Endpoint Protector

Background

Every enterprise has devices or endpoints connected to the IT network and cybersecurity protections, such as laptops, mobiles, IoT devices, USBs, or cloud services like Google Drive, which contains sensitive information, personal data, or intellectual property. As more clients connect to your network, the endpoints become the target of potential infiltration by hackers, data leaks, data loss, and data theft. Furthermore, not all endpoint protections add a consistent layer of security to your network with default protections that are often inadequate against hackers. EndpointProtector is a client-server architecture-based data loss prevention (DLP) solution. The security administrators can access the EndpointProtector server through an interface, while the client is an application installed on your local computer and communicates to the EndpointProtector server. DLP solutions ensure data protection on your network by performing compliance scans to prevent compliance violations. EndpointProtector provides multiple deployment options across virtual appliances, cloud services, and SaaS applications, and seamlessly integrates with security tools like SIEM.

General Description

In today's threat landscape, the increase of data portability highlights the need for a defense-in-depth approach to create security layers within the organization before the data ends up in the wrong hands.

The EndpointProtector application for LogPoint SIEM allows you to monitor and identify threats in your organization using EndpointProtector data. LogPoint aggregates and normalizes the EndpointProtector logs so you can analyze the information through dashboards. EndpointProtector's dashboard provides visualization of event details for threat content, malicious devices or files, and suspicious login attempts detected in your network. The dashboard enables you to monitor the security status of your organization. You can customize the dashboards to suit your needs and perform in-depth analysis by adjusting the data and searches.

Release Details

 

Important Notice

You must activate the label package LP_EndPointProtector to apply specific labels and group similar logs together. You can find the steps to activate the label package on the Activating Labels Packages section of the LogPoint Data Integration Guide.

Package Details

The application consists of the following components:

1. Dashboard Package
   
   • LP_EndpointProtector 
2. Alert Packages
   
   • LP_Endpoint Protect Device Disconnect
   • LP_Endpoint Protect Multiple Failed Login Attempt
   • LP_Endpoint Protect File Copied To USB Device
   • LP_Endpoint Protect File Delete
   • LP_Endpoint Protect Threat Content Detected 
3. Normalization Package
   • LP_Endpoint Protector 
4. Label Package
   • LP_EndPointProtector 

Installation 

Follow these steps to install the EndpointProtector v5.0.0 application:

1. Download the EndpointProtector package from the Download section above.
2. Add EndpointProtector as a device in LogPoint.
3. Create a collection policy with the Syslog collector and the appropriate processing policy.
4. Assign the policy to the device.
5. Add the dashboard.

Screenshots - Sample Dashboard

 

Supported Device

Supported LogPoint versions work with the EndpointProtector application.

Log Format

Expected Log Format

EndPointProtector

Log Sample

<134>Jan 23 11:20:06 xxxxx EPP-1.1.1.1: EPP-IP - 1.1.1.1 - System Logs - Admin Action: [Administrator] xxxxx | [Section] User Authentication | [Action Type] SIGN IN | [Before] | [After] User Logging--|#012Username--|xxxxx#012Last Login--|2020-01-23 11:20:06#012Is super Admin--|Checked#012IP--|1.1.1.1 | [Date/Time(UTC)] 2020-01-23T11:20:06Z

Documentation

You can access the EndpointProtector v5.0.0 manual on the LogPoint Documentation Portal.

Support

If you have any queries or require assistance, please feel free to contact our support team:

Email:             servicedesk@logpoint.com

Phone:           +45 7060 6100

Best regards,