Harden endpoint security - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-13
Category
Administrator Guide
Abstract

By hardening your endpoints with Cortex XDR agent, you can make these endpoints more secure and safer from attackers.

You can extend the security on your endpoints beyond the Cortex XDR agent built-in prevention capabilities to provide increased network security coverage within your organization. By leveraging existing mechanisms and added capabilities, the Cortex XDR agent can enforce additional protections on your endpoints to provide a comprehensive security posture.

From Endpoints Policy ManagementExtensionsProfiles, you can create profiles for the following hardened endpoint security capabilities.

The Extensions Profiles table lists the profile details per operating system. Profiles associated with one or more targets that are beyond your defined user scope are locked and cannot be edited.

Field

Description

Associated Targets

Targets associated with the profile

Created By

Administrative user who created the profile

Created Time

Date and time at which the profile was created

Description

Optional description entered by an administrator to describe the profile

Modification Time

Date and time at which the profile was modified

Modified By

Administrative user who modified the profile

Name

Name provided to identify the security profile

Platform

Platform type of the profile

Summary

Summary of profile configuration

Type

Profile type

Usage Count

Number of policy rules that use the profile

To apply the profiles, from EndpointsPolicy ManagementExtensionsPolicy Rules, you can view all the policy rules per operating system. Rules associated with one or more targets that are beyond your defined user scope are locked and cannot be edited.

The following table describes for each capability the supported platforms and minimal agent version. A dash (—) indicates the setting is not supported.

Caution

Hardened endpoint security capabilities are not supported for Android endpoints.

Module

Windows

Mac

Linux

Device Control

Protects endpoints from loading malicious files from USB-connected removable devices (CD-ROM, disk drives, floppy disks, and Windows portable devices drives).

Cortex XDR agent 7.0 and later

For VDI, Cortex XDR agent 7.3 and later

Cortex XDR agent 7.2 and later

Host Firewall

Protects endpoints from attacks originating in network communications to and from the endpoint.

Cortex XDR agent 7.1 and later

Cortex XDR agent 7.2 and later

Disk Encryption

Provides visibility into endpoints that encrypt their hard drives using BitLocker or FileVault.

Cortex XDR agent 7.1 and later

Cortex XDR agent 7.2 and later