransomware attack.

2(c) business continuity, such as backup management and disaster recovery, and crisis management;

• Endpoint Central can quarantine endpoints that exhibit suspicious behavior and, after a thorough forensic analysis, can be deployed back into production.

• Endpoint Central also provides instant, non-erasable backup of the files in your network every three hours by leveraging Microsoft's volume shadow copy service. If a file is infected with ransomware, it can be restored with the most recent backup copy of the file.

2(d) security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure;

• Endpoint Central provides comprehensive vulnerability management in terms of constant assessment and visibility of threats from a single console.
• Apart from vulnerability assessment, it also provides built-in remediation of the vulnerabilities detected.  
• It also provides risk-based vulnerability management so that admins can prioritize the vulnerabilities based on metrics like CVSS score, CVE impact type, Patch availability,  and much more.
• Endpoint Central comes handy for admins to configure Windows Firewall for the end-users.
• SecOps can do a port audit in their environment and reduce their attack surface to a great extent, in case of zero -day exploit using Endpoint Central.
• It enables secure browsing by enabling admins to enforce extensive threat protection configurations.
• Admins can Block / Restrict their end users from downloading files (which might contain malware) from malicious websites or perhaps, accessing them.
• It also has provisions for hardening web servers and fixing security misconfigurations.

2(e) policies and procedures to assess the effectiveness of cybersecurity risk-management measures;

• Endpoint Central is designed to meet governance, risk, and compliances (GRC)requirements of the enterprises. Its powerful reporting capabilities can be used for auditing purposes.
• Endpoint Central has a vulnerability age matrix and vulnerability severity summary, which can provide rich insights about the impact of patch implementation. Besides, Endpoint Central also provides comprehensive reports on vulnerable systems, missing patches, and patch compliance.
• A DPO Dashboard has rich insights on Bitlocker status, vulnerable system status, firewall status and much more.

2(f) basic cyber hygiene practices and cybersecurity training;

• Patching OS and apps regularly and ensuring high patch compliance

• Enforcing Certificate based device authentication, restrictions on screen capture, and prohibiting public Wi-fi connections.

• Data leakage prevention - Prevent uploading corporate data into public cloud, prevent copying data into the clipboard

• Containerizing Corporate and Personal data. Remote Wipes if the device gets stolen

• Bitlocker and FileVault encryption

• Security misconfigurations: Fix all the recommended solutions for misconfigurations and patch for critical vulnerabilities.

• Endpoint Central helps your organization comply with 75+ CIS benchmarks

• Set an Application Profile: Based on the employee's role, delineate the applications they can and cannot use, and reduce the attack surface by removing the local admin privilege.

• Role-based access control for peripheral devices: Allow, block, or configure a set of trusted devices to access your endpoints based on the end user's role in the organization.

2(g) policies and procedures regarding the use of cryptography and, where appropriate, encryption;

• Endpoint Central uses FIPS 140-2 compliant algorithms. Users can enable FIPS mode to run their IT on a highly secure environment.

• Endpoint Central can help admins to encrypt end-users Windows devices using its Bitlocker Management and Mac devices with FileVault encryption.

2(h) human resources security, access control policies and asset management;

• Endpoint Central has comprehensive Asset management capabilities for both hardware and software.  It can list the computers, hardware, software, and files stored in your network.

• Endpoint Central's MDM capabilities allows for listing complete details of mobiles in your organization.  

• Endpoint Central has extensive inventory reporting capability useful for audit and compliance purposes.

• Endpoint Central leverages the principle of least privilege and has a robust endpoint privilege management capability, providing for application specific privilege management and just-in-time access to the end users.  

• It has conditional access policies to validate authorised users to access business critical systems and data.

• For IT admins and security ops to access the Endpoint Central console, Endpoint Central provides with role-based access control and MFA.

(j) the use of multi-factor authentication or continuous authentication solutions, secured voice, video and text communications and secured emergency communication systems within the entity, where appropriate.

• Endpoint Central has text, voice, and video communication channels through which admins can contact the end-users to troubleshoot their devices in a secure manner

• Admins can schedule Announcements using Endpoint Central for announcing company-wide important IT updates.