Create Next App

KADERA

Dashboard Districts Assessments Reports Vendors Renewals E-rate

Break glass

Endpoint & Network Defense

How devices and the network resist intrusion, and how breaches get contained when they happen.

Capture progress

13 of 13 fields captured

Maturity preview · Developing

Endpoint & network defense tools

EDR, MDR, device management, firewall, and network defense systems in use. Endpoint is the most tool-diverse sub-domain — the F1–F13 posture questions below score how these tools are configured, monitored, and integrated.

Inventory

Tool

Product

Status

Deployment scope

Manufacturer rep

Partner / integrator rep

Tool

Product

Status

Deployment scope

Manufacturer rep

Partner / integrator rep

Tool

Product

Status

Deployment scope

Manufacturer rep

Partner / integrator rep

Tool

Product

Status

Deployment scope

Manufacturer rep

Partner / integrator rep

Endpoint protection

F1EDR platformTop-weighted

The endpoint detection & response product running on staff and student devices. Single biggest predictor of whether ransomware detonates or gets quarantined at first execution.

F2Coverage by device class

Which platforms have EDR deployed today.

F3Traditional AV (if separate from EDR)

F4Managed detection & response (MDR / MXDR) provider

Who watches the EDR alerts after hours. If your EDR vendor also provides 24/7 SOC monitoring, name them here.

Device management

F5MDM / UEM platform

How staff and student devices are enrolled, configured, and pushed updates.

F6Endpoint patch management

How OS and third-party patches reach endpoints.

F7Local admin / privilege model on endpoints

Good = staff users are standard, IT uses just-in-time elevation. Acceptable = standard with local admin password solution (LAPS).

Network defense

F8Network segmentation

Whether staff, student, IoT/OT, and guest traffic are isolated from each other at L3.

Hard finding · Flat network

A flat network is the single biggest blast-radius multiplier in K-12 incidents. One compromised user device can reach servers, IoT, OT, and student data without crossing a control. This is a top finding regardless of other strengths.

F9Firewall vendor & management↗ Tech stack

The firewall captured here is pulled from your tech stack inventory.

Linked to Firewalls in tech stack inventory

Management

Advanced features in use

F10IDS/IPS or network detection & response (NDR)

If your firewall handles IDS/IPS (Field 9), select that option.

F11Content filtering & CIPA compliance

CIPA filtering is a federal funding requirement for E-rate participation.

Filter platform pulled from tech stack inventory (firewall-integrated URL filtering)

F12Remote access architectureTop-weighted

Exploited remote access is a top-two K-12 breach root cause.

Posture checksMFA required for all remote sessionsDevice compliance check before connectionSession recording or session-level logging in place

Internet exposureNo direct admin protocol exposure (RDP, SSH, RDWeb) to the public internetHard finding if unchecked

F13OT vendor remote accessTop-weighted

HVAC, access control, video, paging, and bell-system vendors with persistent remote access. The K-12-specific worst-offender path — if IT doesn't know about it, no other control can apply.

Inventory

Mechanism

GovernanceMFA required on vendor-side accountsContract requires breach notification + removal-on-terminationOT VLAN segmentation enforced (cross-references F8)

Endpoint protection

Device management

Network defense

Notes