This technical note provides an overview of Macrosoft’s recent implementations of two new leading-edge security and network management platforms for enhancing our security profile and controlling our endpoint network protection. These are critical upgrades given everyone in the company is now working remotely and will likely continue for the foreseeable future. In effect, we are now a distributed enterprise. These technologies help us to protect/mitigate malware, viruses, exploits, and ransomware.
The first technology implementation is the Microsoft Endpoint Manager Platform. We describe the major features this cloud technology platform provides and how and where we are currently using it. Macrosoft has been a Microsoft Gold Partner for over a decade. As a Gold Partner, our technology team continually tests most Microsoft technologies for us to be ready if and when our clients need them. For some time now we have been evaluating the latest version of Microsoft Endpoint Manager. It became clear to us that this is a key technology for us to implement for our own internal network and security needs since our company is now a distributed enterprise. Endpoint Detection and Responses (EDR) and Extended Detection and Response (XDR) are essential to implement on each device to protect our network and our client services.
The second technology we have recently implemented is SonicWall which is a next-generation firewall for mitigating intrusion risk and protecting everyone in our remote workforce. We provide a brief overview of the security features this platform provides us and how and where we have implemented it. Macrosoft developers use laptops from their homes to do their work, and so covering these laptops is our focus for SonicWall. [1]
Macrosoft Profile
Macrosoft has 2 large diverse international development centers in Lahore Pakistan and Trivandrum India. Both contain well over 100 technical staff. We also have over 150 technical staff in the US, but nearly all these staff members work directly for our US client base, and so are subject to the security and network standards of the clients they work for. There is also a group of about 30 technical and business staff in the US that oversee all development work done out of our two international development centers and staff overall corporate business functions including Sales, Marketing, HR, Finance, etc.
The implementation of these two tech platforms is intended for everyone in the two international development centers as well as for the 30 or so members of the technical and business organizations in the US. As noted, it is not intended for the ~125 US technical consulting members that work for our US client base. While nearly all these technology consultants also work remotely at the present time, they are subject to the security and network processes of the clients they are working for and usually use laptops provided by the clients.[2]
Microsoft Endpoint Manager
Microsoft Endpoint Manager is a cloud-enabled platform for unified and secure endpoint management. It can secure, deploy, and manage all users, apps, and devices. A key reason we were attracted to Endpoint Manager in the first place is that it is fully cloud-enabled with a diverse and growing set of cloud-based features. Our company is predominantly cloud-based at this point. Over the last few months, we have been moving more and more endpoints and workloads to the cloud and expect to have most of this done by 3rd Q 2021.
We are using this platform as our path to modernize the management of our network and devices. By modern management we mean, among other things, the ability to quickly and easily automate tasks, set priorities on tasks, and most importantly, closely connect our IT and Security teams and priorities. To us, it also means continually improving the user experience. All these points are now more important than ever given the remote and dispersed nature of our work environment.
1 Endpoint Manager Capabilities
The main capabilities of Endpoint Manager that we have found to be major advantages to our company are the following:
Capability | Short Description of Capability and How we are benefiting from it |
Cloud security Across Endpoints | Protects devices against threats using Microsoft Zero Trust technology and Microsoft Defender ATP. Secure and intelligent and has native integration with cloud-powered security controls and risk-based conditional access and controls for apps and data. |
Comprehensive Windows 10 Mgt. | Simplifies automated provisioning, configuration management, and software updates for all our endpoints. Provides unified management of all endpoints. |
Streamlined and Flexible | Flexible support for diverse and BYOD scenarios. (We have a workforce of over 300 developers working remotely with individual laptops so this is a critical capability.) |
Fast Rollout of Services | The fast rollout of new services and devices with end-to-end integration across Microsoft stack (our standard tech stack). |
Advanced Analytics | Rich UI includes advanced analytics. Has productivity scores, including technology experience. |
Zero Touch Provisioning | Rich UI to set up automated provisioning for new endpoint devices, apps, and processes. |
Deep Microsoft 365 Integration | Modernize developers’ and business users’ environments within Microsoft 365. |
2 Microsoft Endpoint Manager Cloud Management Journey
The architecture diagram below shows the three main stages of the cloud management journey using Configuration Manager and Intune in a single unified endpoint management solution. The first stage uses tenant-attach capabilities that provide the most flexible path for Configuration Manager to allow us to start gaining cloud benefits without necessarily enrolling all our Windows clients with Intune. We simply need to connect the Configuration Manager site to the cloud and immediately gain access to a host of remote actions and analytics. This is the path we used in implementing Endpoint Manager.
In the second stage, we can use co-management to manage Windows using both Configuration Manager and Intune. The Windows 10 device is managed by both Configuration Manager and mobile device management (MDM) systems in this second stage. This is not a relevant stage for us since, as noted, we are not integrating mobile smartphone devices into the platform at this point.
The third stage is for new endpoints to go directly to the cloud with Intune, which is what we are doing. We are also flexibly moving more and more workloads to the cloud which is normal in the third stage.
SonicWall Capture Client (Advanced)
SonicWall Network Security Manager (NSM) gives us what we need for comprehensive and centralized firewall management. It is a next-generation firewall mgt platform. Among the key capabilities are the following:
Capability | Description and how we are using this capability | Additional Details |
Firewall Mgt. | Onboard and manage all firewalls centrally from one interface | The platform has Capture Security Center which is a scalable cloud security management system. It delivers robust security management, analytics, and real-time threat intelligence for your entire portfolio of network, email, endpoint, mobile, and cloud security resources. |
Zero Touch Provisioning | Deploy and administer firewalls remotely with Zero-Touch Deployment | Minimal user intervention is required. |
Configuration Automation | Simplify the setup of firewalls with configuration wizards. Quickly and easily deploy any new firewalls using custom configuration templates. | Fully automated to operationalize firewalls in four easy deployment steps. |
Analytics of Security Risk | Identify and remedy security risks through analytics capabilities in the UI | Access SonicWall from a single function-packed interface – a ‘single pane of glass Establish content filtering and access policies for risky users and applications easily and quickly. |
Dashboard | An intuitive dashboard with key metrics displayed and tracked | It has Risk Meters customized to show threat data and risk scores based on live threat data compared with the present level of protection. Web application and internet usage are revealed on the dashboard. Drill-down capabilities to pivot and investigate data points of interest down to the user level. |
Audit Reporting | Automate audit-ready reporting, very useful when clients ask us for our security status | The broad range of predefined reports. Customization using any combination of auditable data to acquire various use-case outcomes. Pull data with deep granularity Uncover anomalies with historical user records and application activity for long-term traffic and security gap analysis. Can conduct drill-down risk analysis and generate compliance audits |
Gateway Security | Gateway Security Services – Get real-time protection with gateway anti-virus, anti-spyware, intrusion prevention (IPS), and application intelligence and control. | Cloud App Security (CAS). Enables quick discovery and evaluation of risky applications with “Shadow IT Discovery”. Set allow/block policies in real-time. |
Advanced Threat Protection | Capture Advanced Threat Protection (ATP) – Defend against unknown and zero-day attacks at the gateway with automated remediation using multi-engine sandboxing. | Analyze and measure security posture Perform what-if analysis Identify security actions to reduce network threat surface and susceptibility to cyberattacks through known threat vectors. |
Content Filtering | Content Filtering Service – Manage access to inappropriate, unproductive, and even illegal and malicious web content. | Automate content filtering services |
Anti-Spam Service | Comprehensive Anti-Spam Service – Remove junk email at the gateway with one-click activation | Next-Gen Security for Office 365 |
Smarter Data | Smarter Data leads to Faster Decisions | All network traffic that passed through firewalls —in real-time. Detect performance issues and hidden risks with high accuracy via pivoting and drill-down tools. |
Actionable Information | Firewall Data into Actionable Information | Aggregate Data; Contextual Data Stream Analytics; User Analytics Dynamic Visuals Detection and Remediation |
Concluding Comments
This is another paper in our series describing technology innovations at Macrosoft. This paper deals with our implementation of Microsoft Endpoint Manager and SonicWall Capture Client Advanced for enhancing our security profile and automating our network management of endpoint devices and applications. There will be many more technical papers from Macrosoft over the coming months on innovations now being pursued in our ‘skunkworks’ including in the following areas: robotic process automation; NLP; chatbots; AI for document understanding; and many more. Many of these innovations we are now pursuing will lead to new products and services for our company. Stay tuned!
[1] We are not currently using either platform to cover the smart phones of our technical community.
[2] For these tech consultants their main interactions within Macrosoft are through MS Outlook 365.
ByG.N. Shah, Ronald Mueller | Published on October 12th, 2021 | Last updated on October 28th, 2024 | New Technology and Trends