What Is Endpoint Security?

5min. read

Endpoint security describes the tools, products and techniques designed to protect users’ devices – such as desktop computers, laptops, smartphones and tablets – and ensure the security of individual access points to an organization’s network and sensitive data. The number of vulnerable entry points continues to grow as remote and mobile workers as well as bring-your-own-device policies become more commonplace, extending the protection perimeter. Any organization must ensure all internet-enabled devices with access to its internal data are protected against cyberattacks.

“Endpoint security” is often used interchangeably with “Endpoint Protection Platform,” or EPP, a term coined by Gartner. These platforms sit on endpoint devices and secure them against cyberattacks using a comprehensive approach to combat sophisticated malware.  

EPPs use multiple techniques for prevention, including static analysis to evaluate potential malware based on file inspection, heuristics rules to block exploits, and behavioral analysis to evaluate file maliciousness based on the functions they perform.  

Endpoint detection and response, or EDR, tools have emerged as a complement to EPP tools, allowing security teams to investigate and mitigate threats their prevention tools may have missed. An endpoint security toolkit may also include technologies such as endpoint management (which includes asset, vulnerability, patch and mobile device management), encryption, data loss prevention, and identity and access management. These tools can be used alone or bundled with other EPP products for more comprehensive protection.

The best EPP offerings tend to be cloud-managed so endpoint activity can be monitored continuously and issues can be resolved automatically, regardless of the network to which the endpoint device is connected.

Key capabilities of an EPP:

  • Blocking of known malware and viruses based on signatures, hashes or other such methodologies.
  • Blocking of unknown malware based on static file analysis, emulation, behaviors and techniques.
  • No dependency on signatures as sole method for malware detection.
  • Actions powered by threat intelligence.
  • Anti-exploit and anti-ransomware protection.
  • Effective management console (a poor management console should not create the need for EDR).
  • Cloud-based sandboxing for deep inspection and second-opinion analysis.
  • Lightweight agent to minimize performance impact.
  • Single agent for both EPP and EDR.
  • Hardening, such as application control, or another feature that reduces the attack surface.
  • Authentication enhancements such activity monitoring (behavioral biometrics).

Click here to learn more about endpoint security.