What is Endpoint Security? What is an Endpoint?

A hand motions to press a cell phone. A glowing lock icon floats above them

What is endpoint security, and why is it important for your company? This article will answer common questions about protecting endpoints and provide insights into endpoint security’s role in safeguarding sensitive data against malicious attackers as part of a multi-layered defense strategy.

What is the definition of endpoint security?

Endpoint security is the practice of protecting endpoint devices against a variety of cybersecurity threats. The intention of endpoint security is to safeguard sensitive data and networks against malicious attacks from threat actors such as black hat (malicious) hackers, hacktivists, state-sponsored actors, cybercriminals, and insider threats.

This is accomplished in part by improving the security of endpoint devices, though other elements of security such as network security, physical security, and cloud security also play a part in protecting sensitive data.

For more definitions related to endpoint security, check out this glossary from Solutions Review.

What is considered an endpoint device?

Traditionally, an endpoint device was any device that was literally at the end of a physical network such as modems, switches, bridges, workstations, and hubs. In modern times the addition of new devices and the widespread use of cloud architecture has expanded what we consider to be an endpoint to include any device that operates outside of the corporate firewall.

Examples of endpoint devices:

Internet-of-Things (IoT) devices and smart devices such as watches, fitness trackers, and sensors
Industrial Internet-of-Things (IIoT) systems such as Supervisory Control and Data Acquisition systems (SCADA) and Programmable Logic Controllers (PLC)
Mobile devices such as laptops, tablets and smartphones
Networking hardware such as modems, switches, bridges, servers and hubs
Output devices such as printers
Automated Teller Machines (ATM)
Self-driving vehicles
Medical devices
Mobile kiosks

This list is far from comprehensive; as technology continues to advance we will see more and more devices becoming interconnected and contributing to the ever-growing list of devices.

Why is endpoint security important?

A photo of a computer screen. The cursor is pointing to the word "security" — Photo by Pixabay from Pexels

Endpoint devices have a direct connection to the corporate network. Without critical security controls in place these devices can become compromised and provide attackers with the means to further infiltrate the network. Endpoint security hardens devices against exploits as part of a multi-layered data loss prevention and cybersecurity strategy.

As with the self-driving vehicles example, devices that we would not normally consider to be endpoints are now meeting the criteria. As more devices are equipped with network connectivity endpoint security will become a relevant factor for ensuring the safety of these devices as well. Without sufficient security measures in place these devices can pose a threat to the people and organizations that use them.

Endpoint protection software and security solutions

As with any other robust cybersecurity strategy, the protection of endpoints revolves around a layered security approach that protects the devices from multiple attack vectors. To better illustrate the elements behind this, it helps to understand the types of endpoint security software and strategies that are used to secure these devices.

Device protection

This element focuses on directly protecting the device itself. The tools used to protect devices include antivirus and antimalware software as well as physical security controls to prevent devices from being lost or stolen.

Web security

A web filter improves endpoint security by protecting endpoint devices from malicious websites on the internet. These protections are achieved by either whitelisting pre-approved websites and blocking access to all other sites or through a blacklisting approach where the majority of the web is accessible with a few exceptions that are added to a blacklist (block list).

Application controls

BrowseControl blocked application list with a number of applications being blocked. — *A screenshot from BrowseControl’s application blocker*

Application controls monitor and manage the level of access that applications have to endpoints as well as the access that users have to these applications. This improves the security of an endpoint by protecting it against applications with exploitable vulnerabilities. For more information about common application vulnerabilities, check out this article from Veracode.

Network security

While network security is considered a separate layer of security, the interconnectivity between endpoints and the network means that a successful endpoint security strategy includes protections for the network the devices will be connected to.

Network security is achieved through tools such as firewalls that inspect and filter incoming traffic to detect malicious data packets and network access control (NAC) tools that enforce policies that prevent users from accessing resources without authorization and meeting security compliance standards.

Data loss prevention (DLP)

A screenshot of AccessPatrol's email alerts screen — A screenshot of AccessPatrol’s email alerts screen.

Endpoint data loss prevention solutions such as DLP software enhance security by providing controls over how data is transmitted through endpoint devices. These security tools will often include features for monitoring activities on endpoint devices to detect high-risk and unauthorized activities.

Data loss prevention can include solutions that prevent confidential information from being transmitted outside of the network and USB access control software that prevents users from connecting unauthorized USB devices to endpoints.

Removable Media
Policy Template

Set data security standards for portable storage
Define the acceptable use of removable media
Inform your users about their security responsibilities

Get started today—Download the FREE template and customize it to fit the needs of your organization.

Get the FREE Template

Administrative security

A businessman hands a piece of paper and a pen to their employee to sign — Photo by Andrea Piacquadio from Pexels

Administrative security protects endpoint devices through policies that dictate the acceptable use of technology in the workplace.

This can include:

Data handling protocols that dictate how data must be stored, shared, and transmitted
Acceptable use policies (AUP) that address undesirable behavior that may put endpoints at risk such as high-risk web surfing, downloading programs, and neglecting to lock down workstations when not in use.
Policies surrounding the organization’s guidelines on use of personal devices in the workplace (Bring Your Own Device/BYOD)
Password management expectations including how passwords are stored, complexity requirements, and best practices for keeping passwords secret.
Cybersecurity training for employees that educates them on their security responsibilities, common exploits, and best practices for improving cybersecurity at the user level.

Free eBook:
5 Common Cybersecurity Threats in 2020

Learn cost-effective solutions to protect your business
against cybersecurity threats in 2020

Get the FREE ebook now

Examples of endpoint protection software

Endpoint Detection and Response (EDR)

Endpoint Detection and Response (EDR) software is used to detect more advanced threats. These tools continuously monitor endpoint devices and network activity for anomalous behavior that could be an indicator of compromise (IOC).

These tools help protect devices against:

Fileless Malware: Malicious software that does not require the launch of an executable file to infect devices. These attacks use legitimate tools that are built into the computer’s operating system to execute the attack. This includes macros executed through Microsoft Office products as well as malicious PowerShell scripts.
Zero-day Exploits: Vulnerabilities that have not yet been discovered and patched by the manufacturers of the product that is being exploited.
Polymorphic Malware: Malicious software that uses machine learning (ML) and artificial intelligence (AI) to alter its code in order to evade detection from traditional signature-based antivirus and antimalware solutions

EDR tools complement prevention-based tools as part of a layered security approach. Should the threat not be detected by the first line of defense the EDR platform provides another opportunity for an attack to be mitigated. Once the EDR tool detects potentially malicious behavior it will send an alert to a designated cybersecurity expert for validation.

USB access control

A screenshot from AccessPatrol, CurrentWare's endpoint protection software — A screenshot of the devices that can be blocked with AccessPatrol

These endpoint security solutions provide software-based enforcement for USB security policies. Companies will use USB restriction software to protect endpoint devices by preventing users from connecting unauthorized USB devices.

Use cases for USB restriction:

Prevent USB devices being used to maliciously or accidentally transmit malware
Stop employees from using unauthorized personal devices on company devices
Mitigate data theft through data transfer hardware such as flash drives and external hard drives
Provide greater control over data flow in the organization by preventing employees from using USBs to bypass existing data channels

CurrentWare’s AccessPatrol is an example of USB access control software used by companies of all sizes to protect endpoints and sensitive data against peripheral devices.

In addition to disabling USB ports, AccessPatrol protects endpoints and data by:

Monitoring endpoint activity and generating reports of device usage and file operations for review by corporate IT security personnel.
Blocking external devices such as mobile phones, optical media, memory cards, printers, and bluetooth connections.
Prevent illicit data transfers by blocking sensitive file types from being copied to removable media devices.

Next-generation antivirus and antimalware (NGAV)

Traditional antivirus and antimalware software secure endpoints by identifying software that is known to be malicious using signatures. As the threat landscape continues to evolve and the amount of malicious software grows exponentially these solutions evolved into what is now known as Next-Generation Antivirus (NGAV).

There is no standard definition of what qualifies as an NGAV, though there are some common traits such as added capabilities with machine learning, artificial intelligence, and data analytics technologies. Rather than focusing solely on a specific signature, NGAVs gather threat intelligence by studying the behavior of software. Patterns that indicate that the software is malicious in nature will cause the NGAV to quarantine the malware and alert administrators for investigation.

Mobile device management

A person in a coffee shop. They are using their phone and laptop

Mobile devices such as laptops, tablets, smart phones, and wearables introduce added vulnerabilities due to their portability and wireless connectivity. Mobile device management (MDM) and enterprise mobility management (EMM) tools are often used to increase the security of mobile devices by providing added monitoring and management capabilities.

How MDM tools protect mobile endpoints:

GPS Location: MDMs help locate lost or stolen devices by transmitting GPS coordinates to a dedicated console. This is particularly useful for employees that often work while travelling as they are at a higher risk of having their mobile devices stolen.
Data Wiping: An MDM can remotely delete sensitive data to prevent a data breach caused by a lost or stolen device. They will often have the ability to delete sensitive data while leaving non-sensitive data untouched, making them valuable for companies that allow employees to use personal devices as part of a BYOD policy.
Mobile Threat Containment: When suspicious files are detected on the mobile device, the MDM can contain them in a virtual machine to restrict the damage that they can cause to the device. Once the suspected file is determined to be safe it can then be readily accessed on the device.

Conclusion

The concept of endpoint security encompasses a wide variety of tools and procedures that are designed to protect devices that are on the outer perimeter of the network. With the widespread adoption of cloud computing and the proliferation of devices with enhanced connectivity what constitutes an endpoint is rapidly changing. The methods of endpoint security will continue to evolve alongside new technology and the growing threat landscape that accompanies them.

Dale Strickland

Dale Strickland is the Digital Marketing Manager for CurrentWare, a global provider of user activity monitoring, web filtering, and device control software. Dale’s diverse multimedia background allows him the opportunity to produce a variety of content for CurrentWare including blogs, infographics, videos, eBooks, and social media shareables.

Cookie	Duration	Description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
LS_CSRF_TOKEN	session	Cloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed.
OptanonConsent	1 year	OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_zcsr_tmp	session	Zoho sets this cookie for the login function on the website.

Cookie	Duration	Description
_calendly_session	21 days	Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar.
_gaexp	2 months 11 days 7 hours 3 minutes	Google Analytics installs this cookie to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_GY6RPLBZG0	2 years	This cookie is installed by Google Analytics.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
_opt_expid	past	Set by Google Analytics, this cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_dc_gtm_UA-6494714-6	1 minute	No description
_gaexp_rc	past	No description available.
34f6831605	session	No description
383aeadb58	session	No description available.
663a60c55d	session	No description available.
6e4b8efee4	session	No description available.
c72887300d	session	No description available.
cookielawinfo-checkbox-tracking	1 year	No description
crmcsr	session	No description available.
currentware-_zldp	2 years	No description
currentware-_zldt	1 day	No description
et_pb_ab_view_page_26104	session	No description
gaclientid	1 month	No description
gclid	1 month	No description
handl_ip	1 month	No description available.
handl_landing_page	1 month	No description available.
handl_original_ref	1 month	No description available.
handl_ref	1 month	No description available.
handl_ref_domain	1 month	No description
handl_url	1 month	No description available.
handl_url_base	1 month	No description
handlID	1 month	No description
HandLtestDomainName	session	No description
HandLtestDomainNameServer	1 day	No description
isiframeenabled	1 day	No description available.
m	2 years	No description available.
nitroCachedPage	session	No description
organic_source	1 month	No description
organic_source_str	1 month	No description
traffic_source	1 month	No description available.
uesign	1 month	No description
user_agent	1 month	No description available.
ZCAMPAIGN_CSRF_TOKEN	session	No description available.
zld685336000000002056state	5 minutes	No description