Endpoint Security

Endpoint security is the practice of securing endpoints or entry points of end-user devices such as desktops, laptops, and mobile devices from being exploited by malicious actors and campaigns. Endpoint security systems protect these endpoints on a network or in the cloud from cybersecurity threats. Endpoint security has evolved from traditional antivirus software to providing comprehensive protection from sophisticated malware and evolving zero-day threats.

Organizations of all sizes are at risk from nation-states, hacktivists, organized crime, and malicious and accidental insider threats. Endpoint security is often seen as cybersecurity’s frontline, and represents one of the first places organizations look to secure their enterprise networks.

As the volume and sophistication of cybersecurity threats have steadily grown, so has the need for more advanced endpoint security solutions. Today’s endpoint protection systems are designed to quickly detect, analyze, block, and contain attacks in progress. To do this, they need to collaborate with each other and with other security technologies to give administrators visibility into advanced threats to speed detection and remediation response times.

Why endpoint security is important?

An endpoint protection platform is a vital part of enterprise cybersecurity for a number of reasons. First of all, in today’s business world, data is often the most valuable asset a company has—and to lose that data, or access to that data, could put the entire business at risk of insolvency. Businesses have also had to contend with not only a growing number of endpoints, but also a rise in the number of types of endpoints. These factors make enterprise endpoint security more difficult on their own, but they’re compounded by remote work and BYOD policies—which make perimeter security increasingly insufficient and create vulnerabilities. The threat landscape is becoming more complicated, too: Hackers are always coming up with new ways to gain access, steal information or manipulate employees into giving out sensitive information. Add in the opportunity cost of reallocating resources from business goals to addressing threats, the reputational cost of a large-scale breach, and the actual financial cost of compliance violations, and it’s easy to see why endpoint protection platforms have become regarded as must-haves in terms of securing modern enterprises.

What’s considered an endpoint?

Endpoints can range from the more commonly thought of devices such as:

Laptops
Tablets
Mobile devices
Smart watches
Printers
Servers
ATM machines
Medical devices

If a device is connected to a network, it is considered an endpoint. With the growing popularity of BYOD (bring your own device) and IoT (Internet of Things), the number of individual devices connected to an organization’s network can quickly reach into the tens (and hundreds) of thousands.

Because they are entry points for threats and malware, endpoints (especially mobile and remote devices) are a favorite target of adversaries. Mobile endpoint devices have become much more than just Android devices and iPhones—think of the latest wearable watches, smart devices, voice-controlled digital assistants, and other IoT-enabled smart devices. We now have network-connected sensors in our cars, airplanes, hospitals, and even on the drills of oil rigs. As the different types of endpoints have evolved and expanded, the security solutions that protect them have also had to adapt.

The latest SANS endpoint security survey highlights the importance of implementing a comprehensive endpoint protection solution. Some of the key findings from this survey include:

28% of respondents reported that their endpoints had been breached.
A variety of threat vectors were used, including web drive-by (52%), social engineering/phishing (58%), and/or credential theft/compromise (49%).
Only 39% of attacks were detected by traditional antivirus.
Another 39% of compromises were detected by SIEM alerts.