What is Endpoint Security?

Endpoint security forms part of a broader cybersecurity program that is essential for
all businesses, regardless of size. It has evolved from traditional antivirus software
to comprehensive protection from sophisticated malware and evolving zero-day
threats. But what is it, how does it work, and what do businesses need to know?

What is endpoint security?

Endpoint security, or endpoint protection, refers to securing endpoints — such
as desktops, laptops, and mobile devices — from cybersecurity threats. Endpoints
can create entry points to organizational networks which cybercriminals can exploit.
Endpoint security protects these entry points from malicious attacks.

Why is endpoint security important?

In recent years, the number of endpoints within businesses has increased. This has
been especially the case since the Covid-19 pandemic, which has led to increased
remote working around the world. With more employees working from home
or connecting to public Wi-Fi on the go, enterprise networks now have more
endpoints than ever. And every endpoint can be a potential entry point for attacks.

Businesses of all sizes can be targets for cyberattacks. It is increasingly difficult

to protect from attacks that enter through endpoints, such as laptops or mobile
devices. These devices can be hacked, which in turn can lead to data breaches. It’s
estimated that 70% of successful data breaches originate on endpoint devices.
As well as causing reputational damage, data breaches can be costly: a 2020 report
by Ponemon, commissioned by IBM, found that the average cost globally of a data
breach is $3.86 million (and more in the US). Data is often the most valuable asset
a company has — and losing that data, or access to that data, can put the entire
business at risk.
Not only is the number of endpoints increasing — driven by the rise in remote
working — but businesses also have to contend with an increase in the number
of types of endpoints, thanks to the growth of the Internet of Things.

Businesses need to protect their data and ensure visibility into advanced cyber
threats. But many small and mid-sized businesses lack the resources for continuous
monitoring of network security and customer information and often only consider
protecting their network once a breach has already taken place. Even then,
businesses can focus on their network and infrastructure, leaving some of the most
vulnerable elements — that is, endpoint devices — unprotected.

The risks posed by endpoints and their sensitive data are an ongoing cybersecurity
challenge. Moreover, the endpoint landscape is evolving, and businesses — small,
medium, and large — are targets for cyber attacks. That’s why it’s important
to understand what endpoint security is and how it works.

How does endpoint security work?

The terms endpoint protection, endpoint security, and endpoint protection platforms
are often used interchangeably to refer to centrally managed security solutions
organizations use to protect endpoints. Endpoint security works by examining files,
processes, and systems for suspicious or malicious activity.

Organizations can install an endpoint protection platform — EPP — on devices

to prevent malicious actors from using malware or other tools to infiltrate their
systems. An EPP can be used in conjunction with other detection and monitoring
tools to flag suspicious behavior and prevent breaches before they take place.

Endpoint protection offers a centralized management console to which organizations

can connect their network. The console allows administrators to monitor, investigate
and respond to potential cyber threats. This can either be achieved through an on-
location, cloud, or hybrid approach:

On-location: An on-location or on-premises approach involves a locally-hosted data

center that acts as a hub for the management console. This will reach out to the
endpoints via an agent to provide security. This approach is seen as a legacy model
and has drawbacks — including creating security silos, since administrators can
typically only manage endpoints within their perimeter.
Cloud: This approach enables administrators to monitor and manage endpoints
through a centralized management console in the cloud, which devices connect
to remotely. Cloud solutions use the advantages of the cloud to ensure security
behind the traditional perimeter — removing silos and enhancing administrator
reach.
 Hybrid: A hybrid approach mixes both on-location and cloud solutions. This
approach has increased in prevalence since the pandemic has led to increased
remote working. Organizations have adapted their legacy architecture and adapted
elements of it for the cloud to gain some cloud capabilities.

EPPs that use the cloud to hold a database of threat information free endpoints from
the bloat associated with storing this information locally and the maintenance
required to keep these databases updated. A cloud-based approach is also quicker
and more scalable. Some larger organizations may need on-premises security for
regulatory reasons. For smaller and mid-sized businesses, a cloud-based approach
is probably more suitable.

Endpoint security software usually includes these elements:

 Machine-learning to detect zero-day threats

 An integrated firewall to prevent hostile network attacks
 An email gateway to safeguard against phishing and other social
engineering attempts
 Insider threat protection to guard against threats from within the organization, either
malicious or accidental
 Advanced antivirus and anti-malware protection to detect and remove malware
across endpoint devices and operating systems
 Proactive security to facilitate safe web browsing
 Endpoint, email, and disk encryption to protect against data exfiltration

Ultimately, endpoint security offers a centralized platform for administrators,

improving visibility, simplifying operations, and allowing threats to be quickly isolated.

As well as the acronym EPP, you will also come across the acronym EDR in relation
to endpoint security. EDR stands for ‘endpoint detection and response’. In general,
an endpoint protection platform or EPP is considered passive threat protection,
whereas EDR is more active since it helps investigate and contain breaches that
have already occurred. An EPP will protect each endpoint by isolation, whereas
an EDR will provide context and data for attacks that span multiple endpoints.
Modern endpoint security platforms typically combine both EPP and EDR.
 What is considered an endpoint?
A network endpoint is any device that connects to an organization’s network from
outside its firewall. Examples of endpoint devices include:
 Laptops
 Tablets
 Desktop computers
 Mobile devices
 Internet of Things devices
 Wearables
 Digital printers
 Scanners
 Point of sale (POS) systems
 Medical devices

Essentially, any device which communicates with the central network can
be considered an endpoint.

The threat landscape is becoming more complicated, as hackers generate new ways
to access and steal information or trick employees into disclosing sensitive
information. Given the reputational and financial damage a data breach can cause,
endpoint security is a must-have for businesses of all sizes. Kaspersky offers
a range of endpoint security solutions for businesses,
https://www.kaspersky.com/resource-center/definitions/what-is-endpoint-security