4.4 Mitigation Techniques and Controls

Endpoint Security Configuration

There are many ways to exploit a system such as OS vulnerabilities, malware, and user inteventions.

Any application can be dangerous to the system. Using approved list can be a security measure which restricts what kind of applications can be run in the system. On the other hand, blocklist/deny list can be used to prevent an application from running.

Decisions made in the OS, applications can be run with a unique hash, allow digitally signed application from publishers, running certain applications in certain paths, applications can be run from specific network zone

Security Configurations

Mobile Device Manager (MDM)

Data Loss Prevention (DLP)

Content filter/URL filter - block known malicious sites, limit access to untrusted websites

Isolation - isolate a compromised device from everything else from the network

Containment - run each application in its own sandbox, limit interaction with the host OS and other apps

Segmentation - separating the network into segments, putting internet facing services into different segment than servers that are in private network