A Fundamental Guide to Endpoint Security

By Mary Blackowiak

Anyone who uses technology in their daily lives understands that it is ever-changing, and the sentiment is especially true within the cybersecurity industry. Adversaries continue to evolve with new tactics to bypass defenses, so the methods of detecting and preventing these threats must do so at an even more rapid pace.

However, keeping up with all the changes can be quite difficult, even for the most seasoned cybersecurity professional. Today, employees conduct business from multiple devices, with some being company-issued and others being privately owned. Sensitive data is being stored across many locations or endpoints, including on devices, within corporate data centers, and in the cloud.

This means that organizations likely need more than one technology to defend their endpoints against security breaches or data loss. With cybersecurity vendors marketing a wide range of branded product names for their offers, it may be challenging to determine, which are ideal for your environment.

This article aims to help demystify the various endpoint security technologies you may come across during your research, highlight the primary differences and explain how they can complement each other.

Four Key Endpoint Security Technologies
To begin, let’s define exactly what an endpoint is. At the most fundamental level, an endpoint is any device that connects and exchanges data on a network. That could include traditional desktop and laptop computers, tablets, smartphones, printers, and servers.

Endpoints also encompass network appliances like routers, switches, or firewalls, and a wide range of IoT devices such as wearables, security cameras, sensors, and connected medical or manufacturing equipment. But we must also think beyond the physical devices and consider virtual machines that host applications and data in public or private clouds.

It is important to note that all endpoints represent entry points into the network and, therefore, can be exploited, creating opportunities for sensitive data loss. As such, they must all be accounted for when building an endpoint security strategy. The following are some of the more common endpoint security technologies you are likely to encounter:

Unified endpoint management (UEM) or mobile device management (MDM). There is a widely accepted concept within the cybersecurity industry that you cannot effectively protect what you can’t see. Therefore, the first step in building a comprehensive endpoint security policy is to inventory all the devices accessing your network, and this can be accomplished with UEM or MDM technologies. The primary difference between the two is that MDM is for iOS and Android operating systems (OS), while UEM includes those OS plus Windows and Mac operating systems--even productivity devices and wearables in some cases. Once devices are discovered and profiled, administrators will be able to apply consistent security policies across them, regardless of where the endpoint is located.

Both UEM and MDM enable organizations to set standards regarding the security posture of devices accessing the network. For example, rules can be created that a device cannot be jailbroken and must be running on the latest OS version. They can also restrict what apps the users may install and what the user is allowed to do on a managed device.

Administrators can use the management console to push operating systems or app updates to devices that are out of compliance or even to wipe devices that are lost, stolen, or that were used by former employees. However, MDM and UEM go beyond reducing risk to an organization and can be leveraged to improve user experience. These solutions allow businesses to deliver new devices to end users that are already set up, complete with all the approved applications needed to complete their job duties.

Endpoint detection and response (EDR). As mentioned above, security policies can be applied to endpoints using UEM and MDM; however, these solutions cannot detect and block threats. The purpose of EDR is real-time protection for your desktops, laptops and servers against threats such as ransomware, known and unknown malware, trojans, hacking tools, memory exploits, script misuse and malicious macros.

This technology started many years ago as antivirus software, which relied on signatures of known or already identified threats to create block lists. It evolved into what is called an endpoint protection platform, or EPP, which uses machine learning, artificial intelligence, and sandboxing technology to detect fileless or previously unseen malware (also referred to zero-day attacks). More recently, endpoint security vendors have started to add forensic and response capabilities, morphing EPP technology into what is known as endpoint detection and response or EDR.

Mobile threat defense (MTD). Mobile devices are most certainly endpoints, and they have things in common with laptops and desktops in terms of their vulnerability to attacks such as phishing and malware, but they are unique when it comes to how attacks are conducted. A few examples would be SMS messages with phishing links, malicious QR codes or unscrupulous apps. It is for this reason that mobile devices require their own dedicated security solution, commonly referred to as mobile security or mobile threat defense (MTD). MTD protects both managed and unmanaged mobile devices against four categories of threats2:

  • Device: Detecting jailbroken or rooted devices, outdated operating systems, and risky configurations.
  • App: Flagging apps that are known to be malicious but also those that leak or share data.
  • Network: Identifying risky networks to protect against man-in-the-middle attacks, certificate impersonation, or other attacks that leverage vulnerable TLS/SSL sessions.
  • Content and web: Blocking malicious links sent via email, SMS, browsers, and social media or productivity apps.

 

Unfortunately, MTD is a security technology that is currently underused, with a recent IDC study indicating that it was deployed by fewer than half of the surveyed SMB or enterprise businesses.1 This presents a considerable security gap considering how much sensitive information is transmitted through and stored on mobile devices. Smartphones and tablets are particularly attractive targets for attackers due to the ease of attack via SMS, email, and messaging apps, as well as a frequent lack of security controls on the device. Additionally, these devices can be leveraged as a jump point to the network, where more impactful assaults may be launched.

Cloud workload protection platform (CWPP). Digital transformation initiatives have resulted in businesses moving more applications out of the data center and into the cloud. The benefits here include lower overhead costs, increased performance and improved user experience. The most utilized cloud service providers (CSPs) are AWS, Azure and Google Cloud. 87% of organizations use multiple cloud providers and 72% have a hybrid cloud structure combining both public and private clouds.3

While this migration to cloud is necessary for future growth, it also increases the attack surface. This is because when cloud resources are publicly accessible, whether by design or error, they become a target for threat actors.4 CWPPs provide threat detection for servers, virtual machines, containers and Kubernetes clusters across all cloud environments. CWPPs protect against a wide range of attacks, including ransomware, fileless and zero-day attacks. They can alert a security administrator not just to vulnerabilities but also to compliance violations.

Determining the Proper Technologies for Your Business
You may be wondering if your organization needs all these protections. The answer could be as simple as assessing where your sensitive data is stored. Even the smallest businesses have valuable data, including customer and payment details, and for companies linked to healthcare, law, insurance or finance, there is likely even more private information that could be leveraged for identity theft.

According to a recent study, on average, an employee at a business with fewer than 100 employees will be subjected to 350% more social engineering attacks than an employee at a larger enterprise.5 Employees at businesses of all sizes may perform bookkeeping or other tasks on laptops, use tablets to process transactions or collect customer information, and use mobile phones to respond to business texts or emails.

For every organization, endpoint security should be viewed not only as a way to reduce risk, but also as a fundamental investment in ensuring business continuity.

Mary Blackowiak is the director of product management and development, Endpoint and Mobile Security at AT&T Cybersecurity.

 

1 IDC 2023 Mobile Security Survey
2 Lookout MTD comparison infographic
3 Flexera 2023 State of The Cloud Report
4 A Cloud Workload Protection Platform Buyer’s Guide
5 Barracuda Spear Phishing: Top Threats and Trends Vol 7

Featured

  • President Biden Issues Executive Order to Bolster U.S Port Cybersecurity

    On Wednesday, President Biden issued an Executive Order to bolster the security of the nation’s ports, alongside a series of additional actions that will strengthen maritime cybersecurity and more Read Now

  • Report: 15 Percent of All Emails Sent in 2023 Were Malicious

    VIPRE Security Group recently released its report titled “Email Security in 2024: An Expert Look at Email-Based Threats”. The 2024 predictions for email security in this report are based on an analysis of over 7 billion emails processed by VIPRE worldwide during 2023. This equates to almost one email for everyone on the planet. Of those, roughly 1 billion (or 15%) were malicious. Read Now

  • ASIS Announces ANSI-Approved Cannabis Security Standard

    ASIS International, a leading authority in security standards and guidelines, proudly announces the release of a pioneering American National Standards Institute (ANSI)-approved standard dedicated to cannabis security. This best-in-class standard, meticulously developed by industry experts, sets a new benchmark by providing comprehensive requirements and guidance for the design, implementation, monitoring, evaluation, and maintenance of a cannabis security program. Read Now

  • ISC West Announces Keynote Lineup

    ISC West, in collaboration with premier sponsor the Security Industry Association (SIA), announced this year’s dynamic trio of speakers that will headline the Keynote Series at ISC West 2024. Read Now

    • Industry Events

Featured Cybersecurity

Whitepapers

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3