Why do you need endpoint security?
Blog by: Diğdem Çiftçi, Security Engineer.
Endpoint security; this term is one of the most heard ones in the last few years during big Security events, conferences, webinars and blogs. Some call it a mandatory part of the security platform, others say it’s just a new term for antivirus, and others call it an overrated approach. One thing is clear: it is a term that does not immediately make clear what can be expected from it.
In this blog I will talk about endpoint security, what it really means, involves and why organizations need endpoint security without a doubt.
Endpoint security is securing end-user devices such as mobile devices, laptops, and desktop PCs, servers; so any device that’s connected to your enterprise network. These endpoints can be considered as an entry point to the network.
Gartners definitions of endpoint security
Gartner releases various Magic Quadrants every year, including those for endpoint security, which form a baseline for many companies in regard to their security strategy. In the Magic Quadrant for endpoint security, the strengths and weaknesses of 21 Endpoint Protection Platform (EPP) suppliers are evaluated every year.. In 2018, Gartner defines endpoint protection as “solution deployed on endpoint devices to prevent file-based malware, to detect and block malicious activity from trusted and untrusted applications, and to provide the investigation and remediation capabilities needed to dynamically respond to security incidents and alerts.” I find it important to place this definition here because like everything in security, this approach will most likely be temporary and it will change over time. Even the definition above contrasts with the 2017 definition. Endpoint Detection and Response (EDR) was considered a necessity in 2017, however in 2018 it is considered as a welcome supplement according to Gartner.
Evolution of systems and security measures
Why do you need to have thorough endpoint protection? Is end-to-end monitoring of packet transfers and “closing” the entire network via firewall rules not sufficient? The answer is: no, it is definitely not!
Want to learn more about Endpoint Security?
Thursday June 13, 2019 at 11:00 AM Diğdem, together with Security Consultant Harm, will host the webinar Palo Alto Networks Traps: Simplifying endpoint security. Register now for the digital event.
As threats evolved in recent years, the approach to endpoint security could not lag behind. The basic requirements for a relatively small company may consist of a firewall and an antivirus solution, with which they consider themselves safe. However, in real life security where the entire risk exists, this approach should be a bit more technologically advanced. Not so complex that the entire process becomes impossible, but complex enough to remain safe. Antivirus software and personal firewalls can be described as simple forms of endpoint security. Modern endpoint security, however, uses more advanced methodologies. These include detective mechanisms that identify and block threatening actions and behaviors, either from end users or intruders.
It is not only threats or security risks that evolve over time. It is also systems, IT structures that are used, the evolutionary shift from data centers with hardware-based systems to virtual environments, private / public cloud infrastructure, etc. For example: the term ‘back-end system’ no longer refers only to hosts , storage and applications within a data center, but nowadays also to virtualized resources in the data center or in the cloud. This is also the case with endpoints; this term not only refers to traditional devices, but also to mobile devices such as telephones and tablets. Networks refer not only to electronic interconnections and protocols between systems, but also to social connections between people, both inside and outside the boundaries of the organization.
This means that there are different security requirements. With the increase in mobile threats and the use of mobile devices, the need for effective endpoint security measures has increased accordingly. Mobility of employees means that the effectiveness of network security is reduced, because control over the network via firewalls is no longer sufficient. We are also dealing with endpoints in isolated networks that some companies use for special purposes and that they are not connected to a network or have very limited connectivity. Updating, monitoring and managing such endpoints is therefore made difficult, which imply other demands on their security.
That is why endpoint security is a requirement for every organization that strives for safety and continuity. Want to know more about endpoint security? For more information and advice, contact SecureLink.