An endpoint is a remote computing device that communicates back and forth with a network to which it is connected. Examples of endpoints include:
- Internet-of-things (IoT) devices
Endpoints represent key vulnerable points of entry for cybercriminals. Endpoints are where attackers execute code and exploit vulnerabilities, as well as where there are assets to be encrypted, exfiltrated or leveraged. With organizational workforces becoming more mobile and users connecting to internal resources from off-premises endpoints all over the world, endpoints are increasingly susceptible to cyberattacks. Objectives for targeting endpoints include, but are not limited to:
- Use an endpoint as an entry and exit point to access high-value assets and information on an organization’s network.
- Access assets on the endpoint to exfiltrate or hold hostage, either for ransom or purely for disruption.
- Take control of the device and use it in a botnet to execute a DoS attack.
Endpoint Security Strategies
For decades, organizations have heavily relied on antivirus as a means to secure endpoints. However, traditional antivirus can no longer protect against today’s sophisticated threats.
Modern endpoint security solutions are less signature-centric and much more behavior-centric, incorporating a broader array of capabilities, such as antivirus, exploit protection, endpoint detection and response (EDR), analytics, and device control. Enterprise endpoint security strategies combine endpoint protection platforms (EPP) and EDR solutions with cloud and network security tools, such as network traffic analysis (NTA), to gain visibility into the growing proportion of network-connected devices that are “unmanaged” (meaning they do not or cannot have endpoint agents installed), such as many IoT devices.
The most powerful and comprehensive endpoint security solutions can gather and correlate all of this data centrally in addition to performing local analysis on individual endpoints.
An advanced endpoint security solution should prevent known and unknown malware and exploits; incorporate automation to alleviate security team workloads, and protect and enable users without impacting system performance.