What is endpoint security, and why is it important for your company? This article will answer common questions about protecting endpoints and provide insights into endpoint security’s role in safeguarding sensitive data against malicious attackers as part of a multi-layered defense strategy.
Endpoint security is the practice of protecting endpoint devices against a variety of cybersecurity threats. The intention of endpoint security is to safeguard sensitive data and networks against malicious attacks from threat actors such as black hat (malicious) hackers, hacktivists, state-sponsored actors, cybercriminals, and insider threats.
This is accomplished in part by improving the security of endpoint devices, though other elements of security such as network security, physical security, and cloud security also play a part in protecting sensitive data.
For more definitions related to endpoint security, check out this glossary from Solutions Review.
Traditionally, an endpoint device was any device that was literally at the end of a physical network such as modems, switches, bridges, workstations, and hubs. In modern times the addition of new devices and the widespread use of cloud architecture has expanded what we consider to be an endpoint to include any device that operates outside of the corporate firewall.
Examples of endpoint devices:
This list is far from comprehensive; as technology continues to advance we will see more and more devices becoming interconnected and contributing to the ever-growing list of devices.
Endpoint devices have a direct connection to the corporate network. Without critical security controls in place these devices can become compromised and provide attackers with the means to further infiltrate the network. Endpoint security hardens devices against exploits as part of a multi-layered data loss prevention and cybersecurity strategy.
As with the self-driving vehicles example, devices that we would not normally consider to be endpoints are now meeting the criteria. As more devices are equipped with network connectivity endpoint security will become a relevant factor for ensuring the safety of these devices as well. Without sufficient security measures in place these devices can pose a threat to the people and organizations that use them.
As with any other robust cybersecurity strategy, the protection of endpoints revolves around a layered security approach that protects the devices from multiple attack vectors. To better illustrate the elements behind this, it helps to understand the types of endpoint security software and strategies that are used to secure these devices.
This element focuses on directly protecting the device itself. The tools used to protect devices include antivirus and antimalware software as well as physical security controls to prevent devices from being lost or stolen.
A web filter improves endpoint security by protecting endpoint devices from malicious websites on the internet. These protections are achieved by either whitelisting pre-approved websites and blocking access to all other sites or through a blacklisting approach where the majority of the web is accessible with a few exceptions that are added to a blacklist (block list).
Application controls monitor and manage the level of access that applications have to endpoints as well as the access that users have to these applications. This improves the security of an endpoint by protecting it against applications with exploitable vulnerabilities. For more information about common application vulnerabilities, check out this article from Veracode.
While network security is considered a separate layer of security, the interconnectivity between endpoints and the network means that a successful endpoint security strategy includes protections for the network the devices will be connected to.
Network security is achieved through tools such as firewalls that inspect and filter incoming traffic to detect malicious data packets and network access control (NAC) tools that enforce policies that prevent users from accessing resources without authorization and meeting security compliance standards.
Endpoint data loss prevention solutions such as DLP software enhance security by providing controls over how data is transmitted through endpoint devices. These security tools will often include features for monitoring activities on endpoint devices to detect high-risk and unauthorized activities.
Data loss prevention can include solutions that prevent confidential information from being transmitted outside of the network and USB access control software that prevents users from connecting unauthorized USB devices to endpoints.
Get started today—Download the FREE template and customize it to fit the needs of your organization.
Administrative security protects endpoint devices through policies that dictate the acceptable use of technology in the workplace.
This can include:
Free eBook:
5 Common Cybersecurity Threats in 2020
Learn cost-effective solutions to protect your business
against cybersecurity threats in 2020
Endpoint Detection and Response (EDR) software is used to detect more advanced threats. These tools continuously monitor endpoint devices and network activity for anomalous behavior that could be an indicator of compromise (IOC).
These tools help protect devices against:
EDR tools complement prevention-based tools as part of a layered security approach. Should the threat not be detected by the first line of defense the EDR platform provides another opportunity for an attack to be mitigated. Once the EDR tool detects potentially malicious behavior it will send an alert to a designated cybersecurity expert for validation.
These endpoint security solutions provide software-based enforcement for USB security policies. Companies will use USB restriction software to protect endpoint devices by preventing users from connecting unauthorized USB devices.
Use cases for USB restriction:
CurrentWare’s AccessPatrol is an example of USB access control software used by companies of all sizes to protect endpoints and sensitive data against peripheral devices.
In addition to disabling USB ports, AccessPatrol protects endpoints and data by:
Traditional antivirus and antimalware software secure endpoints by identifying software that is known to be malicious using signatures. As the threat landscape continues to evolve and the amount of malicious software grows exponentially these solutions evolved into what is now known as Next-Generation Antivirus (NGAV).
There is no standard definition of what qualifies as an NGAV, though there are some common traits such as added capabilities with machine learning, artificial intelligence, and data analytics technologies. Rather than focusing solely on a specific signature, NGAVs gather threat intelligence by studying the behavior of software. Patterns that indicate that the software is malicious in nature will cause the NGAV to quarantine the malware and alert administrators for investigation.
Mobile devices such as laptops, tablets, smart phones, and wearables introduce added vulnerabilities due to their portability and wireless connectivity. Mobile device management (MDM) and enterprise mobility management (EMM) tools are often used to increase the security of mobile devices by providing added monitoring and management capabilities.
How MDM tools protect mobile endpoints:
The concept of endpoint security encompasses a wide variety of tools and procedures that are designed to protect devices that are on the outer perimeter of the network. With the widespread adoption of cloud computing and the proliferation of devices with enhanced connectivity what constitutes an endpoint is rapidly changing. The methods of endpoint security will continue to evolve alongside new technology and the growing threat landscape that accompanies them.
Cookie | Duration | Description |
---|---|---|
__cfruid | session | Cloudflare sets this cookie to identify trusted web traffic. |
cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . |
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
JSESSIONID | session | The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application. |
LS_CSRF_TOKEN | session | Cloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed. |
OptanonConsent | 1 year | OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category. |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
__cf_bm | 30 minutes | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
_zcsr_tmp | session | Zoho sets this cookie for the login function on the website. |
Cookie | Duration | Description |
---|---|---|
_calendly_session | 21 days | Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar. |
_gaexp | 2 months 11 days 7 hours 3 minutes | Google Analytics installs this cookie to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in. |
Cookie | Duration | Description |
---|---|---|
_ga | 2 years | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. |
_ga_GY6RPLBZG0 | 2 years | This cookie is installed by Google Analytics. |
_gcl_au | 3 months | Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services. |
_gid | 1 day | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |
CONSENT | 2 years | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. |
Cookie | Duration | Description |
---|---|---|
_opt_expid | past | Set by Google Analytics, this cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected. |
IDE | 1 year 24 days | Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile. |
NID | 6 months | NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads. |
test_cookie | 15 minutes | The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies. |
VISITOR_INFO1_LIVE | 5 months 27 days | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
YSC | session | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. |
yt-remote-connected-devices | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt-remote-device-id | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt.innertube::nextId | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
yt.innertube::requests | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
Cookie | Duration | Description |
---|---|---|
_dc_gtm_UA-6494714-6 | 1 minute | No description |
_gaexp_rc | past | No description available. |
34f6831605 | session | No description |
383aeadb58 | session | No description available. |
663a60c55d | session | No description available. |
6e4b8efee4 | session | No description available. |
c72887300d | session | No description available. |
cookielawinfo-checkbox-tracking | 1 year | No description |
crmcsr | session | No description available. |
currentware-_zldp | 2 years | No description |
currentware-_zldt | 1 day | No description |
et_pb_ab_view_page_26104 | session | No description |
gaclientid | 1 month | No description |
gclid | 1 month | No description |
handl_ip | 1 month | No description available. |
handl_landing_page | 1 month | No description available. |
handl_original_ref | 1 month | No description available. |
handl_ref | 1 month | No description available. |
handl_ref_domain | 1 month | No description |
handl_url | 1 month | No description available. |
handl_url_base | 1 month | No description |
handlID | 1 month | No description |
HandLtestDomainName | session | No description |
HandLtestDomainNameServer | 1 day | No description |
isiframeenabled | 1 day | No description available. |
m | 2 years | No description available. |
nitroCachedPage | session | No description |
organic_source | 1 month | No description |
organic_source_str | 1 month | No description |
traffic_source | 1 month | No description available. |
uesign | 1 month | No description |
user_agent | 1 month | No description available. |
ZCAMPAIGN_CSRF_TOKEN | session | No description available. |
zld685336000000002056state | 5 minutes | No description |