researchHQ’s Key Takeaways:
- Endpoint security protects an organisation’s endpoints, the devices connecting its internal network to a broader network, and the network perimeter on which they sit.
- Securing endpoints involves detecting and protecting against threats such as data loss, phishing, vulnerabilities and malware.
- As networks have become larger and more complex, endpoint security has evolved, incorporating AI and machine learning to protect big data programs which rely on the cloud.
- Endpoint protection platforms (EPPs) centralise security tools and controls to protect against traditional and modern threats.
- Key endpoint protection capabilities include proactive pre-attack measures, threat detection, attack prevention and response/remediation.
Endpoint attacks are one of the primary reasons for data loss, exfiltration, or theft. You can foil these attacks with the help of endpoint security practices and tools, which leverage technologies like next-generation antivirus, endpoint detection and response (EDR), and threat intelligence.
This article covers everything you need to know about endpoint security—what it is, what types of endpoint threats can be protected with endpoint security tools, and what technologies you need to secure your endpoints.
In this article, you will learn:
- What is endpoint security
- Types of endpoint threats
- The evolution of endpoint security
- What is an EPP platform
- Features of endpoint security tools
What Is Endpoint Security?
Endpoint security is a strategy designed to protect your network perimeter and the endpoints located on that perimeter. An endpoint is any device that connects your network to a wider network, such as the Internet. For example, laptops, workstations, smartphones, servers, or Internet of things (IoT) sensors, are all endpoints connected to networks.
Endpoints are effectively gateways into your system. This makes endpoints useful targets for attacks and cybercriminals. Endpoint security aims to stop these attackers from breaching your perimeter and gaining access to your systems and data. When the exterior of your network is protected, you significantly reduce the harms that can be caused by an attack.
Types of Endpoint Threats
There are many types of endpoint threats that you need to be aware of and protect yourself from.
Data is a highly valuable asset to modern business and its loss is a significant threat. Endpoints are a risk for data loss in two ways. One, attackers can use endpoints to access data stores within your system. Any data stolen can be passed through this same compromised endpoint. Two, endpoint devices often contain local data that can be valuable. For example, a payment terminal might contain a cache of the most recent transactions.
Phishing is a tactic criminals use to gain sensitive information, such as financial information, ID information, or credentials. This is typically done in the form of emails that appear to come from legitimate sources. In these emails, criminals ask users to log in to seemingly real user portals, to confirm details, or to click on tampered links.
Many users are familiar with these tactics but many still fall for phishing. This is especially true since criminals have started using social engineering to appear more believable. Social engineering uses information gained from social media and other Internet sources to appear more realistic. To learn more, check out our guide about social engineering prevention.
Unpatched vulnerabilities provide an opportunity for attackers to exploit weaknesses in your system. This is particularly true if the vulnerability is publicly known and older. Most of these vulnerabilities you should be able to patch immediately or at least soon after a patch is made available.
One exception to this is vulnerabilities on user devices. Many organizations have implemented a bring your own device (BYOD) policy. These devices can be difficult for security teams to monitor and are likely to contain out-of-date components. Attackers can use these components to attack devices and gain access to sensitive data or to your systems via saved credentials.
Malware infection is a method commonly used by attackers. To infect a system, attackers may manually inject malware, send infected files through email, or embed files in ‘legitimate’ downloads. Frequently, users unknowingly download malware and install it for attackers.
To prevent malware infections, you need to be filtering user access and permissions. For example, you can set administrative controls restricting downloads. If you do not limit your chance for malware infection, you open your systems up to data mining, resource abuse, and ransomware.
The Evolution of Endpoint Security
Endpoint security has evolved as systems have become larger and more complex. Below are some highlights of the evolution of endpoint security.
- 1971, computer worms and hunters—worms, originating with Creeper, were developed by computer researchers Bob Thomas and Ray Tomlinson. Tomlinson then created a program, called Reaper, to catch and delete this worm. Reaper thus became a prototype for antivirus (AV) software.
- 1980s, beginning of the AV industry—after the first worm was developed, many developers began experimenting with malware and AV programs. These programs were developed to help organizations protect their networks from hackers. Programs were largely effective until Internet connectivity began to increase. Before the Internet, networks were largely self-contained, with limited attack opportunities.
- 2000, legacy AV is no longer enough—by this time, most organizations had some level of Internet connectivity in their systems. This created many new opportunities and potential gateways for attackers, particularly since many older employees were unfamiliar with Internet security practices. The need for advanced AV was further highlighted as cloud computing was developed and began to be publicly available.
- 2010s, rise of EPPs and EDR—by 2010, an increasing number of organizations were adopting cloud services, causing networks to rapidly expand. This created a demand for security solutions that could protect and monitor expansive networks in a dynamic way. Added to this, cybercriminals continued to modify their attack strategies, continually developing new methods. EPPs and EDR solutions (more about this below) were developed to adapt to these changes and implement proactive security measures.
- 2017, increasing vulnerabilities and lateral movement—from 2017 on, with the exposure of malware such as EternalBlue, threats have expanded significantly. Both security teams and attackers are using tools supported by machine learning and AI to dynamically adapt to new threats or barriers. Additionally, the importance of endpoints and endpoint security has drastically increased as organizations work to implement big data programs, which typically rely on cloud resources.
What Are Endpoint Protection Platforms (EPPs)?
Endpoint protection platforms are tools designed to protect systems from threats. These platforms incorporate a variety of security tooling into centralized controls. EPPs can be used to protect against both traditional malware threats and modern threats such as zero-day vulnerabilities or fileless attacks.