Cyber Security

What is Endpoint Security?

The question “What is Endpoint Security?” seems innocent enough, but answering it triggers a few complex conversations. These span hardware and software, network architecture, network security and more. This article offers some insights, and hopefully some clarity, on this deceptively simple issue.

So let’s start off with the basics:

What is an “Endpoint”?

An endpoint is a point in space at the end of a computer network.  If you imagine a network as a bunch of wires emanating from a central place like a data center, the end point is the machine at the end of one of those wires. In real life, it isn’t neat and clean, but that’s the general idea. Endpoints are devices, along with their software, that are the outer edges of a network.

Examples of Endpoints

Laptops

Our laptop PCs are invariably network endpoints. We can use them to access corporate networks.

Phones

Smartphones, which are really just miniature computers, are also network endpoints. They can be set up to connect you to corporate networks.

Networked Office Appliances

These include devices like printers and routers. They, too, are connected to the network. A wide variety of Internet of Things (IoT) devices also form endpoints, e.g. digital security cameras, sensors and so forth.

Servers

Though they seem to be buried in the core of the network rather than at its edges, servers are almost always endpoints. They, too, are devices connected to the network.

What do all of these devices have in common? They are all entry points into the network. This makes them useful, but also vulnerable. Given their position as gateways to valuable digital assets, endpoints are frequently the target of hackers.

What is Endpoint Security?

Endpoint security (simply put) is a combination of practices that aim to protect the endpoint from malicious actors is an extremely important area of IT security.  These practices range from installing anti-virus software to threat detection at the endpoint to digital forensics. Mostly, though, the term “endpoint security” connotes the overwhelming need for security at the endpoint—however it’s done.

Why is Endpoint Security Important?

Endpoint security is important because any network-connected device exposes itself to multiple threat vectors. IT organizations recognize this risk. According to a Ponemon Study, 68% of IT professionals reported that endpoint security risks increased in 2020.  

At the same time, only about half of organizations are confident in their endpoint security posture. In fact, that same 68% had been impacted by 1 or more successful endpoint attacks!  

Even companies that have endpoint security are not convinced of its efficacy. According to Sophos, a provider of endpoint security solutions, 75% of organizations infected with ransomware were running up-to-date endpoint protection. But don’t worry! We’ll walk you through some things you need to look for. 

Endpoint Vulnerability

Endpoints embody a number of vulnerabilities. Hackers have different objectives when they attack an endpoint. In some cases, their goal is to take over the endpoint’s operating system. That way, they can use the endpoint as a staging area for penetration of the network. At other times, the attacker might want to spy on the endpoint’s user in order to steal network login credentials. With the credentials in hand, the hacker can log into the network without arousing any suspicion.

The typical attack chain for an endpoint involves installing malware on the device. In most cases, this occurs when the endpoint user clicks on a malware-bearing link or downloads malware in a file, such as a PDF document. To the end user, it’s as if nothing has happened. Indeed, the attacker wants the endpoint user to continue on with his or her work so they can use a functioning, but compromised endpoint to breach the network. 

Challenges for Remote Endpoint Security

Remote work creates a few wrinkles for endpoint security. In some cases, a remote worker is relying on a personal machine for work, so the company has to provision endpoint protection software that is compatible with the user’s personal device–and make sure they’re using it. 

Remote device authentication is also part of the endpoint protection mix in this scenario, even if it’s not about endpoint security solutions per se. Being able to authenticate a remote worker is a critical step in ensuring endpoint protection. Without strong authentication, a malicious actor could impersonate the remote worker and breach the network by establishing a fake but realistic-looking endpoint. 

For remote workers who do sensitive work like system administration or financial transactions, some companies have even taken the step of provisioning a dedicated remote access device. This might be a PC that’s “hardened” and unable to download files or read emails. It can only log into privileged, protected sub-networks. Some vendors have even created a single PC with a split regular/hardened pair of virtual machine operating systems as a way to provision a privileged device that’s also convenient for standard corporate work.

Difference Between Endpoint Security and Antivirus Software

Endpoint security and antivirus software overlap in purpose and functionality, but they are not the same thing. Viruses are a threat vector for endpoints, so anti-virus is almost always part of endpoint security. However, just having anti-virus software running on an endpoint is not enough. There are quite a few aspects of full endpoint security that are important to consider.

Essential Endpoint Security Components

Endpoint security solutions are highly varied, depending on the risk they are trying to mitigate. The following are some of the most common endpoint security components:

• Device Protection

Software that defends the device itself from operating system takeover. In some cases, device protection will also involve shielding firmware from unauthorized updates. Keeping endpoints patched is essential to keep them safe from known exploits.

• Network Controls

The network can reveal an endpoint attack even if it is not readily visible on the endpoint itself. This may emerge from increased or suspicious network traffic at the endpoint.

• Application Controls

Applications running on the endpoint need protection from attackers. Application controls can do things like enforce two-factor authentication (2FA) for application users at the endpoint.

• Data Controls

Endpoints are usually both the entry and exit points for data breaches. The hacker uses one endpoint to gain access to data and then uses a different endpoint to exfiltrate stolen data. Data controls make this harder to do by restricting data access and export.

• Browser Protections

Given the prevalence of web phishing attacks, e.g. malicious URLs, browser protections can help defend endpoints by restricting access to suspicious URLs or creating an isolated “sandbox” where they can “explode” URLs before letting any data from the website on the endpoint.

The question “What is Endpoint Security?” seems innocent enough, but answering it triggers a few complex conversations. These span hardware and software, network architecture, network security, and more. This article offers some insights, and hopefully some clarity, on this deceptively simple issue.

About the author

Hugh Taylor

Hugh Taylor is a Certified Information Security Manager (CISM) who has written about cybersecurity, compliance, and enterprise technology for such clients as Microsoft, IBM, SAP, HPE, Oracle, Google, and Advanced Micro Devices. He has served in executive roles at Microsoft, IBM, and several venture-backed technology startups. Hugh is the author of multiple books about business, security, and technology