The endpoint protection was running.
But did it actually defend?
From installed to configured to defend
A European institution in a tightly sealed, high-confidentiality environment. The endpoint protection was there, but its configuration had quietly drifted from best practice. We exposed it, prioritised it, and delivered a hardened design, fully on-premise.
The challenge
An installed agent is not yet protection.
The endpoint protection was running, but no one could prove the configuration still met best practice. In an environment where that is exactly what matters, that certainty was missing.
- 01
Protective settings were unlocked. Users could switch them off; protection was optional instead of enforced.
- 02
The management platform was outdated and vulnerable. The place that steers everything was itself a risk.
- 03
Users could add their own exceptions. Every hole someone opened themselves stayed invisible.
- 04
Behavioural detection did not block the right things. Tampering with DNS and system files passed through unhindered.
An installed agent is not protection. The question was not whether it was running, but whether it was configured to defend you.
The approach
Not assume it is set right. Check it.
A structured review against best practice, and from it a design that closes the gaps, within the strict constraints.
Data gathering and interview
The full configuration of the management platform, the policy and the clients collected and the goal made sharp, inside the sealed environment.
Analysis against best practice
Every setting tested against best practice and against what an attacker could do with it: where protection is on, where it can be switched off, where the gaps are.
Findings by severity × effort
About 28 findings, grouped by severity and the effort to resolve them. Not a list to drown in, but an order to start with.
A hardened design
A low-level design and DMZ architecture for the target state, plus reporting to keep it configured right, fully on-premise.
The solution
No longer optional. Enforced.
What stands now: protection that no longer depends on who can reach which switch. Locked, patched and designed to keep it that way.
The protective features locked and sharp, no longer switchable by anyone.
About 28 findings by severity and effort, an order to start with.
A low-level design and DMZ architecture for the target state, not loose fixes but a foundation.
All within the sealed environment, no data leaving the door.
“We knew it was running. Now we know it actually defends us.”
The result
From assuming to demonstrably defended.
- -Protective settings unlocked, switchable off
- -Management platform outdated and vulnerable
- -Users added their own exceptions
- -No certainty the protection actually defended
- ✓Protection locked and enforced, no longer optional.
- ✓The management platform patched and hardened.
- ✓About 28 findings prioritised, an order to start with.
- ✓A hardened design and reporting, to keep it configured right, fully on-premise.
A similar challenge?
No pitch. One conversation.
One conversation in which we determine whether, and how, this works for your organisation too.
Schedule a conversation