A Fundamental Guide to Endpoint Security

  • Feb 05, 2024

By Mary Blackowiak

Anyone who uses technology in their daily lives understands that it is ever-changing, and the sentiment is especially true within the cybersecurity industry. Adversaries continue to evolve with new tactics to bypass defenses, so the methods of detecting and preventing these threats must do so at an even more rapid pace.

However, keeping up with all the changes can be quite difficult, even for the most seasoned cybersecurity professional. Today, employees conduct business from multiple devices, with some being company-issued and others being privately owned. Sensitive data is being stored across many locations or endpoints, including on devices, within corporate data centers, and in the cloud.

This means that organizations likely need more than one technology to defend their endpoints against security breaches or data loss. With cybersecurity vendors marketing a wide range of branded product names for their offers, it may be challenging to determine, which are ideal for your environment.

This article aims to help demystify the various endpoint security technologies you may come across during your research, highlight the primary differences and explain how they can complement each other.

Four Key Endpoint Security Technologies
To begin, let’s define exactly what an endpoint is. At the most fundamental level, an endpoint is any device that connects and exchanges data on a network. That could include traditional desktop and laptop computers, tablets, smartphones, printers, and servers.

Endpoints also encompass network appliances like routers, switches, or firewalls, and a wide range of IoT devices such as wearables, security cameras, sensors, and connected medical or manufacturing equipment. But we must also think beyond the physical devices and consider virtual machines that host applications and data in public or private clouds.

It is important to note that all endpoints represent entry points into the network and, therefore, can be exploited, creating opportunities for sensitive data loss. As such, they must all be accounted for when building an endpoint security strategy. The following are some of the more common endpoint security technologies you are likely to encounter:

Unified endpoint management (UEM) or mobile device management (MDM). There is a widely accepted concept within the cybersecurity industry that you cannot effectively protect what you can’t see. Therefore, the first step in building a comprehensive endpoint security policy is to inventory all the devices accessing your network, and this can be accomplished with UEM or MDM technologies. The primary difference between the two is that MDM is for iOS and Android operating systems (OS), while UEM includes those OS plus Windows and Mac operating systems--even productivity devices and wearables in some cases. Once devices are discovered and profiled, administrators will be able to apply consistent security policies across them, regardless of where the endpoint is located.

Both UEM and MDM enable organizations to set standards regarding the security posture of devices accessing the network. For example, rules can be created that a device cannot be jailbroken and must be running on the latest OS version. They can also restrict what apps the users may install and what the user is allowed to do on a managed device.

Administrators can use the management console to push operating systems or app updates to devices that are out of compliance or even to wipe devices that are lost, stolen, or that were used by former employees. However, MDM and UEM go beyond reducing risk to an organization and can be leveraged to improve user experience. These solutions allow businesses to deliver new devices to end users that are already set up, complete with all the approved applications needed to complete their job duties.

Endpoint detection and response (EDR). As mentioned above, security policies can be applied to endpoints using UEM and MDM; however, these solutions cannot detect and block threats. The purpose of EDR is real-time protection for your desktops, laptops and servers against threats such as ransomware, known and unknown malware, trojans, hacking tools, memory exploits, script misuse and malicious macros.

This technology started many years ago as antivirus software, which relied on signatures of known or already identified threats to create block lists. It evolved into what is called an endpoint protection platform, or EPP, which uses machine learning, artificial intelligence, and sandboxing technology to detect fileless or previously unseen malware (also referred to zero-day attacks). More recently, endpoint security vendors have started to add forensic and response capabilities, morphing EPP technology into what is known as endpoint detection and response or EDR.

Mobile threat defense (MTD). Mobile devices are most certainly endpoints, and they have things in common with laptops and desktops in terms of their vulnerability to attacks such as phishing and malware, but they are unique when it comes to how attacks are conducted. A few examples would be SMS messages with phishing links, malicious QR codes or unscrupulous apps. It is for this reason that mobile devices require their own dedicated security solution, commonly referred to as mobile security or mobile threat defense (MTD). MTD protects both managed and unmanaged mobile devices against four categories of threats2:

  • Device: Detecting jailbroken or rooted devices, outdated operating systems, and risky configurations.
  • App: Flagging apps that are known to be malicious but also those that leak or share data.
  • Network: Identifying risky networks to protect against man-in-the-middle attacks, certificate impersonation, or other attacks that leverage vulnerable TLS/SSL sessions.
  • Content and web: Blocking malicious links sent via email, SMS, browsers, and social media or productivity apps.

 

Unfortunately, MTD is a security technology that is currently underused, with a recent IDC study indicating that it was deployed by fewer than half of the surveyed SMB or enterprise businesses.1 This presents a considerable security gap considering how much sensitive information is transmitted through and stored on mobile devices. Smartphones and tablets are particularly attractive targets for attackers due to the ease of attack via SMS, email, and messaging apps, as well as a frequent lack of security controls on the device. Additionally, these devices can be leveraged as a jump point to the network, where more impactful assaults may be launched.

Cloud workload protection platform (CWPP). Digital transformation initiatives have resulted in businesses moving more applications out of the data center and into the cloud. The benefits here include lower overhead costs, increased performance and improved user experience. The most utilized cloud service providers (CSPs) are AWS, Azure and Google Cloud. 87% of organizations use multiple cloud providers and 72% have a hybrid cloud structure combining both public and private clouds.3

While this migration to cloud is necessary for future growth, it also increases the attack surface. This is because when cloud resources are publicly accessible, whether by design or error, they become a target for threat actors.4 CWPPs provide threat detection for servers, virtual machines, containers and Kubernetes clusters across all cloud environments. CWPPs protect against a wide range of attacks, including ransomware, fileless and zero-day attacks. They can alert a security administrator not just to vulnerabilities but also to compliance violations.

Determining the Proper Technologies for Your Business
You may be wondering if your organization needs all these protections. The answer could be as simple as assessing where your sensitive data is stored. Even the smallest businesses have valuable data, including customer and payment details, and for companies linked to healthcare, law, insurance or finance, there is likely even more private information that could be leveraged for identity theft.

According to a recent study, on average, an employee at a business with fewer than 100 employees will be subjected to 350% more social engineering attacks than an employee at a larger enterprise.5 Employees at businesses of all sizes may perform bookkeeping or other tasks on laptops, use tablets to process transactions or collect customer information, and use mobile phones to respond to business texts or emails.

For every organization, endpoint security should be viewed not only as a way to reduce risk, but also as a fundamental investment in ensuring business continuity.

Mary Blackowiak is the director of product management and development, Endpoint and Mobile Security at AT&T Cybersecurity.

 

1 IDC 2023 Mobile Security Survey
2 Lookout MTD comparison infographic
3 Flexera 2023 State of The Cloud Report
4 A Cloud Workload Protection Platform Buyer’s Guide
5 Barracuda Spear Phishing: Top Threats and Trends Vol 7

Featured

  • Paving the Way to Smart Buildings

    In today's rapidly evolving security landscape, the convergence of on-prem, edge and cloud technologies are critical. The physical security landscape is undergoing a profound transformation, driven by the rapid digitalization of buildings and the evolving needs of modern organizations. As the buildings sector pivots towards smart, AI and data-driven operations, the integration of both edge and cloud technology has become crucial. Read Now

  • The Cybersecurity Time Bomb

    If you work in physical security, you have probably seen it: a camera, access control system, or intrusion detection device installed years ago, humming along without a single update. It is a common scenario that security professionals have come to accept as "normal." But here is the reality: this mindset is actively putting organizations at risk. Read Now

  • Deploying in a Hybrid, Cloud Environment

    The way organizations manage access control is evolving. Traditional on-premises systems come with high IT and server requirements. At the same time, fully cloud-based solutions may not meet the needs of every facility. Read Now

  • Facing Facts for Facilities

    Despite the proliferation of constantly evolving security solutions, there remains a troubling trend among many facility operators who often neglect the most important security assets within their organization. Keys and shared devices like radios, laptops and tablets are crucial to successful operations, yet many operators are managing them haphazardly through outdated storage systems like pegboards and notebooks. Read Now

  • Report Reveals Security Training Reduces Global Phishing Click Rates by 86%

    KnowBe4, the cybersecurity platform that comprehensively addresses human risk management, today launched its “Phishing by Industry Benchmarking Report 2025” which measures an organization’s Phish-prone Percentage (PPP) — the percentage of employees likely to fall for social engineering or phishing attacks, indicating the organization’s overall susceptibility to phishing threats. This year’s report found a global average baseline PPP of 33.1%, meaning a third of employees interact with phishing simulations before taking part in best-practice security awareness training (SAT).COVER 2025-PIB-NA-Report_EN-US Read Now

Most   Popular

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”