Runs on the actual app/OS (used to be a separate tool) as part of the "Endpoint Protection"; doesn't have to deal with encryption across the network, runs on desktop
. Reviewing logs of malicious activity and what specifically was removed
. SFC command line in Windows; looks at OS system files for integrity or corrupted files and fixes them, then provides a log file
. Firewall running on the device that will prevent unauthorized software from getting out to the network; required on mobile devices now and restricts by app and port number
. Only allows specific applicatons to run; can use an application hash or perhaps only allow software with signed certficates or from only certain IPs, etc; logs are provided
. USB drives can introduce malware or users can extract data with USB drives - so Windows event log will show what was written to these drives
. Records all of the updates that have been done to your computer (think Windows System Updates logs)
. All in one device that provides many different security functionalities and can act as a router and switch, firewall, VPN endpoint, anti-malware device, etc
. Log of sensitive or specific proprietary or PII information sent out
. Lives in the CPU and is a part of memory that will not allow execution of programs in certain parts of memory, and if malware tries, it flags it; must be supported by the OS
. Monitors activity between web applications (http and https) and looks for things trying to get in, like SQL injections, etc; used a lot in the credit card payment industry
.
|