Enforcing Compliance

A key protection for systems in a connected world is limiting the available attack surface of the asset. Closing ports, disabling unnecessary services, and using a least privilege approach to assigning permissions are all pieces of deploying a security baseline. The challenges associated with deploying and maintaining security baselines, however, have classically limited the adoption of them in all but the most critical infrastructure environments. Compatibility testing, the difficulties in enabling functionality as needed for new applications, and the challenges associated with identifying configuration drift over time and bringing the device back into compliance have all conspired to make security baselines near impossible to manage in practice.

Configurable Baselines

Lockdown addresses many of these challenges, enabling you to reliably deploy impactful security baselines and monitor them to ensure that they stay in place. With our Lockdown Endpoint Hardening service, we can build and define a security baseline based on industry standards, such as those published by CIS (Center for Internet Security), centrally administer and modify that baseline as needed for your specific environment and monitor whether that baseline stays in place or is modified.

With our standard offering, we use the Lockdown agent to deploy the standard CIS Level 1 baseline during the provisioning process to ensure that you receive a compliant endpoint out of the box. Additionally, we can modify the standard baseline to accommodate any compatibility or usability concerns that you may have before applying the security baseline.

Identify and Remediate Drift

As part of our premium offering, not only can we deploy your customized baseline during the provisioning process, but we can also deploy it to devices that are already deployed. With this level of service, we can track configuration drift by monitoring the device on a periodic basis and determining if the baseline settings have been changed in any way. Once we determine that drift has occurred, we can either report on it for your team to remediate or we can automatically bring the device back into compliance.

By taking advantage of our Lockdown Endpoint Hardening service, you can reduce the risks that your organization faces and maintain a higher level of compliance without the headaches of conventional management solutions.