What is an endpoint?
An endpoint device is a computer, mobile or stationary, that uses a TCP/IP network to communicate with the internet. An endpoint device can be:
- Laptops
- Desktop computers
- Mobile phones
- POS devices
- Internet of Things (IoT) devices, such as: Actuators, sensors (thermostats), security cameras, refrigerators, medical devices, smart meters, etc.
What is Endpoint Security?
Endpoint security is the practice of providing protection for endpoints or entry points of end-user devices that is part of a network, whether on premise or in the cloud, from infection and exploitation by sophisticated malware, ever evolving zero-day threats or advanced persistent threats(APTs).
Because endpoints are vulnerable points of entry for exploits and malware, they are primary targets of malicious actors. As such, endpoint security is often viewed as an organization’s frontline of defense against hackers, intentional and accidental insider threats and usually is of primary concern when securing an organization’s network.
Hackers are always devising new methods of breaching an organization’s security, tricking employees into providing access to personally identifiable information (PII) and the organization’s proprietary data that is then stolen and usually used for illegal purposes.
As a result endpoint security has evolved from traditional antivirus software to more sophisticated next-generation platforms employing advanced technology, such as AI, that provide more effective endpoint detection and response solutions.
Artificial Intelligence (AI) within endpoint security
Artificial Intelligence (AI) within endpoint security is advanced technology that combined with machine learning is able to detect threats in real-time and provide effective protection for endpoints.
AI threat intelligence solutions gather data from sources such as social media and open-source security databases. Using machine learning algorithms it learns to recognize patterns and predict potential threats by analyzing past and present data. AI threat intelligence solutions enables the EDR to quickly identify zero-day threats because the collection of data and resulting communications are performed in real-time and is shared immediately with providers of security tools that guard against emerging threats.
Antivirus vs. Endpoint protection
Traditional Antivirus (AV) software is installed on endpoint devices such as desktops, laptops, tablets, smart-phones etc. It routinely scans files and emails on the endpoint devices for malware in the form of virus payloads. If an anomaly is detected a comparison is performed using its virus signature and definitions database to determine if executable malicious codes exist within the virus payloads . If a match is found, the antivirus software quarantines or blocks the infected files.
Today’s Endpoint Detection and Response (EDR) solutions, incorporates Antivirus capabilities in combination with firewall functions, anti-malware, Virtual Private Network (VPN) that offer data encryption and Data Loss Prevention (DLP) technologies. Some EDR also comes equipped with a dashboard that provides logging and alerting capabilities for an enhanced view of the endpoint security landscape in real-time.
What is Malware
Malware, or malicious software, is a general description of any type of computer software with malicious intent. Malware infection is the leading cause of security breaches, often leading to ransomware attacks, theft or destruction of data that usually results in lost revenue and in some cases damage to the organization’s reputation or brand.
Traditional antivirus software does not offer a defense against malware, ransomware or spyware. However, most next generation Antivirus (NGAV) solutions include additional security features such as malware and ransomware protection.