Endpoint security systems protect computers and other devices on a network or in the cloud from cybersecurity threats. Endpoint security has evolved from traditional antivirus software to providing comprehensive protection from sophisticated malware and evolving zero-day threats.
Organizations of all sizes are at risk from nation-states, hacktivists, organized crime, and malicious and accidental insider threats. Endpoint security is often seen as cybersecurity's frontline, and represents one of the first places organizations look to secure their networks.
As the volume and sophistication of cybersecurity threats have steadily grown, so has the need for more advanced endpoint security solutions. Today’s endpoint protection systems are designed to quickly detect, analyze, block, and contain attacks in progress. To do this, they need to collaborate with each other and with other security technologies to give administrators visibility into advanced threats to speed detection and remediation response times.
Endpoint security components
Typically, an endpoint security solution will include these key components:
- Machine-learning classification to detect zero-day threats in near real time
- Advanced antimalware and antivirus protection to protect, detect, and correct malware across multiple devices and operating systems
- Proactive web security to ensure safe browsing on the web
- Integrated firewall to block hostile network attacks
- Actionable threat forensics to allow administrators to quickly isolate infections
- Centralized endpoint management platform to improve visibility and simplify operations
The "internet of everything" has multiplied endpoints
Endpoints can range from the more commonly thought of devices like laptops, tablets, and mobile devices, to printers, servers, and even ATM machines and medical devices. If a device is connected to a network, it is considered an endpoint. With the growing popularity of BYOD (bring your own device) and IoT (internet of things), the number of devices connected to an organization's network can quickly reach into the tens (and hundreds) of thousands.
Because they are entry points for threats and malware, endpoints (especially mobile and remote devices) are a favorite target of adversaries. Mobile devices have become much more than just Android devices and iPhones—think of the latest wearable watches, smart devices, voice-controlled digital assistants, and other IoT-enabled smart devices. We now have network-connected sensors in our cars, airplanes, hospitals, and even on the drills of oil rigs. As the different types of endpoints have evolved and expanded, the security solutions that protect them have also had to adapt.
The latest SANS endpoint security survey highlights the importance of implementing a comprehensive endpoint protection solution. Some of the key findings from this survey include:
- 42% of respondents reported that their endpoints had been breached.
- A variety of threat vectors were used, including web drive-by (63%), social engineering/phishing (53%), and/or ransomware (50%).
- Only 47% of attacks were detected by antivirus.
- 32% of compromises were detected by SIEM alerts.
View the infographic >
The evolution of virus protection—from signatures to machines
The endpoint security business began in the late 1980s with antivirus software that could recognize malicious software (malware) by their signatures. The first endpoint antivirus tools searched for changes in file systems or applications that matched known patterns, and flagged or blocked those programs from running. As the internet and e-commerce gained popularity, malware became more frequent, more complex, and more difficult to detect. It also no longer relies on signatures, and the industry is seeing a rise in fileless malware. Today, fighting malware is much more of a team sport, and antivirus software is just one of many weapons.
This increase in weapons brings more complexity. The rapid growth of security products with overlapping functionality and separate management consoles can make it difficult for many organizations to get a clear picture of potential attacks. Security teams, after years of bolting endpoint security point products together, often end up managing multiple agents and consoles—with little to no integration or automation.
Recent research shows that isolated endpoint solutions can't keep up with sophisticated, emerging threats. Tactical security firefighting can be replaced with integrated, multistage defenses that adapt to outsmart attackers. The latest endpoint protection requires finding and correcting hidden attacks in seconds, not months. This requires a closed-loop system that automatically shares threat intelligence between connected components to detect, resolve, and adapt to new attack strategies. Integrated multistage protection lets organizations collaborate, share threat insights, and act efficiently to combat future threats.
We're now at a stage where humans can’t do it alone—and are teaming up with machines. Machine learning and artificial intelligence are enabling endpoint defenses to evolve at nearly the same speed as the attacks. Traditional capabilities such as firewall, reputation, and heuristics are combined with machine learning and containment to stop the most advanced attacks.
Advanced endpoint security solutions
McAfee offers a full range of solutions that combine powerful endpoint protection with efficient endpoint management. McAfee Endpoint Security combines established capabilities such as firewall, reputation, and heuristics with cutting-edge machine learning and containment, along with endpoint detection and response (EDR) into a single platform agent, with a single management console. The resulting integrated endpoint protection platform keeps users productive and connected while stopping zero-day malware, like ransomware, before it can infect the first endpoint.