Endpoint Security

An endpoint, in the context of a computer network, is a remote computing device that communicates back and forth with a network to which it is connected.

Examples of endpoints are:

  • Desktop computers
  • Smartphones
  • Servers
  • Internet-of-Things (IoT) / Embedded devices

In a more extended definition of endpoint, it may include as well:

  • Virtual machines
  • Applications

In the context of an organization, term “endpoint” is used to differentiate these devices mostly from firewalls and network devices that are not considered to be directly used by end users.

This post is an overview of IT security aspects on endpoints, or what is called endpoint security (EPS).

Endpoints can have antimalware software, like for example, an antivirus.

Endpoint Security Components

Endpoint detection and response (EDR)

Extended detection and response (XDR)

Managed detection and response (MDR)

Endpoint protection platform (EPP)

Endpoint data loss prevention (DLP)

Host-based IDS

Whitelisting and Blacklisting

Microsoft Group Policy to check baseline.

Endpoint Security Hardening Guides

There are different organizations that issue hardening guides, as for example:

  • CIS Benchmarks
  • CCN-STIC Guides

CIS Benchmarks

CIS (Center for Internet Security) is a non-profit organization promoting protection against cyber threats. It is based in New York, USA.

There are CIS Benchmarks on different topics, including OS. You can find them on this link.

CIS Benchmarks relevant to endpoint include:

The CIS Benchmarks are available to be downloaded from this link.


The Defense Information Systems Agency (DISA), that belongs to the Department of Defense (DoD) of the USA, develops Security Technical Implementation Guides (STIGs) for different operating system.

DISA develop and upload STIGs that are uploaded to the public STIG Document Library of the portal DoD Cyber Exchange, and can be access from this external link.


CCN (National Cryptologic Center, from the Spanish Centro Criptológico Nacional) is a public organization of Spain, dependant on the CNI (National Intelligence Center, from the Spanish Centro Nacional de Inteligencia), the Spanish official intelligence agency.

CCN publishes a set of guides, referred as CCN-STIC (from the Spanish Seguridad de las Tecnologías de Información y Comunicaciones) guidelines and recommendations related to cybersecurity. They are mostly oriented to Spanish public administrations and their collaborating organizations.

CCN-STIC guides are grouped in series. The existing series are listed on this link.

500 guide series is related to Windows environment, and can be found on this link. 600 guide series are related to other non-Windows environments.

Regarding endpoint, we can find the following CCN-STIC guides:

  • Windows
    • CCN-STIC-522A Windows 7 (domain client)
    • CCN-STIC-522B Windows 7 (independent client)
    • CCN-STIC-559A Windows 10 (domain member client) group contains:
      • CCN-STIC-559A Windows 10 Security (domain member client)
      • CCN-STIC-599A18 Windows 10 Security (domain member client)
      • CCN-STIC-599A19 “Windows 10 Security Settings (domain member client)”
    • CCN-STIC-599B Windows 10 (independent client) group contains:
      • CCN-STIC-559B Windows 10 Security (independt client)
      • CCN-STIC-599B18 Windows 10 Security (independent client)”
      • CCN-STIC-599B19 “Windows 10 Secure Settings (independent client)”
  • Non-Windows
    • CCN-STIC-617 Implementación de seguridad sobre Suse Linux Enterprise 12 (cliente independiente)
    • CCN-STIC-619 Implementación de seguridad sobre Centos 7 (servidor independiente)
    • CCN-STIC-684 Publicación Segura de aplicaciones y escritorios virtuales con Citrix

There are other guides more specific to specific functionalities in Windows desktop OS, like:

  • CCN-STIC-512 Gestión de Actualizaciones de Seguridad en Sistemas Windows
  • CCN-STIC-529 Seguridad en Microsoft Office 2013
  • CCN-STIC-596 Protección de sistemas con AppLocker
  • CCN-STIC-885E Guía de configuración segura para Microsoft Defender for Endpoint

You might be also interested in…

External references


Leave a Reply

Your email address will not be published. Required fields are marked *