

Encryption is another line of defense for data at rest as well as data in motion and should be used for systems and data containing sensitive information.

Important Note: Having Secure Boot enabled is not a substitute for endpoint security software such as Symantec Endpoint Protection, which provides a deep line of defense on systems. Disabling Secure Boot may be needed in order to perform testing with unsigned software, but once testing has been performed, re-enabling Secure Boot is recommended. Secure Boot is a security feature within Windows that will validate signed drivers. Secure Boot: Enabling Secure boot on UEFI systems is recommended.

This may aid in the detection of attacks or malicious activity related to the exploitation of latent vulnerabilities.
