Monitoring Endpoint Security States with InfluxDB

By Chris Churilo / Use Cases, Product, Developer
Dec 09, 2020

Several factors in recent years have increased endpoint vulnerability — from organizations’ need to make access to data more fluid, to threats targeting mobile device access and networks, to the growing work-from-home and work-on-the-go trends. Endpoints connected to a network — including remote devices, IoT devices, workstations, tablets, laptops and servers — create attack paths for security threats.

While most security breaches in the past had entered through the network, threats today increasingly come in through endpoints, requiring a new layer of security through endpoint protection. Greater control over access points helps prevent vulnerabilities posed by the use of remote devices.

Why is endpoint security important?

When hackers and cybercriminals execute code and exploit existing vulnerabilities in endpoints, they get access not only to the data contained on that device — but also potentially an unrestricted way to get onto the network that endpoint is connected to.

Endpoint security secures the various endpoints on a network to keep them safe from malicious attacks. For many years, organizations relied on antivirus software to secure endpoints, yet as hackers’ methods became more advanced, more sophisticated security measures became necessary.

Monitoring the security state of endpoints helps you to understand the effectiveness of the endpoint detection and response. Having clear visibility in this area allows your security team to take advantage of threat intelligence, to help identify known threats and respond in a timely fashion.

How to monitor endpoint security states

One security mechanism you can use to secure these endpoints is endpoint authentication, which ensures only authorized devices can connect to the endpoint. To monitor endpoint security states, Security Tools Manager at InfluxData Darin Fisher created the InfluxDB Endpoint Security State Template. Like other InfluxDB Templates, this template lets you quickly define your entire monitoring configuration (data sources, dashboards, and alerts) in one easily-shared, open-source text file that can be imported into InfluxDB with a single command.

This InfluxDB Template works by connecting to secure endpoints and attempting to log in. Using the http_response and x509_cert Telegraf plugins, availability, authentication, and certificate information are collected. The dashboard displays the general availability for each endpoint along with the x509 certificate status and authentication state.

Fisher provides a step-by-step walkthrough of how to install and use the template. Read it to learn more about the monitoring metrics you can track using this template, and the endpoint security states represented by dashboard icons.

To install this template, sign up for your free InfluxDB Cloud account.