A Fundamental Guide to Endpoint Security -- Security Today

A Fundamental Guide to Endpoint Security

Feb 05, 2024

By Mary Blackowiak

Anyone who uses technology in their daily lives understands that it is ever-changing, and the sentiment is especially true within the cybersecurity industry. Adversaries continue to evolve with new tactics to bypass defenses, so the methods of detecting and preventing these threats must do so at an even more rapid pace.

However, keeping up with all the changes can be quite difficult, even for the most seasoned cybersecurity professional. Today, employees conduct business from multiple devices, with some being company-issued and others being privately owned. Sensitive data is being stored across many locations or endpoints, including on devices, within corporate data centers, and in the cloud.

This means that organizations likely need more than one technology to defend their endpoints against security breaches or data loss. With cybersecurity vendors marketing a wide range of branded product names for their offers, it may be challenging to determine, which are ideal for your environment.

This article aims to help demystify the various endpoint security technologies you may come across during your research, highlight the primary differences and explain how they can complement each other.

Four Key Endpoint Security Technologies
To begin, let’s define exactly what an endpoint is. At the most fundamental level, an endpoint is any device that connects and exchanges data on a network. That could include traditional desktop and laptop computers, tablets, smartphones, printers, and servers.

Endpoints also encompass network appliances like routers, switches, or firewalls, and a wide range of IoT devices such as wearables, security cameras, sensors, and connected medical or manufacturing equipment. But we must also think beyond the physical devices and consider virtual machines that host applications and data in public or private clouds.

It is important to note that all endpoints represent entry points into the network and, therefore, can be exploited, creating opportunities for sensitive data loss. As such, they must all be accounted for when building an endpoint security strategy. The following are some of the more common endpoint security technologies you are likely to encounter:

Unified endpoint management (UEM) or mobile device management (MDM). There is a widely accepted concept within the cybersecurity industry that you cannot effectively protect what you can’t see. Therefore, the first step in building a comprehensive endpoint security policy is to inventory all the devices accessing your network, and this can be accomplished with UEM or MDM technologies. The primary difference between the two is that MDM is for iOS and Android operating systems (OS), while UEM includes those OS plus Windows and Mac operating systems--even productivity devices and wearables in some cases. Once devices are discovered and profiled, administrators will be able to apply consistent security policies across them, regardless of where the endpoint is located.

Both UEM and MDM enable organizations to set standards regarding the security posture of devices accessing the network. For example, rules can be created that a device cannot be jailbroken and must be running on the latest OS version. They can also restrict what apps the users may install and what the user is allowed to do on a managed device.

Administrators can use the management console to push operating systems or app updates to devices that are out of compliance or even to wipe devices that are lost, stolen, or that were used by former employees. However, MDM and UEM go beyond reducing risk to an organization and can be leveraged to improve user experience. These solutions allow businesses to deliver new devices to end users that are already set up, complete with all the approved applications needed to complete their job duties.

Endpoint detection and response (EDR). As mentioned above, security policies can be applied to endpoints using UEM and MDM; however, these solutions cannot detect and block threats. The purpose of EDR is real-time protection for your desktops, laptops and servers against threats such as ransomware, known and unknown malware, trojans, hacking tools, memory exploits, script misuse and malicious macros.

This technology started many years ago as antivirus software, which relied on signatures of known or already identified threats to create block lists. It evolved into what is called an endpoint protection platform, or EPP, which uses machine learning, artificial intelligence, and sandboxing technology to detect fileless or previously unseen malware (also referred to zero-day attacks). More recently, endpoint security vendors have started to add forensic and response capabilities, morphing EPP technology into what is known as endpoint detection and response or EDR.

Mobile threat defense (MTD). Mobile devices are most certainly endpoints, and they have things in common with laptops and desktops in terms of their vulnerability to attacks such as phishing and malware, but they are unique when it comes to how attacks are conducted. A few examples would be SMS messages with phishing links, malicious QR codes or unscrupulous apps. It is for this reason that mobile devices require their own dedicated security solution, commonly referred to as mobile security or mobile threat defense (MTD). MTD protects both managed and unmanaged mobile devices against four categories of threats2:

Device: Detecting jailbroken or rooted devices, outdated operating systems, and risky configurations.
App: Flagging apps that are known to be malicious but also those that leak or share data.
Network: Identifying risky networks to protect against man-in-the-middle attacks, certificate impersonation, or other attacks that leverage vulnerable TLS/SSL sessions.
Content and web: Blocking malicious links sent via email, SMS, browsers, and social media or productivity apps.

Unfortunately, MTD is a security technology that is currently underused, with a recent IDC study indicating that it was deployed by fewer than half of the surveyed SMB or enterprise businesses.1 This presents a considerable security gap considering how much sensitive information is transmitted through and stored on mobile devices. Smartphones and tablets are particularly attractive targets for attackers due to the ease of attack via SMS, email, and messaging apps, as well as a frequent lack of security controls on the device. Additionally, these devices can be leveraged as a jump point to the network, where more impactful assaults may be launched.

Cloud workload protection platform (CWPP). Digital transformation initiatives have resulted in businesses moving more applications out of the data center and into the cloud. The benefits here include lower overhead costs, increased performance and improved user experience. The most utilized cloud service providers (CSPs) are AWS, Azure and Google Cloud. 87% of organizations use multiple cloud providers and 72% have a hybrid cloud structure combining both public and private clouds.3

While this migration to cloud is necessary for future growth, it also increases the attack surface. This is because when cloud resources are publicly accessible, whether by design or error, they become a target for threat actors.4 CWPPs provide threat detection for servers, virtual machines, containers and Kubernetes clusters across all cloud environments. CWPPs protect against a wide range of attacks, including ransomware, fileless and zero-day attacks. They can alert a security administrator not just to vulnerabilities but also to compliance violations.

Determining the Proper Technologies for Your Business
You may be wondering if your organization needs all these protections. The answer could be as simple as assessing where your sensitive data is stored. Even the smallest businesses have valuable data, including customer and payment details, and for companies linked to healthcare, law, insurance or finance, there is likely even more private information that could be leveraged for identity theft.

According to a recent study, on average, an employee at a business with fewer than 100 employees will be subjected to 350% more social engineering attacks than an employee at a larger enterprise.5 Employees at businesses of all sizes may perform bookkeeping or other tasks on laptops, use tablets to process transactions or collect customer information, and use mobile phones to respond to business texts or emails.

For every organization, endpoint security should be viewed not only as a way to reduce risk, but also as a fundamental investment in ensuring business continuity.

Mary Blackowiak is the director of product management and development, Endpoint and Mobile Security at AT&T Cybersecurity.

1 IDC 2023 Mobile Security Survey
2 Lookout MTD comparison infographic
3 Flexera 2023 State of The Cloud Report
4 A Cloud Workload Protection Platform Buyer’s Guide
5 Barracuda Spear Phishing: Top Threats and Trends Vol 7

Verkada Hits 25,000 Customers Globally
07/26/2024
IDIS Video Technology Provides Foundation For Indian Railways Growth Plans
07/19/2024
SIA, International Association of Professional Security Consultants Announce Partnership
07/19/2024
Empowering Boutique Security Companies to Play Big
07/16/2024
dormakaba Consolidates Sites and Opens New Hub and Production Facility in Montreal
07/15/2024
NAPCO Access Pro Sales Division Announces Personnel Changes
07/15/2024
RAD Joins ZeroNow as a Partner in Making Schools Safer
07/15/2024
Traka ASSA ABLOY Wins 2024 Red Dot Award for Touch Pro Series of Electronic Key Management Cabinets
07/01/2024

Featured

The Next Generation

Video security technology has reached an inflection point. With advancements in cloud infrastructure and internet bandwidth, hybrid cloud solutions can now deliver new capabilities and business opportunities for security professionals and their customers. Read Now
- IP Video
Help Your Customer Protect Themselves

In the world of IT, insider threats are on a steep upward trajectory. The cost of these threats - including negligent and malicious employees that may steal authorized users’ credentials, rose from $8.3 million in 2018 to $16.2 million in 2023. Insider threats towards physical infrastructures often bleed into the realm of cybersecurity; for instance, consider an unauthorized user breaching a physical data center and plugging in a laptop to download and steal sensitive digital information. Read Now
- Cybersecurity
Enhanced Situation Awareness

Did someone break into the building? Maybe it is just an employee pulling an all-nighter. Or is it an actual perpetrator? Audio analytics, available in many AI-enabled cameras, can add context to what operators see on the screen, helping them validate assumptions. If a glass-break detection alert is received moments before seeing a person on camera, the added situational awareness makes the event more actionable. Read Now
- Artificial Intelligence
Transformative Advances

Over the past decade, machine learning has enabled transformative advances in physical security technology. We have seen some amazing progress in using machine learning algorithms to train computers to assess and improve computational processes. Although such tools are helpful for security and operations, machines are still far from being capable of thinking or acting like humans. They do, however, offer unique opportunities for teams to enhance security and productivity. Read Now
- Artificial Intelligence

Webinars

Hanwha Vision (formerly Hanwha Techwin), Eagle Eye Networks Inc, Salient Systems

Smart Buildings: Focus on Networking and Video Surveillance
The State of Safe Web Browsing in Enterprises Today
BriefCam

AI-Driven Video Analytics: The Foundation for Your Security Tech Stack

Whitepapers

Axis Communications, Inc.

Virginia School Security Grants
ASSA ABLOY

The evolution of data center security: Safeguarding critical assets in today’s data centers
Winsted Corporation

All-Star Lineup

New Products

QCS7230 System-on-Chip (SoC)

The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3
Compact IP Video Intercom

Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3
PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3