A

FIELD PROJECT REPORT ON

BLUE TEAM

SUBMITTED TO

Maharashtra Education Society’s

MES ABASAHEB GARWARE COLLEGE,

PUNE
(Academic Year 2025 - 26)

SUBMITTED BY

[Link] Ghodajkar Roll No. 139

[Link] Waghela Roll No. 139
[Link] Jadhav Roll No. 139

TYBSC - CYBER SECURITY (SEMESTER - V)

UNDER THE GUIDANCE OF

Mr. Sameer Manekar

 Date:

CERTIFICATE

This is to certify that

have successfully completed the Field Project.

Title

As a part of curriculum of [Link]. (Cyber Security)

Semester V, in the academic year 2025-2026.

Project In-Charge Head of Department

Examiner 1 Examiner 2
Blue Team Exercise Report

Title & Project Info:

 "Blue Team Exercise Report"
 "Project Blue Team Assessment (Endpoint
Security)

Introduction:
As organizations rely heavily on endpoints (desktops, laptops, mobile
devices, servers, and IoT), defending those devices has become crucial to
maintain confidentiality, integrity, and availability of business assets. This
Blue Team exercise aims to validate the effectiveness of endpoint controls,
detection capabilities, alerting workflows, and incident response procedures.
The exercise focuses on identifying gaps, improving detection rules and
playbooks, and hardening defenses against realistic attack techniques.

Key Insights:
• Purpose:

• Evaluate and improve the organization’s ability to detect, analyze, contain,

and recover from endpoint-focused attacks.

• Objectives:

• Validate endpoint detection and response (EDR) coverage and tuning.

• Verify logging completeness and alerting for key endpoint events.
• Test the effectiveness of Data Loss Prevention (DLP) controls.
• Assess patch-management and configuration-hardening levels.
• Exercise incident response playbooks for endpoint compromise.
• Produce prioritized remediation and monitoring improvements.
 TABLE OF CONTENTS
Sr. No. Section Name Page No.
1 Introduction
2 Objective
3 Tools & Technologies Used
4 Importance of Endpoint Security

5 Challenges in Endpoint Security

6 Real World Case Studies
7 Screenshots of UI
8 Features Summary
9 Future Trends in Endpoint Security
10 References
1. Introduction

The term endpoint refers to any device that

communicates with a computer network. This
includes desktops, laptops, tablets, smartphones,
servers, IoT devices, and even printers. These
devices serve as the entry and exit points for
organizational data.

Cyber attackers frequently target endpoints

because they are often less secure compared to
the central network infrastructure. For example, a
single infected laptop connected to a corporate
VPN can provide a gateway for hackers to access
sensitive company databases.

Modern workplaces depend on endpoints to

enable remote work, customer engagement, and
data access. However, this dependence also
introduces greater attack surfaces. Hence,
endpoint security has become an essential
discipline in cybersecurity.
2. Objective

The objectives of this project are as follows:

[Link] study the concept and significance of
endpoint security.
[Link] explore different types of endpoint
threats including malware, ransomware,
phishing, insider threats, and data leaks.
[Link] understand and evaluate tools and
technologies that are used to secure
endpoints.
[Link] examine real-world incidents where
lack of endpoint protection led to massive
damages.
[Link] provide an overview of future trends
such as AI, machine learning, and Zero
Trust in endpoint protection.
3. Tools & Technologies Used

Endpoint security relies on multiple technologies

working together. A layered defense model is the most
effective approach.
 Antivirus & Anti-malware Software
Traditional but still essential. Detects and removes
malicious files and programs. Examples: Windows
Defender, Kaspersky, McAfee.
 Endpoint Detection and Response (EDR)
Provides continuous monitoring, real-time threat
detection, and automated incident response.
Examples: CrowdStrike Falcon, SentinelOne.
 Data Loss Prevention (DLP)
Prevents accidental or intentional leakage of
sensitive data via email, USB, or cloud. Example:
Symantec DLP.
 Firewalls
Acts as a barrier between trusted and untrusted
networks. Personal firewalls also protect individual
endpoints.
 Encryption Tools
Ensures that sensitive data is unreadable if stolen.
Full-disk encryption (e.g., BitLocker) is widely
used.
 Patch Management Systems
Vulnerabilities in outdated software are a prime
target for hackers. Patch management ensures all
software is updated regularly.
 Mobile Device Management (MDM)
With the rise of smartphones, MDM ensures secure
access, remote wiping, and compliance monitoring.
 Cloud-Based Endpoint Security Platforms
Uses AI and machine learning for large-scale, real-
time analysis. Provides centralized monitoring for
all devices.
[Link] of Endpoint Security

 First Line of Defense: Endpoints are

where cyberattacks often begin.
 Remote Work Dependence: With hybrid
work models, endpoints connect from
different networks, often insecure ones.
 Compliance Requirements: Industries
like finance and healthcare must follow
regulations (HIPAA, PCI DSS) that require
endpoint protection.
 Prevention of Data Breaches: Stolen
endpoints (like lost laptops) can lead to
exposure of critical data.
 Minimization of Business Downtime:
Strong endpoint protection reduces
recovery time after an incident.
`
5. Challenges in Endpoint Security

[Link] Number of Devices: Every

new smartphone, IoT sensor, or laptop
increases attack surfaces.
[Link] Threats: Employees may
intentionally or unintentionally
compromise devices.
[Link] Policies: Personal devices are
harder to control and secure.
[Link] Attacks: Ransomware,
advanced persistent threats (APTs), and
zero-day vulnerabilities are difficult to
detect.
[Link] and Complexity: Implementing
enterprise-level endpoint protection can
be expensive and complex.
[Link]-World Case Studies
Case Study 1: WannaCry Ransomware (2017)
 Exploited outdated Windows endpoints.
 Spread across 150 countries, locking devices and
demanding ransom in Bitcoin.
 Impacted hospitals in the UK, causing patient care
delays.
 Lesson: Patch management is critical for endpoint
security.
Case Study 2: Target Data Breach (2013)
 Hackers gained access through a third-party
vendor’s compromised endpoint.
 Resulted in theft of 40 million credit card records.
 Lesson: Even indirect endpoints (vendors,
suppliers) must be secured.
Case Study 3: Remote Work Phishing Attacks (2020
– COVID-19)
 Employees working from home clicked on phishing
emails on personal devices.
 Attackers gained access to corporate networks
through VPN connections.
  Lesson: Training and endpoint monitoring are
essential in hybrid environments.

7. Screenshots of UI (Placeholder)

 Antivirus dashboard (e.g., Windows

Defender)
 EDR dashboard (e.g., CrowdStrike Falcon)
 Firewall configuration window
Screenshot 1.1: Antivirus dashboard (Windows
Defender)
 Screenshot 1.2: EDR dashboard
Screenshot 1.3: Firewall configuration window
8. Features Summary

Key Features of Endpoint Security

• Real-time malware detection and
prevention.
• Behavioral analytics to identify unusual
activities.
• Automated quarantine and isolation of
infected endpoints.
• Data encryption for sensitive files.
• Policy enforcement for device and
application usage.
• Remote wipe feature for lost devices.
• Centralized management for all endpoints in
an organization.

9. Future Trends in Endpoint Security

• AI and Machine Learning: To detect zero-
day attacks and advanced persistent threats.
• Zero Trust Architecture: “Never trust,
always verify” principle, even for internal
devices.
• Cloud-Native Security: Unified platforms
managing both on-premises and remote
endpoints.
• Integration with Threat Intelligence: Real-
time global threat data for better detection.
• IoT Security Enhancements: Specialized
endpoint protection for smart devices and
sensors.
10. Conclusion

Endpoints are the weakest links in

cybersecurity if not properly managed. From
ransomware outbreaks to insider threats,
attackers use endpoints as entry points to
compromise entire networks.

By implementing layered security

measures—including antivirus, EDR, DLP,
encryption, and patch management—
organizations can significantly reduce risks.

The future of endpoint security will rely on

AI-driven detection, Zero Trust models,
and cloud-based protection platforms,
ensuring both individuals and enterprises
stay ahead of evolving threats.
11. References

Symantec Endpoint Security Documentation

McAfee Endpoint Protection Whitepapers
CrowdStrike Falcon Guides
Palo Alto Networks Blogs
NIST Cybersecurity Framework