Denys Rudyi - Fotolia
6 components to look for in an endpoint security platform
When it comes to selecting an endpoint security product, customers should look for essential features, such as application protection, that are crucial for enterprise security.
A base OS will include some native security components, but those features aren't enough to protect enterprise organizations as cyber attacks grow in number and sophistication.
Many IT teams turn to endpoint security tools to protect their managed desktop endpoints. An endpoint security platform safeguards an organization's entire fleet of desktops to prevent them from being exploited by external or internal hackers.
A comprehensive endpoint security platform should include a wide range of features for mitigating risks to a device and its data such as malware and ransomware protections, application blocklisting, patch management, intelligent analytics, anomaly detection, web and email safeguards, and data encryption.
In fact, modern endpoint security platforms have become so comprehensive that the large feature sets can be overwhelming for customers. Even so, a quality platform should include a fundamental set of features to secure all desktop endpoints.
Here are six of the most important features that endpoint security customers should take into consideration when choosing a platform for their organization and users.
1. Exploit and threat protection
Exploit and threat protection is a broad category of features that addresses risks such as malware, ransomware, spyware, viruses, zero-day threats or any other type of exploiting software. For example, a security platform might perform scans that target known application and OS vulnerabilities and then wipe out or isolate anything the scan finds. In general, endpoint security should be able to proactively detect and block any attempt to compromise a desktop and its data.
An example of a platform with this functionality is Trend Micro Apex One, which defends against malware, ransomware, malicious scripts and other threats. It also includes advanced capabilities for protecting against unknown threats or fileless attacks. Kaspersky Endpoint Security offers another example of threat protection. It includes Kaspersky Sandbox, a virtualized environment for isolating and analyzing suspicious objects. The results of the analysis inform the platform on how to protect other managed endpoints.
2. Network protection
An effective endpoint protection platform should safeguard a device beyond its own borders to help mitigate threats before they reach the device itself. A good example of this is browser protections that prevent users from accessing malicious or unauthorized websites. Some platforms might also offer email gateways to block suspicious messages or provide firewall and intrusion prevention to keep malware from reaching the computer.
For example, Microsoft Defender Advanced Threat Protection (ATP) includes a network engine that inspects network activity to identify and stop threats. Another example is CrowdStrike Falcon Complete, which provides instant visibility into who and what is on the network at all times. The goal of any network protection feature is to protect desktop endpoints from threats before they reach the machine.
3. Application protection
The applications that run on a desktop can be just as susceptible to threats as the underlying OS. For this reason, many security platforms include patch management features that automatically keep applications up to date. Some platforms also provide application blocklisting and allowlisting, and some platforms might support application hardening to reduce the vulnerability surface.
For example, Trend Micro Apex One includes a feature that virtually patches applications' vulnerabilities until IT can deploy a patch. This platform also safeguards against unwanted or unknown applications such as executables or a dynamic link library (DLL). In addition, Trend Micro Apex One includes blocklisting and allowlisting capabilities and can control application installations based on reputation-related variables.
4. Data protection
Data security and protection is an essential component of any effective endpoint security platform. It helps prevent sensitive data and corporate secrets from being compromised through breaches, carelessness or other behavior. For example, some products might provide full-disk encryption or encrypt all web traffic, or they might offer secure password management, file activity monitoring or other data controls that prevent leaks and improve data security.
For instance, Symantec Endpoint Detection and Response can blacklist and whitelist specific files on managed desktops. If this Endpoint Detection and Response (EDR) platform discovers a file-level threat, the platform automatically deletes the malicious files and associated artifacts to ensure the threat doesn't return. The Symantec offering can also automatically sandbox suspicious files to make them available for analysis.
5. Intelligence and analytics
Endpoint security platforms, like other IT systems, are steadily becoming smarter as they incorporate AI, machine learning (ML) and other advanced technologies. These technologies enable security platforms to perform sophisticated analytics, making it possible to implement features such as behavior monitoring, ML-based anomaly detection, deep learning malware detection, forensic analysis or root-cause analysis.
A good example of this is Sophos Intercept X Endpoint, which includes built-in AI technologies to detect known and unknown malware without relying on signatures. The platform also uses behavioral analytics to prevent boot-record attacks and never-before-seen ransomware. Another product that offers behavioral analytics is Symantec EDR, which uses ML and global threat intelligence to expose suspicious activity while minimizing false positives. Bitdefender GravityZone takes yet another approach, using AI and security analytics to correlate global threat intelligence.
6. Centralized management
IT teams should be able to deploy an endpoint security platform easily and quickly. They should also be able to manage the endpoints from a centralized portal that supports such features as endpoint detection, over-the-air enrollment, default profiles, centralized patch management, support ticket generation or the ability to send installation links to remote users. In addition, administrators should be able to easily hunt for and respond to potential threats or actual incidents.
To accomplish this, CrowdStrike Falcon Complete offers endpoint detection and response and managed threat hunting backed by a CrowdStrike team of experts. Bitdefender GravityZone provides automatic alerts that are triaged to ensure faster incident response. And Symantec EDR simplifies incident hunting by offering a broad view of user, memory, software and network baseline activity. This platform also includes the Endpoint Activity Recording tool for hunting attack indicators and performing endpoint analysis.