Endpoint security

Last updated

Endpoint security or endpoint protection is an approach to the protection of computer networks that are remotely bridged to client devices. The connection of endpoint devices such as laptops, tablets, mobile phones, and other wireless devices to corporate networks creates attack paths for security threats. [1] Endpoint security attempts to ensure that such devices follow compliance to standards. [2]

Contents

The endpoint security space has evolved since the 2010s away from limited antivirus software and into more advanced, comprehensive defenses. This includes next-generation antivirus, threat detection, investigation, and response, device management, data loss prevention (DLP), patch management, and other considerations to face evolving threats.

Corporate network security

Endpoint security management is a software approach that helps to identify and manage the users' computer and data access over a corporate network. [3] This allows the network administrator to restrict the use of sensitive data as well as certain website access to specific users, to maintain, and comply with the organization's policies and standards. The components involved in aligning the endpoint security management systems include a virtual private network (VPN) client, an operating system and an updated endpoint agent. [4] Computer devices that are not in compliance with the organization's policy are provisioned with limited access to a virtual LAN. [5] Encrypting data on endpoints, and removable storage devices help to protect against data leaks. [6]

Client and server model

Endpoint security systems operate on a client-server model, with the security program controlled by a centrally managed host server pinned[ clarification needed ] with a client program that is installed on all the network drives.[ citation needed ] [7] There is another model called software as a service (SaaS), where the security programs and the host server are maintained remotely by the merchant. In the payment card industry, the contribution from both the delivery models is that the server program verifies and authenticates the user login credentials and performs a device scan to check if it complies with designated corporate security standards prior to permitting network access. [8]

In addition to protecting an organization's endpoints from potential threats, endpoint security allows IT admins to monitor operation functions and data backup strategies. [9]

Attack vectors

Endpoint security is a constantly evolving field, primarily because adversaries never cease innovating their strategies. A foundational step in fortifying defenses is to grasp the myriad pathways adversaries exploit to compromise endpoint devices. Here are a few of the most used methods:

Components of endpoint protection

The protection of endpoint devices has become more crucial than ever. Understanding the different components that contribute to endpoint protection is essential for developing a robust defense strategy. Here are the key elements integral to securing endpoints:

Methods for use

Endpoint protection platforms

An endpoint protection platform (EPP) is a solution deployed on endpoint devices to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts. [13] Several vendors produce systems converging EPP systems with endpoint detection and response (EDR) platforms – systems focused on threat detection, response, and unified monitoring. [14]

See also

Related Research Articles

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. The term rootkit is a compound of "root" and the word "kit". The term "rootkit" has negative connotations through its association with malware.

<span class="mw-page-title-main">Antivirus software</span> Computer software to defend against malicious computer viruses

Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

<span class="mw-page-title-main">ESET</span> Slovak internet security company

ESET, s.r.o., is a software company specializing in cybersecurity. ESET's security products are made in Europe and provides security software in over 200 countries and territories worldwide. Its software is localized into more than 30 languages.

<span class="mw-page-title-main">Microsoft Defender Antivirus</span> Anti-malware software

Microsoft Defender Antivirus is an antivirus software component of Microsoft Windows. It was first released as a downloadable free anti-spyware program for Windows XP and was shipped with Windows Vista and Windows 7. It has evolved into a full antivirus program, replacing Microsoft Security Essentials in Windows 8 or later versions.

Defensive computing is a form of practice for computer users to help reduce the risk of computing problems, by avoiding dangerous computing practices. The primary goal of this method of computing is to be able to anticipate and prepare for potentially problematic situations prior to their occurrence, despite any adverse conditions of a computer system or any mistakes made by other users. This can be achieved through adherence to a variety of general guidelines, as well as the practice of specific computing techniques.

Webroot Inc. is an American privately-held cybersecurity software company that provides Internet security for consumers and businesses. The company was founded in Boulder, Colorado, US, and is now headquartered in Broomfield, Colorado, and has US operations in San Mateo and San Diego, and globally in Australia, Austria, Ireland, Japan and the United Kingdom.

Data loss prevention (DLP) software detects potential data breaches/data exfiltration transmissions and prevents them by monitoring, detecting and blocking sensitive data while in use, in motion, and at rest.

<span class="mw-page-title-main">Symantec Endpoint Protection</span> Computer security software

Symantec Endpoint Protection, developed by Broadcom Inc., is a security software suite that consists of anti-malware, intrusion prevention and firewall features for server and desktop computers.

Computer security software or cybersecurity software is any computer program designed to influence information security. This is often taken in the context of defending computer systems or data, yet can incorporate programs designed specifically for subverting computer systems due to their significant overlap, and the adage that the best defense is a good offense.

<span class="mw-page-title-main">Comodo Internet Security</span> Internet security software suite

Comodo Internet Security (CIS) is developed and distributed by Comodo Group, a freemium Internet security suite that includes an antivirus program, personal firewall, sandbox, host-based intrusion prevention system (HIPS) and website filtering.

Trusteer is a Boston-based computer security division of IBM, responsible for a suite of security software. Founded by Mickey Boodaei and Rakesh K. Loonkar, in Israel in 2006, Trusteer was acquired in September 2013 by IBM for $1 billion.

Messaging Security is a program that provides protection for companies' messaging infrastructure. The programs includes IP reputation-based anti-spam, pattern-based anti-spam, administrator defined block/allow lists, mail antivirus, zero-hour malware detection and email intrusion prevention.

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

<span class="mw-page-title-main">Trend Micro Internet Security</span> Antivirus and online security software

Trend Micro Internet Security is an antivirus and online security program developed by Trend Micro for the consumer market. According to NSS Lab comparative analysis of software products for this market in 2014, Trend Micro Internet Security was fastest in responding to new internet threats, but as of June 2024 based on the chat support there is no known mechanism as with Microsoft Defender Antivirus to submit false positives like "Incorrectly detected as malware/malicious" or "Incorrectly detected as PUA " which may point to cutting corners and be the cause of application mislabeling e.g. as ransomware, while the mechanism for detecting real threats is not specified.

Lastline, Inc. is an American cyber security company and breach detection platform provider based in Redwood City, California. The company offers network-based security breach detection and other security services that combat malware used by advanced persistent threat (APT) groups for businesses, government organizations and other security service providers. Lastline has offices in North America, Europe, and Asia.

Cyber threat hunting is a proactive cyber defence activity. It is "the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions." This is in contrast to traditional threat management measures, such as firewalls, intrusion detection systems (IDS), malware sandbox and SIEM systems, which typically involve an investigation of evidence-based data after there has been a warning of a potential threat.

WatchGuard, formally known as WatchGuard Technologies, Inc, is an American technology company based in Seattle, Washington. It specializes in network security solutions aimed at safeguarding computer networks from external threats such as malware and ransomware.

Endpoint detection and response (EDR), also known as endpoint threat detection and response (ETDR), is a cybersecurity technology that continually monitors an "endpoint" to mitigate malicious cyber threats.

Extended detection and response (XDR) is a cybersecurity technology that monitors and mitigates cyber security threats.

References

  1. "Endpoint Security (Definitions)". TechTarget . Retrieved January 14, 2024.
  2. Beal, V. (December 17, 2021). "Endpoint Security". Webopedia. Retrieved January 14, 2024.
  3. "What Is Endpoint Security and Why Is It Important?". Palo Alto Networks. Retrieved January 14, 2024.
  4. "USG Information Technology Handbook - Section 5.8" (PDF). University System of Georgia. January 30, 2023. pp. 68–72. Retrieved January 14, 2024.
  5. Endpoint security and compliance management design guide. Redbooks. October 7, 2015. ISBN   978-0-321-43695-5.
  6. "What is Endpoint Security?". Forcepoint. August 9, 2018. Retrieved August 14, 2019.
  7. "Client-server security". Exforsys. July 20, 2007. Retrieved January 14, 2024.
  8. "PCI and Data Security Standard" (PDF). October 7, 2015.
  9. "12 essential features of advanced endpoint security tools". SearchSecurity. Retrieved August 14, 2019.
  10. Feroz, Mohammed Nazim; Mengel, Susan (2015). Phishing URL Detection Using URL Ranking. pp. 635–638. doi:10.1109/BigDataCongress.2015.97. ISBN   978-1-4673-7278-7 . Retrieved January 8, 2024.{{cite book}}: |website= ignored (help)
  11. International Conference on Nascent Technologies in Engineering (ICNTE). Vashi, India. 2017. pp. 1–6. doi:10.1109/ICNTE.2017.7947885 . Retrieved January 8, 2024.
  12. Majumdar, Partha; Tripathi, Shayava; Annamalai, Balaji; Jagadeesan, Senthil; Khedar, Ranveer (2023). Detecting Malware Using Machine Learning. Taylor & Francis. pp. 37–104. doi:10.1201/9781003426134-5. ISBN   9781003426134 . Retrieved January 8, 2024.
  13. "Definition of Endpoint Protection Platform". Gartner. Retrieved September 2, 2021.
  14. Gartner (August 20, 2019). "Magic Quadrant for Endpoint Protection Platforms" . Retrieved November 22, 2019.