Endpoint security or protection is an approach to network protection that requires each computing device on a corporate network to comply with certain standards before network access is granted.
Endpoints can include PCs, laptops, smart phones, tablets and specialized equipment such as bar code readers or point of sale (POS) terminals.
Endpoint protection must be able to
- prevent malware attacks,
- protect users (while exchanging emails, browsing the Web or connecting devices),
- Stop the proliferation of any attacks that manage to succeed.
How does it work
Endpoint security systems work on a client/server model in which a centrally managed server or gateway hosts the security program and an accompanying client program is installed on each network device. When a client attempts to log onto the network, the server program validates user credentials and scans the device to make sure that it complies with defined corporate security policies before allowing access to the network. Devices that do not comply with policy are given limited access or quarantined
Characteristic features of Endpoint protection
Here are some typical features found in these kinds of software suites:
- Antivirus: This is the combination of signature-based scanning with heuristics technology and cloud-based global threat intelligence to recognize and root out malwares ( that can avoid detection and resist removals) on systems and prevent infections in the first place. (Heuristics is the practice of identifying malware based on previous experience, observations of malware behaviour and typical points of attack.)
- Antispyware: this is the protection of sensitive or confidential data from malicious threats by constantly running Antispyware software in the background to block spyware installation, regardless of the source.
- Data loss prevention (DLP): This is the protection of data leaving the security of the internal business network through outlets such as email messages and devices such as USB drives, laptop or mobile device, or upload to the cloud.
- Desktop firewall: having a second firewall running on the endpoint is another layer of defence against malware outside of network protected firewalls.
- Device control: allows IT to restrict or block user access to non-network or Internet connected computer accessories devices such as USB device, CD or DVD from installing software which runs the risk of transferring infected application to target machine; by setting and enforcing device access rules.
- Email protection: This component attempts to filter out phishing emails, spam and other malicious objects or suspect content.
- Website browsing protection: Done via consultation of some type of ratings database that indicates whether a website is safe to browse or not. This type of protection in place, prevents access to websites indicated as not safe as users will receive a warning messages not to open website.
In addition to the above features, Endpoint protection suites also have included
- intrusion detection and prevention functionality,
- application control
- network access control.
Some packages also perform
• patch assessment and management, (where system threats are assessed and the most critical patches are applied first).
• vulnerability assessments
• full-disk encryption (to protect stored data).