

THE ROOT GROUP NEWSLETTER
August 2020
Endpoint Protection Automation – Intune, SCCM and others
Endpoint protection and management is critical for protecting machines in any organization. Everything from servers to employee laptops and mobile phones have vulnerabilities that can put an organization at risk.
Many of these risks can be reduced or eliminated by simple policies as well as by keeping software updated. There are a variety of products that can assist with these tasks and all have very common features. We highlight MS Intune and End Point Manager below but can help with other platforms as we have more than 6 years of experience in environments as large as 500 servers and 2,000 endpoints.
Microsoft includes Intune (device management) licensing for customers with specific subscription levels. Intune is an excellent tool for setting policies and restrictions that can help keep environments at a lower risk exposure. Admins have the ability to set compliance, configuration, and security polices for enrolled devices. These include many options such as requirements for password strength, all the way to installing certificates and profiles to connect to company WIFI.
Microsoft Endpoint Manager, better known as SCCM, is a tool that can be used independently or in addition to other products, such as Intune. SCCM is a tool specifically developed to assist with the deployment of updates and patches. Anything from OS updates to custom application packages can be created and deployed to systems in the environment. One of the most useful aspects of SCCM is the ability to create device collections which allows admins to have specific installations targeted to specific groups of machines and also different reboot behavior. This is useful when managing many different computer groups, such as HR laptops, Accounting desktops, and server environments, all of which use different applications and have different OS and patch configuration requirements.
SIEM, SOAR, SOC – What makes SENSE for you
As security threats become more sophisticated and widespread, organizations struggle to not only find staff that can understand and manage them, but also struggle to choose the appropriate tools that detect, analyze and react to the vast array of threat vectors. SIEM (Security Incident and Event Management) tools are often expensive, require high level engineering expertise and need constant tuning. SOAR (Security Orchestration, Automation and Response) tools are really intended to help manage the tool and alert sprawl associated with large enterprises and Managed Security Providers. A service that may be worth a look is SOCaaS (Security Operations Center as a Service). This service gives you the staff coverage and expertise along with industrial strength security tools, like SIEM, at a fraction of the cost that it would take for you to build and manage on your own. SOCaaS have been available from 3rd party sources and are now being offered by security vendors such as Fortinet, Palo Alto and Check Point. Let us know if you have interest in this area and we can help you evaluate what would make sense for your organization.