1GB log analytics FREE every day when you purchase by 1/31/21 Get offer

DevOps Glossary

Endpoint Security

What is Endpoint Security?

As IT organizations grow in size and scope, they deploy an increasing number of connected devices such as laptops, mobile devices and tablets. These devices, which exist at the edges of the organization's IT infrastructure, are known as network endpoints.

Each network endpoint that connects to the IT infrastructure represents a potential attack vector for hackers, so it is vital that organizations secure their network endpoints to maintain data security and privacy. Endpoint security refers to an organization's overall approach to managing the security of network endpoint devices that remotely access the IT infrastructure.

Data breaches are becoming increasingly common and network endpoints are one of the most commonly targeted attack vectors for hackers attempting to steal your organization's sensitive or proprietary data. Endpoint security or endpoint protection technologies work by monitoring the status, user activities, software usage, authorization and authentication status of connected devices through a variety of different tools and features.

Two Types of Endpoint Security Technologies

Broadly speaking, IT organizations can choose to implement two different types of endpoint security solutions: an Endpoint Protection Platform (EPP) or an Endpoint Detection and Remediation (EDR) solution.

An EPP protects the network by inspecting and scanning packets and files that enter the network through connected devices. EPPs compare incoming files against a threat intelligence database, checking whether the file meta-data or properties constitute a match for a known malicious threat.

An EDR solution goes a step further, offering continuous monitoring of all applications and files that interact with a given device. EDR solutions address the growing need of IT organizations to continuously monitor advanced threats and initiate rapid responses that protect IT assets and prevent data loss.

As endpoint security technology continues to advance, we are increasingly seeing new tools that incorporate the preventive aspects of EPP software as well as the continuous monitoring and enhanced investigating features offered by EDR solutions.

Why Endpoint Security is Important

For IT organizations of all sizes, endpoint security plays a significant role in maintaining overall security posture and avoiding and mitigating threats such as viruses, spyware, malware and more. The business case for endpoint security systems is based on a need to ensure data privacy and security, prevent business downtime and avoid damage to the IT infrastructure. Endpoint security helps IT organizations:

Decrease and Prevent Data Breaches - the number of data breaches experienced by organizations around the world has skyrocketed in the past five years as hackers took a break from infiltrating large corporations to focus on small businesses with fewer security measures in place. With the cost of data breaches estimated at approximately $150 per compromised record, endpoint security plays a vital role in mitigating the massive financial risks associated with data breaches.

Avoid Unplanned Service Interruptions - Cyber attacks can create unplanned service interruptions by directly attacking IT infrastructure. A major network endpoint attack can also divert valuable human resources to help with the investigation, leading to poor service in other areas of IT. Endpoint security helps mitigate the risk of cyber attacks so your Security and Operations teams can focus on managing the IT services that your business needs to function.

Protect and Secure Worker Devices - Bring Your Own Device (BYOD) is becoming increasingly common, as organizations are increasingly allowing employees to use their own mobile devices and laptops in the office. These devices may carry security vulnerabilities, but they could also be damaged by a virus or malware program that infects the IT infrastructure and travels to other network endpoints. Endpoint security systems protect all IT assets, including worker devices, from the negative effects of malicious cyber attacks.

Endpoint Security Features

IT organizations typically install endpoint security software on a central server that is connected to the IT infrastructure and accessible on the company's network. This software interacts with endpoint security client software that is installed on each connected device. Endpoint security systems provide a host of features that offer coverage against a variety of cyber security threats.

Antivirus - An antivirus is a software tool whose primary function is to scan for, detect and remove viruses that are present on a device. Antivirus software tools may also detect and prevent other types of cyber attacks such as Trojans, worms, adware, keyloggers, rootkits and more.

Antispyware - Antispyware is a special category of antivirus software that protects users against malicious programs that are designed to collect and transmit information about them. In addition to compromising the user's privacy and potentially exposing sensitive corporate data, spyware attacks can be disruptive to the user. Spyware can often consume valuable processing power or install software without permission.

Firewall - Firewalls are network security devices that monitor incoming and outgoing traffic on the network and make rules-based decisions about whether to allow or block traffic from a given source. Firewalls can be software-based, or they can be physical pieces of hardware that act as gateways within the IT infrastructure and restrict access to sensitive data for unauthorized users.

Application Whitelisting - application whitelisting is a feature of endpoint security software tools that enables IT administrators to exercise control over what software applications are permitted to be present on a network endpoint. This prevents users from installing and operating unauthorized software on network endpoints without the knowledge of administrators and helps to limit risk and exposure to cyber attacks, as unauthorized applications may create a security vulnerability.

Network Access Control (NAC) - network access control is a set of policies whose goal is to control access to a network. When a device connects to the network, the NAC system authenticates the user, checks its compliance with defined security policies and may restrict its permissions and authorization depending on its current security compliance status.

Host Intrusion Prevention System (HIPS) - HIPS is essentially a software package that tries to monitor a host device for suspicious activity by analyzing event logs. The tool captures data from the host, ensures that the host can only run trusted programs and ensures that binaries, password files and access control lists are not unexpectedly accessed or modified.

Protect Your Endpoints with Big Data and Operational Analytics

Sumo Logic helps IT organizations protect and secure network endpoints with an operational analytics platform that leverages machine learning and big data to effectively monitor and troubleshoot network activity, detect and respond to threats and forensically investigate security events.

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.