Endpoint Security Basics Quiz

Created by

@FerventEuphoria9301

Study Notes

Endpoint devices are vulnerable to security threats as they contain sensitive data and have potential vulnerabilities.
Endpoint security threats include zero-day attacks, fileless malware, living off the land (LoTL) attacks, exploits, and ransomware.
Zero-day attacks and Advanced Persistent Threats (APTs) target new vulnerabilities and can evade traditional security measures.
Fileless malware operates in memory and avoids detection by hiding within trusted processes.
LoTL attacks utilize legitimate software like Microsoft Word or PowerShell for malicious actions.
Exploits target vulnerabilities in software applications, operating systems, and common productivity tools.
Microsoft IIS web server and Microsoft Office macros are common targets for exploits.
Ransomware encrypts files and demands payment for decryption keys.

WatchGuard Endpoint Security combines local signature-based technology, context-based behavioral analysis, and cloud-based processing for effective threat detection.
Anti-exploit protection feeds data about running processes to contextual detections, enhancing their effectiveness.
The Zero-Trust Application Service analyzes endpoints, users, data, applications, and cloud communications to classify running processes.
99.98% of processes are automatically classified, while the remaining 0.02% are manually reviewed by malware experts.
The Threat Hunting Service detects the unusual use of trusted applications and identifies living off the land attacks.
When a LoTL attack is detected, WatchGuard notifies users and provides information as Indicators of Attack (IOAs) in the dashboard.
Administrators can restrict application access, remove dangerous programs, and control network traffic to counter LoTL attacks.

The Status page provides a network security overview through dashboards and lists.
Dashboards offer insights into security status, web access, risks, Indicators of Attack, vulnerability assessments, endpoint access enforcement, and scheduled reports.
The Risk Trend tile shows the number and type of risks over selected time periods (last 7 days, last month, last year).
The Detected Risks tile displays the top risks found and affected computers, categorized by severity (Critical, High, Medium).
The Computers at Risk tile lists the 10 computers with the highest number of risks, showing the types and total number of risks.
The Indicators of Attack (IOA) dashboard (available in WatchGuard Advanced EPDR, EPDR, and EDR) provides visibility into Threat Hunting Services.
The Threat Hunting Service tile displays summary information about events, indicators, and IOAs, helping identify intrusion attempts.
The Evolution of Detections tile shows Indicators, Pending IOAs, and Archived IOAs over time.
The Scan Tasks page allows scheduling scan tasks for specific recipients, including frequency and retention settings.

Scan Type options include Entire Computer, Critical Areas (memory, boot system, cookies), and Specific Items (selected storage device).
Detect Viruses is always enabled and identifies malicious programs.
Detect Hacking Tools and PUPs finds potentially unwanted programs and hacker tools.
Detect Suspicious Files uses heuristic algorithms to enhance detection rates.
Scan Compressed Files decompresses compressed files for scanning.
Exclude the Following Files from Scans allows specifying file extensions and paths to exclude from scans.

Podcast