Data Security Knowledge Base
What is Endpoint Protection?
Welcome to Data Protection 101, our new series on the fundamentals of data protection and information security. Our first installment covers endpoint protection, an integral component of a comprehensive security program.
A Definition of Endpoint Protection
Endpoint protection is a term often used interchangeably with endpoint security. Endpoint protection is often used to describe security solutions that address endpoint security issues, securing and protecting endpoints against zero-day exploits, attacks, and inadvertent data leakage resulting from human error.
Targeted attacks and advanced persistent threats can’t be prevented through anti-virus solutions alone, making endpoint protection a necessary component of full-spectrum security solutions capable of securing data for the world’s leading enterprises. Endpoint protection solutions provide centrally managed security solutions that protect endpoints such as servers, workstations, and mobile devices used to connect to enterprise networks.
Endpoint Protection Platforms Gain Traction for Enterprise Security
Gartner defines an Endpoint Protection Platform (EPP) as “a solution that converges endpoint device security functionality into a single product that delivers antivirus, anti-spyware, personal firewall, application control and other styles of host intrusion prevention (for example, behavioral blocking) capabilities into a single and cohesive solution.”
The most comprehensive Endpoint Protection Platforms integrate with other security measures such as vulnerability, patch, and configuration management capabilities, resulting in more proactive protection, widely considered the gold standard above the reactive security solutions of the past. Endpoint Protection Platforms go beyond merely preventing malware attacks, with data protection capabilities like disk and file encryption, data loss prevention, and even device control for the most comprehensive endpoint protection possible.
How Endpoint Protection Works
As BYOD (Bring Your Own Device) programs are becoming increasingly adopted by enterprises, endpoint protection is adapting to provide protection for mobile endpoints such as laptops, smartphones, and tablet PCs in addition to more traditional endpoints like servers and desktop PCs. By creating and enforcing rules for endpoints, endpoint protection solutions are able to identify sensitive data and encrypt it, or block the copying or transfer of certain files or sensitive data based on enterprise classification.
Endpoint protection solutions often include network access control functionalities. Essentially, these describes various processes and protocols used to prevent unauthorized access to enterprise networks as well as sensitive data contained within the network or on connected endpoints. Endpoint protection typically evaluates an endpoint before permitting access, such as the operating system, browser, and other applications, ensuring that they are up-to-date and meet defined enterprise security standards before an endpoint (such as a mobile device) is granted access. In doing so, endpoint protection prevents the introduction of security vulnerabilities through devices that don’t meet pre-defined security rules.
Endpoint protection in the enterprise environment is managed centrally, through a central administration server that manages and monitors the endpoints connected to the enterprise network. In the consumer environment, endpoint protection may be used to describe anti-virus software and other security solutions, which are managed and monitored on individual endpoints, as there is generally no need for central administration.
Endpoint Protection is Critical in Light of Expanding, Undefined Security Perimeter
The rise of BYOD and the use of external storage devices have created an ever-changing security perimeter for modern organizations that’s nearly impossible to define. With a variety of endpoints potentially connected to an enterprise network at any given moment, greater visibility and control is necessary. Endpoints are a common entry point for malware and other attacks, as they provide an easy access point to breach networks and compromise or steal sensitive data.
Without adequate endpoint protection, an enterprise loses control over sensitive data the moment it’s copied to an external device or the moment network access is gained through an unsecured endpoint. Endpoint protection is a crucial component of modern enterprise security, supplementing other security solutions to provide protection for data that can otherwise easily escape a company’s control.