Celebrating Our 5-Star Rating from SC Magazine for EnCase Endpoint Security
Security | Sep 4, 2015Mitchell Bezzina
You can read the full review here, but here are a few of the highlights:
- "A unique forensic approach to endpoint security – effective especially when investigating an incident.”
- “If you are an EnCase shop already, do not hesitate to add this tool to your quiver. If not, give it a close look. It can tell you things about an attack that nothing else can.”
- “Everything is based on the observations of a kernel-level agent at the endpoint. This prevents an attacker or malware from obfuscating its activities.”
- “EnCase Endpoint Security plays very well with others. For example, it can exchange information with such organizations as Splunk, QRadar, FireEye, Palo Alto, Intel Security, Sourcefire and Cisco ThreatGrid. Agents can be managed using Intel Security's McAfee ePolicy Orchestrator.”
When used in conjunction with our Inside-Out Security Framework, EnCase Endpoint Security can help you move away from a traditional passive defense strategy that relies heavily on alert-monitor-block scenarios to “protect” your network, and move towards an active defense strategy. An active defense strategy enables security teams to understand the strengths, weaknesses, and use of their networks, then defend it from a position of knowledge. There is a great write-up by Rob Lee on active defense here, and if you're looking for a strategy to help get you there, try this high-level framework.
Have you been living and breathing inside-out security as a team? Have some best practices to share? Let us know in the comments section below.