Other miscellaneous endpoint countermeasures
So far, we have focused much on adding additional layers with new security mechanisms and implementing patch management for systems and common business applications.
However, there are other settings we should implement to further reduce the overall risk of getting a compromised endpoint or a compromised endpoint that could be used to launch an attack against our infrastructure. So, here is a list of other miscellaneous countermeasures we can implement for our endpoints.
DNS filtering
On a monthly basis, there are over 200,000 New Domain Registrations (NDRs). Palo Alto identifies that the majority of these domains are used for suspicious or malicious intent, as we can see from the research at https://unit42.paloaltonetworks.com/newly-registered-domains-malicious-abuse-by-bad-actors/.
Palo Alto also advises us to block these NDRs up to 32 days (about 1 month) after initial registration. So, this requires some DNS filtering capabilities...
