Endpoint security is the process of protecting endpoint devices like desktop computers, laptops, and smartphones from attacks and data leaks.
After reading this article you will be able to:
Copy article link
Endpoint security or endpoint protection is the process of defending endpoints — devices that connect to a network, like laptops and smartphones — from attack. Endpoint security can also involve blocking dangerous user behavior that could result in the endpoint device's becoming compromised or infected with malware.
Organizations can use endpoint protection software to enforce security policies, detect attacks, block in-progress attacks, and prevent data loss. Because endpoints connect to internal corporate networks, endpoint protection is also an important component of network security.
There are many facets to endpoint protection, as threats can come from a variety of places. Common endpoint threat vectors* include:
Endpoint protection used to center on malware detection and prevention through the use of anti-malware or antivirus software, but today it has expanded to address these other threat vectors as well.
*In the security industry, "threat vector" means a source or channel that an attack can come from.
Endpoint security software uses one of two models:
In the client-server model, the software runs on a central server, with client software installed on all endpoints that connect to the network. The client endpoint software tracks activity and potential threats on the endpoint device and reports back to the central server. Usually, the client software can isolate or eliminate active threats if needed — for instance, by uninstalling or isolating malware on an endpoint, or blocking the endpoint from accessing the network.
In the software-as-a-service (SaaS) model, a cloud provider hosts and manages the endpoint software. SaaS endpoint software offers the advantage of scaling up more easily than the client-server model, as is usually the case with cloud computing services. SaaS-based endpoint software can also send updates to and receive alerts from endpoints even when they are not connected to the corporate network.
Typical endpoint security capabilities include:
Anti-malware (or antivirus) software has long been an important aspect of endpoint protection. Anti-malware detects malware using four main methods:
Endpoint detection and response (EDR) is an important category of endpoint security products that monitor events on endpoints and on the network. The features of EDR products vary, but all are able to collect data about activity on endpoints in order to help security administrators identify threats. Most can also block threats once they are detected.
For individual consumers, endpoint protection is important but typically does not require dedicated endpoint security software. Many operating systems for consumers come with basic security protections already installed (such as anti-malware), and users can follow certain best practices to keep their computers, smartphones, and Internet activities protected.
Endpoint security is a larger issue for businesses, especially those that have to manage hundreds or thousands of employee endpoint devices. An insecure endpoint can be a foot in the door for attackers attempting to break into an otherwise secure corporate network. The more endpoints that connect to a network, the greater the number of potential vulnerabilities introduced to that network — just as more cars on the road increases the likelihood that a driver will make a mistake and cause an accident.
In addition, the potential impact of a successful attack on a business can be huge, resulting in a disruption of business processes, the loss of confidential data, or a damaged reputation.
What also makes endpoints an enticing target is that they can be difficult to keep secure. IT teams do not have regular, direct access to the computers employees use, nor to employees' personal devices like laptops and smartphones. By requiring the installation of endpoint protection software on devices that connect to a network, IT can remotely manage and monitor the security of these devices.
Securing endpoint devices became far more challenging with the increase of bring your own device (BYOD) environments over the last decade. The number of devices that connect to each network has increased, as well as the variety of devices. Endpoints on a network are likely to include not just personal smartphones and tablets, but also Internet of Things (IoT) devices, which run a wide variety of software and hardware (learn more about IoT security).
Endpoint security is part of keeping networks secure, since an unsecured endpoint provides a weak spot in a network for an attacker to exploit. But network security also includes protecting and securing network infrastructure, managing network, cloud, and Internet access, and other aspects not covered by most endpoint security products.
Today, the lines between endpoint and network security are blurring. Many organizations are moving to a Zero Trust model for network security, which assumes any endpoint device may pose a threat and must be verified before it can connect to internal resources — even SaaS applications. With such a model, endpoint security posture becomes important for allowing network and cloud access.
In a Zero Trust model, no endpoint is trusted automatically. Zero Trust requires checking every device for security risks regularly, often on a request-by-request basis. This may involve an integration with endpoint security solutions that monitor the endpoint for malware or other risks. Some Zero Trust vendors may provide this natively as well.
Such an approach means that potentially compromised endpoint devices are quickly isolated from the rest of the network, preventing lateral movement. This principle of microsegmentation is a core facet of Zero Trust security.