Endpoint Protection Advice



  • I've been asked to review our current endpoint security process for potential improvement and figured I would check here to see what general opinion is of what is happening here currently.

    We use OpenDNS for traffic filtering and Vipre End Point Security for AV.

    Windows updates are run regularly, systems are a mix of 7 and 10, this part is a bit more hands on than I would like.

    Installed programs are kept up to date via Vipre. I know there are alternate solutions that may work as well or better such PDQ Deploy.

    Potential changes are prompted in part by Vipre throwing a number of what appear to be false positives. We see a handful of these now and again and typically few to no actual infections, possibly this is a good sign? There is some concern that things are being missed.

    We also use KnowBe4 as an educational tool to reduce problematic user behavior. This seems to have been pretty effective.

    I am seriously considering adding software white list(s) deployed via GPO to the mix.

    Any recommendations for additions, replacements, updates or removal from the tool box appreciated. Feel free to request more info if you feel I am missing detail. Thanks!



  • We ran Vipre for years, but it's effectiveness seemed to suffer when they were sold to GFI. FWIW, we switched to Webroot several years ago and have been satisfied with it.



  • They keep drinking the Cisco juice around here. We have Cisco AMP on desktops and servers.



  • Another vote for Webroot here.


  • Service Provider

    Webroot has been good. We went there after Vipre.



  • @scottalanmiller said in Endpoint Protection Advice:

    Webroot has been good. We went there after Vipre.

    Oh Vipre...



  • @ndc said in Endpoint Protection Advice:

    I am seriously considering adding software white list(s) deployed via GPO to the mix.

    Good luck with the pain.



  • @dashrender said in Endpoint Protection Advice:

    @ndc said in Endpoint Protection Advice:

    I am seriously considering adding software white list(s) deployed via GPO to the mix.

    Good luck with the pain.

    Which pain? Implementation, upkeep? Is it not worth the trouble in your experience?



  • @ndc said in Endpoint Protection Advice:

    @dashrender said in Endpoint Protection Advice:

    @ndc said in Endpoint Protection Advice:

    I am seriously considering adding software white list(s) deployed via GPO to the mix.

    Good luck with the pain.

    Which pain? Implementation, upkeep? Is it not worth the trouble in your experience?

    Nope, not worth the trouble. Windows has so many things you have to white list it's insane. Also, when things are updated, you have to update the list, because, at least the time I tried it, it used a hash to know what you were allowing, and updated exes have new hashes. If you simply allowed exe's by a specific name to be run, then clever users/hackers could easily bypass your whitelisting by renaming their exes to say chrome.exe - ta da, malware works like a champ.



  • I have deployed Webroot, Malwarebytes, Kaspersky and Avast and out of them Webroot is the most customizable of them all and easier to manage through the Web Dashboard.



  • I was thinking about deploying applocker as I migrate toe Windows 10 Ent. Is anyone using whiteltisting, successfully? What about 3rd party application?


Log in to reply
 

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.