UNCONSTRAINED ENDPOINT SECURITY SYSTEM: UEPTSS

Modern information security management best practices dictate that an enterprise assumes full configuration control of end user computer systems (laptops, deskside computers, etc.). The benefit of this explicit control yields lower support costs since there are less variation of machines, operating systems, and applications to provide support on, but more importantly today, dictating specifically what software, hardware, and security configurations exist on an end user's machine can help reduce the occurrence of infection by malicious software significantly. If the data pertaining to end user systems is organized and catalogued as part of normal information security logging activities, an extended picture of what the end system actually is may be available to the investigator at a moment's notice to enhance incident response and mitigation. The purpose of this research is to provide a way of cataloguing this data by using and augmenting existing tools and open source software deployed in an enterprise network.