< ciso
brief />
Tag Banner

All news with #endpoint security tag

76 articles · page 3 of 4

WhatsApp Introduces Strict Account Settings for Security

🔒 Meta announced a new Strict Account Settings mode on WhatsApp to protect high-risk users such as journalists and public figures by locking accounts to their most restrictive options. The mode, available under Settings > Privacy > Advanced, blocks attachments and media from unknown senders, silences unknown callers, and restricts additional features to reduce attack surface. Meta said the controls will roll out gradually over the coming weeks. The company also highlighted a global rollout of a Rust-based media library, wamedia, and other memory-safety hardening efforts to guard against spyware and memory corruption.
read more →

USB Drives Threaten Enterprise Security: Risks & Controls

🔒 Removable media remains a persistent enterprise risk, enabling both data exfiltration and device-borne intrusion whenever USB drives connect to endpoints. The article highlights evolving threats — including MUSTANG PANDA’s USBFect campaigns (2023–2025) and late-2025 coinminer infections — and high-profile insider exfiltration cases. CrowdStrike recommends a dual approach using Falcon Data Protection to stop sensitive data from leaving endpoints and Falcon Device Control to block or restrict untrusted devices, both delivered via the single Falcon sensor to simplify deployment and reduce operational overhead.
read more →

Airlock Digital Forrester TEI Finds 224% ROI and $3.8M NPV

🔒 The Forrester Consulting Total Economic Impact (TEI) study commissioned by Airlock Digital reports a 224% ROI and a $3.8 million net present value over three years for organizations that adopt Airlock’s allowlisting approach. The analysis cites a >25% reduction in overall breach risk and notes zero breaches among interviewed customers after deployment. It also highlights operational efficiency gains — policy management requiring roughly 2.5 hours per week — and reduced administrative overhead thanks to Airlock’s modern, operationally friendly implementation of allowlisting.
read more →

Comparing Secure Enterprise Browsers: Choosing Wisely

🔒 Web browsers remain a primary enterprise attack surface, and the market for secure browsers is maturing as vendors and hyperscalers fold browser isolation into broader security platforms. The article summarizes evaluation criteria — from MFA, isolation and DLP to extension control, logging and anonymous surfing — and highlights recent consolidation and vendor offerings. It emphasizes integration, support and cost tradeoffs when choosing a deployment mode.
read more →

AppGuard Warns Against AI Hype; Expands Insider Beta

🔒 AppGuard critiques heavy reliance on AI-enhanced detection and promotes a controls-first, default-deny approach to shrink the endpoint attack surface. CEO Fatih Comlekoglu argues that AI-driven detection cannot "parse infinity," leaving defenders overwhelmed by alerts as organizations limit data ingestion. AppGuard positions its controls-based agent as requiring 10–100× fewer policy rules while auto-adapting to endpoint changes and malware techniques. The company has reopened an Insider Release for MSSPs and experienced operators to test its reengineered lightweight agent and cloud console.
read more →

Endpoint Breaches: Up to Two Weeks to Recover, Study

🔒 Endpoint disruption following serious breaches can take up to two weeks to remediate, and most US and UK organizations report recovery costs in the millions. In a survey of 750 CISOs compiled for an e-book, Absolute Security found 55% had experienced incidents that disabled mobile, remote or hybrid endpoints in the past 12 months. A majority (57%) required 3–6 days for full endpoint remediation, while 19% needed 7–14 days. The report places the average cost per incident at $2.5m, with 98% of respondents spending between $1m and $5m on recovery.
read more →

The State of Cybersecurity in 2025: Segments and Innovations

🔐 Cybersecurity in 2025 is framed as an architectural challenge rather than a set of isolated controls. This contributed report surveys shifts across authentication, endpoint and network security, software supply chains, SaaS data governance, AI-driven defenses, and human risk. It highlights hardware‑backed authentication, passkeys, binary-level verification, and network telemetry as pivotal controls. Vendors stress speed, visibility, and provable trust as the operational priorities.
read more →

CrowdStrike Endpoint Security Delivers 273% ROI Over 3 Years

🛡️ CrowdStrike Endpoint Security consolidates prevention, detection, and response into a single, AI-native sensor delivered via the cloud-native Falcon platform. Forrester Consulting's commissioned Total Economic Impact™ study found a 273% ROI over three years and payback in under six months for a modeled global organization. The analysis cites an 80% reduction in endpoint breach risk, a 95% cut in technology management labor, and over 30,500 hours saved across security and technical teams. Customers reported faster investigations, reduced alert noise, and simplified operations that enabled faster integration of new sites and acquisitions.
read more →

Navigating Analyst and Test Reports for Endpoint Security

🖼️ Many vendor and lab reports — from Gartner and Forrester market quadrants to specialist tests like AV‑Comparatives, SE Labs and MITRE Engenuity’s ATT&CK Evaluations — offer distinct, valuable perspectives on endpoint security. Security teams should selectively combine these assessments to triangulate performance, match operational requirements, and validate vendor claims before procurement decisions.
read more →

Understanding Zero-Day Attacks: Risks and Defenses

🛡️ Zero-day attacks exploit software vulnerabilities that are unknown to the vendor, enabling attackers to compromise systems before patches are available. They target high-value platforms such as operating systems, web browsers, enterprise applications, and IoT devices, often using spear-phishing or zero-click techniques. Because signature-based tools frequently miss novel exploits, effective defense requires rapid patching, behavior-based detection (EDR, NDR, XDR), network segmentation, and investigative analysis of packet-level data to detect, contain, and learn from incidents.
read more →

Kaspersky Enhances Embedded Systems Security for 2025

🔒 Kaspersky has released a major update to Kaspersky Embedded Systems Security, targeting the unique risks of legacy and resource-constrained devices. The Windows edition introduces a behavioral analysis engine plus Automatic Exploit Prevention, Anti-Cryptor, a Remediation Engine, BadUSB protection, a firewall, and a security status indicator. The Linux edition adds certificate-based allowlisting and Web Threat Protection to simplify safe updates and guard web-enabled embedded devices. Planned Q1 2026 improvements include MDR integration, BadUSB for Linux, and ARM support.
read more →

Seven Security Practices That Should Be Retired Now

🔒 This article identifies seven security practices that have become obsolete in modern, cloud-first and hybrid workplaces. Contributors including Amit Basu, George Gerchow and others warn against relying on perimeter defenses, legacy VPNs, SMS-based 2FA and on-premises SIEMs, and caution about overreliance on EDR or compliance-only programs. It recommends shifting to Zero Trust, SASE, continuous monitoring and active security awareness to close visibility gaps and reduce risk.
read more →

Microsoft adds Teams call handler to speed Windows client

⚡Microsoft will introduce a new Teams call handler, ms-teams_modulehost.exe, that runs as a child process to manage the calling stack separately from the main ms-teams.exe application, improving startup times and in-meeting performance. The change is transparent to end users and requires no retraining. Administrators should allowlist the new process in security and endpoint protection systems and notify helpdesk staff to avoid false positives during the rollout.
read more →

Application Containment and Ringfencing for Zero Trust

🔒 Ringfencing, or granular application containment, enforces least privilege for authorized software by restricting file, registry, network, and interprocess access. It complements allowlisting by preventing misuse of trusted tools that attackers commonly weaponize, such as scripting engines and archivers. Effective rollout uses a monitoring agent, simulated denies, and phased enforcement to minimize operational disruption. Properly applied, containment reduces lateral movement, blocks mass exfiltration and ransomware encryption while preserving business workflows.
read more →

Microsoft to Natively Integrate Sysmon in Windows 11

🛡️ Microsoft will integrate Sysmon natively into Windows 11 and Windows Server 2025, removing the need to deploy the standalone Sysinternals tool. The built-in functionality will preserve Sysmon’s capabilities, including support for custom configuration files and advanced event filtering, and logs events to the Windows Event Log. Administrators can enable it via Optional Features or run sysmon -i (or sysmon -i <config>) to load a custom configuration, and updates will be delivered through Windows Update to simplify management and improve coverage in large environments.
read more →

Widespread Outdated and Unmanaged Devices Threaten Networks

🔒 Palo Alto Networks found that 26% of Linux systems and 8% of Windows systems are running outdated versions across telemetry from 27 million devices spanning 1,800 companies. The analysis also shows 39% of devices lack active endpoint protection and roughly one-third of devices operate outside IT control. Poor segmentation and unmanaged edge devices increase the risk of undetected compromise.
read more →

Layered Security for SMBs During the Holiday Season

🔒 Small and medium-size businesses face rising, measurable cyber risk as ransomware incidents increase and attacks spike during the holiday season. Resource constraints and end-of-life Windows 10 devices magnify exposure, while firmware-level and endpoint gaps can defeat traditional defenses. A layered, defense-in-depth approach across silicon, the operating system, and endpoints reduces attack surfaces. Business-grade devices such as the ASUS Expert Series integrate these protections to turn necessary upgrades into strategic security investments.
read more →

Windows 11 Start Menu Redesigned with Scrollable All Apps

🔔 The Windows 11 Start menu has received its first major redesign since 2021 and is rolling out with the November 11 Patch Tuesday update. The new Start is scrollable and places the All apps list on the main screen, offering a categorized view (groups built locally from a JSON file) and a classic A‑to‑Z grid. The UI adapts column counts to screen size, lets you hide the Recommended feed via Settings > Personalization > Start, and is included in Build 26200.7019 and 26100.7019 or newer though it may not enable immediately after updating.
read more →

Securing the Open Android Ecosystem with Samsung Knox

🔒 Samsung Knox is a built-in security platform for Samsung Galaxy devices that combines hardware- and software-level protections to safeguard enterprise data and provide IT teams with centralized control. It layers defenses — including AI-powered malware detection, curated app controls, Message Guard for zero-click image scanning, and DEFEX exploit detection — while integrating with EMMs and offering granular update management via Knox E-FOTA. The platform emphasizes visibility, policy enforcement, and predictable lifecycle management to reduce risk and operational disruption.
read more →

Kaspersky Launches Kaspersky for Linux for Home Users

🛡️ Kaspersky has introduced Kaspersky for Linux, extending its award-winning home security lineup to 64-bit Linux desktops and laptops. The product adapts the vendor's enterprise-grade Linux solution for home users and combines real-time monitoring, behavior-based detection, removable-media scanning, anti-phishing, online payment protection, and anti-cryptojacking. Distributed as DEB and RPM packages, installation requires a My Kaspersky account and a 30-day trial is available; subscription tier does not change Linux feature availability while GDPR readiness is pending.
read more →