Endpoint protection solutions address endpoint security issues.

They
protect networks connected to individual devices such as computers,
mobile phones, IoT devices, and more. These endpoints provide a point of
entry into corporate networks. With endpoint protection, breaches can be
stopped before the network is compromised.
Why is endpoint protection important?
Endpoint protection prevents attacks by blocking access attempts. As the remote workforce
continues to expand, endpoint protection is critical to securing mobile devices used for work-
from-home activities.

Which endpoints need to be protected? 

Desktops, laptops, mobile phones, IoT devices, and medical devices are common endpoints
that organizations use in their day-to-day activities.  Any device that connects to a corporate
network needs endpoint security.

How does endpoint protection work?

An endpoint protection solution defends devices connected to the network by continually
searching for malicious activity—both files and fileless—in real time and retrospectively. As
advanced threats increasingly target endpoints, endpoint protection solutions are more
important than ever. Endpoint protection solutions take a cloud-based approach, instantly
accessing the latest threat intelligence without requiring manual updates from security
admins, which helps enable faster responses.

What is driving the need for endpoint protection?

Data is valuable—and organizations need to protect that information from being accessed or
stolen. Pair that with increased remote work and more individual devices on organizations'
networks, and the result is a rapidly expanding attack surface. Continuous monitoring is
necessary to safeguard networks against a more diverse and sophisticated threat landscape.  

Types of endpoint protection

Endpoint protection platform (EPP)
An EPP prevents attacks by finding malicious activity using multiple engines such as
machine learning (ML) and behavioral protection. Using algorithms, ML identifies patterns
to create a system baseline and detect suspicious files and activity. Behavioral protection
detects patterns and provides system alerts when a deviation is identified.

Endpoint detection and response (EDR)

EDR is another layer of defense against advanced malware. Its job is to quickly and
continuously monitor and analyze data to help eliminate threats. EDR uses multiple tactics
and may include tools such as sandboxing to allow questionable files to be opened in a safe
environment. In this space, a suspicious file can be opened and monitored for malicious
activity without risk to the system. EDR also encompasses threat hunting, which proactively
sifts through networks to find threats that have breached defenses.
Extended detection and response (XDR)
XDR collects and correlates data across email, endpoints, servers, cloud workloads, and
networks. This provides visibility and context into advanced threats. Threats can then be
analyzed, prioritized, hunted, and remediated to prevent data loss and security breaches.

Network access control (NAC)

The purpose of NAC is to secure network nodes by being selective with the devices that are
allowed to access the network. It also limits what users can access and do once on the
network.