What is Endpoint Security? Data Protection 101



Endpoint security defined in Data Protection 101, our series on the fundamentals of information security, data loss prevention, and more.

A Definition of Endpoint Security

Endpoint security is the process of securing the various endpoints on a network, often defined as end-user devices such as mobile devices, laptops, and desktop PCs, although hardware such as servers in a data center are also considered endpoints. Precise definitions vary among thought leaders in the security space, but essentially, endpoint security addresses the risks presented by devices connecting to an enterprise network.

Endpoint Security is Increasingly Important

Any device, such as a smartphone, tablet, or laptop, provides an entry point for threats. Endpoint security aims to adequately secure every endpoint connecting to a network to block access attempts and other risky activity at these points of entry. As more enterprises adopt practices such as BYOD (Bring Your Own Device) and remote/mobile employees, the enterprise network security perimeter has essentially dissolved.

The need for effective endpoint security measures has increased substantially, particularly in light of the rise in mobile threats. With employees relying on mobile devices and home computers and laptops to connect to company networks and conduct business, a centralized security solution is no longer adequate for today’s ever-shifting and undefinable security perimeter. Endpoint security supplements centralized security measures with additional protection at the point of entry for many attacks as well as the point of egress for sensitive data.

By requiring endpoint devices to meet security standards prior to being granted network access, enterprises can maintain greater control over the ever-growing number of access points and more effectively block threats and access attempts prior to entry. Beyond  simply controlling access, endpoint security tools also provide capabilities such as monitoring for and blocking risky or malicious activities. 

Differentiating Endpoint Security from Anti-Virus Software

What differentiates endpoint security from the well-known anti-virus software is that within the endpoint security framework, endpoints bear some or all responsibility for their own security. This is in contrast to network security, in which security measures encompass the network as a whole rather than individual devices and servers.

Endpoint security products may contain features and functionality such as:

  • Data loss prevention
  • Insider threat protection
  • Disk, endpoint, and email encryption
  • Application whitelisting or control
  • Network access control
  • Data classification
  • Endpoint detection and response
  • Privileged user control

Endpoint security isn’t solely conducted from devices, however. Typical endpoint security solutions provide a two-pronged approach, with security software installed on a central server or management console along with software installed on individual devices.

Still, some simpler forms of security fall under the endpoint security umbrella by some definitions. For instance, anti-virus software and personal firewalls could be described as simple forms of endpoint security, according to TechTarget. That said, modern endpoint security definitions generally describe more advanced methodologies, encompassing intrusion detection and behavior-blocking elements that identify and block threatening actions and behaviors, either by end users or intruders.

How Endpoint Security Differs for Consumers and Enterprises

Endpoint security is available both for consumers and for enterprise networks, with some key differences in configuration, according to TechRepublic. For consumers, there’s no centralized management and administration, signature and application updates are received from the developer’s control servers, delivered over the Internet. The security applications are configured on each individual computer or endpoint, and individual alert and log entries are available on respective endpoints.

In the enterprise endpoint security model, centralized administration always exists. A single sign-on interface streamlines the configuration of endpoint security software on individual endpoint devices, and log entries and alerts are sent to the central administration server for evaluation and analysis. Signature and application updates are downloaded once, and the central server pushes updates out to endpoints configured within the network. This enables the setup and enforcement of a network-wide usage policy.

Endpoint Encryption and Application Control are Critical Components of Endpoint Security

Two key components of an effective endpoint security solution, endpoint encryption and application control are essential layers of endpoint security that prevent issues such as data leaks occurring intentionally or unintentionally through the copying or transfer of data to removable media devices. Endpoint encryption fully encrypts your enterprise data on endpoints, including laptops, mobile devices, and other endpoints, as well as in individual folders, files, and removable storage devices like CDs and USB drives.

Application control prevents the execution of unauthorized applications on endpoints, a core component of comprehensive endpoint security measures. Application control solves the challenge of employees downloading unauthorized or dangerous applications on mobile devices, which could create network vulnerabilities and lead to unauthorized access.

Nate Lord

ANALYST REPORTS

Gartner 2017 Magic Quadrant for Enterprise Data Loss Prevention (DLP)