Hardened Endpoint Security - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-07-16
Last date published
2024-12-04
Category
Administrator Guide
Abstract

By hardening your endpoints with Cortex XDR you can make these endpoints more secure and safer from attackers.

Cortex XSIAM enables you to extend the security on your endpoints beyond the Cortex XDR agent built-in prevention capabilities to provide increased coverage of network security within your organization. By leveraging existing mechanisms and added capabilities, the Cortex XDR agent can enforce additional protections on your endpoints to provide a comprehensive security posture.

From Endpoints Policy ManagementExtensionsProfiles, you can create profiles for the following hardened endpoint security capabilities.

The Extensions Profiles table lists the profile details per operating system. Profiles associated with one or more targets that are beyond your defined user scope are locked and cannot be edited.

Field

Description

Associated Targets

The targets associated with the profile.

Created By

Administrative user who created the profile.

Created Time

Date and time at which the profile was created.

Description

Optional description entered by an administrator to describe the profile.

Modification Time

Date and time at which the profile was modified.

Modified By

Administrative user who modified the profile.

Name

Name provided to identify the security profile.

Platform

Platform type of the profile.

Summary

Summary of profile configuration.

Type

Profile type.

Usage Count

Number of policy rules that use the profile.

To apply the profiles, from EndpointsPolicy ManagementExtensionsPolicy Rules, you can view all the policy rules per operating system. Rules associated with one or more targets that are beyond your defined user scope are locked and cannot be edited.

The following table describes for each capability the supported platforms and minimal agent version. A dash (—) indicates the setting is not supported.

Caution

Hardened endpoint security capabilities are not supported for Android endpoints.

Module

Windows

Mac

Linux

Device Control

Protects endpoints from loading malicious files from USB-connected removable devices (CD-ROM, disk drives, floppy disks, and Windows portable devices drives).

check-mark.png

Cortex XDR agent 7.0 and later

For VDI, Cortex XDR agent 7.3 and later

check-mark.png

Cortex XDR agent 7.2 and later

Host Firewall

Protects endpoints from attacks originating in network communications to and from the endpoint.

check-mark.png

Cortex XDR agent 7.1 and later

check-mark.png

Cortex XDR agent 7.2 and later

Disk Encryption

Provides visibility into endpoints that encrypt their hard drives using BitLocker or FileVault.

check-mark.png

Cortex XDR agent 7.1 and later

check-mark.png

Cortex XDR agent 7.2 and later

Host Inventory

Provides full visibility into the business and IT operational data on all your endpoints.

check-mark.png

Cortex XDR agent 7.1 and later

check-mark.png

Cortex XDR agent 7.1 and later

check-mark.png

Cortex XDR agent 7.1 and later

Vulnerability Assessment

Identifies and quantifies the security vulnerabilities (CVEs) that exist for applications installed on your endpoints.

check-mark.png

Cortex XDR agent 7.1 and later

check-mark.png

Cortex XDR agent 7.1 and later