Endpoint security, a network's critical first line of cybersecurity defense, protects end-users and endpoint devices – desktops, laptops, mobile devices, servers –against cyberattacks. Endpoint security also protects the network against adversaries who attempt to use endpoint devices to launch cyberattacks on sensitive data and other assets on the network.
Endpoints remain the primary enterprise network entry point for cyberattacks. Various studies estimate that as many as 90% of successful cyberattacks and as many as 70% of successful data breaches originate at endpoint devices. According to the IBM Security® Cost of a Data Breach Report 2021, the average data breach cost companies USD 4.24 million.
Today companies must protect more endpoints, and more kinds of endpoints, than ever before. Bring-your-own-device (BYOD) policies, increased remote work, and the surging number of IoT devices, customer-facing devices and network-connected products have multiplied the endpoints that hackers can exploit, and the vulnerabilities that security teams must secure.
The original endpoint security software, antivirus software protects endpoints against known forms of malware - Trojans, worms, adware and more.
Traditional antivirus software scanned the files on an endpoint device for malware signatures - strings of bytes characteristic to known viruses or malware. The software alerted the user or admin when a virus was found, and provided tools for isolating and removing the virus and repairing any infected files.
Today's antivirus software, often called next-generation antivirus (NGAV), can identify and fight newer types of malware, including malware that leaves no signature. For example, NGAV can detect fileless malware - malware that resides in memory and injects malicious scripts into the code of legitimate applications. NGAV can also identify suspicious activity using heuristics, which compare suspicious behavior patterns to those of known viruses, and integrity scanning, which scans files for signs of virus or malware infection.
Antivirus software alone may be adequate for securing a handful of endpoints. Anything beyond that typically requires an enterprise protection platform, or EPP. An EPP combines NGAV with other endpoint security solutions, including:
An EPP integrates these endpoint solutions in a central management console, where security teams or system admins can monitor and manage security for all endpoints. For example, an EPP can assign the appropriate security tools to each endpoint, update or patch those tools as needed, and administer corporate security policies.
EPPs can be on-premises or cloud-based. But industry analyst Gartner (link resides outside ibm.com), which first defined the EPP category, notes that ‘Desirable EPP solutions are primarily cloud-managed, allowing the continuous monitoring and collection of activity data, along with the ability to take remote remediation actions, whether the endpoint is on the corporate network or outside of the office.’
EPPs focuse on preventing known threats, or threats that behave in known ways. Another class of endpoint security solution, called endpoint detection and response(EDR), enables security teams to respond to threats that sneak past preventative endpoint security tools.
EDR solutions continuously monitor the files and applications that enter each device, hunting for suspicious or malicious activity that indicates malware, ransomware or advanced threats. EDR also continuously collects detailed security data and telemetry, storing it in a data lake where it can be used for real-time analysis, root cause investigation, threat hunting and more.
EDR typically includes advanced analytics, behavioral analysis, artificial intelligence (AI) and machine learning, automation capabilities, intelligent alerting, and investigation and remediation functionality that enable security teams to:
Many newer or more advanced EPPs include some EDR capabilities, but for complete endpoint protection encompassing prevention and response, most enterprises should employ both technologies.
Extended detection and response, or XDR, extends the EDR threat detection and response model to all areas or layers of the infrastructure, protecting not only endpoint devices but applications, databases and storage, networks, and cloud workloads. A software-as-a-service (SaaS) offering, XDR protects on-premises and cloud resources. Some XDR platforms integrate security products from a single vendor or cloud service provider, but the best also allow organizations to add and integrate the security solutions they prefer.
Bring a unique approach to EDR and endpoint security using automation and AI to detect and remediate threats in near real time.
Stop mobile security threats with enterprise mobile security solutions that enable flexible delivery of apps, content and resources across devices.
Take an open cloud, AI approach to secure and manage any device with unified endpoint management (UEM) solutions.
Secure network infrastructure against advanced threats and malware with next-generation threat protection and real-time threat intelligence.
Deliver zero trust security solutions for the enterprise to protect data and resources by making them accessible only when all criteria are met.
Provide security for your hybrid cloud environment by integrating security into every phase of your journey.
Protect enterprise data and address regulatory compliance with data-centric security solutions and services.
IBM firewall management services helps improve your security posture with robust firewall security management.
IBM Security endpoint security management services include consulting and managed endpoint security across a wide range of endpoint protection solutions.
Zero trust is a framework that assumes a complex network’s security is always at risk to external and internal threats.
End-to-end encryption (E2EE) is a secure communication process that prevents third parties from accessing data transferred from one endpoint to another.
Network security protects IT infrastructure from various threats by blocking unauthorized access to your network and the devices connected to that network.
MDM is a proven methodology and toolset used to provide a workforce mobile productivity tools and applications while keeping corporate data secure.
Find out how data security helps protect digital information from unauthorized access, corruption, or theft throughout its entire lifecycle.
SIEM technology provides the advanced threat detection and security automation necessary to help organizations scale while maximizing IT compliance and business continuity.