An area of concern I have had for a long time are corporate machines that are outside of the network in public places and not on the VPN with the protection of the corporate firewall. I know that some think you should not allow machines to access the network outside the VPN or you should use a zero trust solution from the likes of Palo Alto or Zscaler but that is not always possible. In fact as we go more towards the cloud, I feel you are going to have be more flexible in your approach.
In the past I have looked at product such as Cisco Umbrella, which at one time was a very simple agent, but they bloated the product and the agent is a bit heavy handed. Plus, I have enough agents on machines the world does not need yet another agent.
Since Windows Defender for Endpoint protection is installed on all endpoints, I was looking for a solution that integrated well with Windows Defender For Endpoint and did not require an agent on the machine.
The security team had settled on a solution, but as we were looking to purchase that solution, I had someone reach out to me on LinkedIn about a new approach to DNS Filtering called DNS Protection. I get numerous unsolicited LinkedIn requests and I generally ignore them as most of them have no value and thought this might just be another marketing gimmick, but i figured it was worth the time investment.
After listening to the pitch, we sat through a demo and I became very interested. After the demo, we decided to sign on for an evaluation. The evaluation, was very simple, it is an API integration with Windows Defender for Endpoint. Basically, the product will block malicious DNS requests and if it finds malicious websites, it will place them in Windows Defender threat indicators list, which in turn is pushed down to all clients.
The awesome thing about this solution is if you have servers on Windows Defender for Endpoint, it will also protect those.
I suppose you are wondering what the product is? It is called HYAS Protect and you can find more information about it here. You can also find a case study here.
The great thing about this solution, is if your devices are not on your protected networks, you still are protecting those machines and looking at threats. You also have a log of all DNS lookups from those clients which will aid in incident response.
After having this solution installed, we did have a few hiccups initially, but overall the product has been easy to manage and works very well. This product is also being continually improved.
If you are looking for a very simple way to provide protect to your devices without agents and without a large investment in time and resources, this is the way to go.