What is Endpoint Security?
Historically, securing your business meant protecting the network perimeter. Though you still needed some basics, like antivirus on your endpoints, the focus on network-based defenses did a decent job of keeping your organization secure. Most of your data and endpoints were located inside a corporate perimeter so you could keep them fairly safe by surrounding your sensitive assets with security technologies like firewalls and network IDS/IPS. With so much investment in the network, threat actors also evolved and began going directly after the endpoint - your desktops, your laptops and your servers.
Not only were endpoints less protected, but your business and workforce needs evolved, providing more gaps for attackers to leverage. Data began moving into the cloud and end users routinely work from home, coffee shops, the airport and other locations. Operating Systems and business critical software applications require frequent updates and security patches that are challenging for the typical IT team to keep up with. Thus even well-known vulnerabilities that were patched by the software vendor years ago may remain unpatched in your environment. And threat actors only need one gap to gain access to your organization. The corporate perimeter has essentially dissolved and endpoints are both the new perimeter and the weakest link.
Endpoint Protection Platforms versus Endpoint Detection and Response
Endpoints are targeted by threat actors because they provide access to all of the critical information attackers want and a growing remote workforce combined with a shortage of skilled security professionals makes your endpoints easier to reach and exploit. Because of this, protecting the endpoint is now a top priority for most organizations. To be sure you are choosing the most effective and efficient combination of products and services you must understand the difference between Endpoint Protection Platforms (EPPs) and Endpoint Detection and Response (EDR).
Endpoint Protection Platform (EPP)
PREVENT – DETECT – RESPOND – PREDICT
EPP includes a wide range of security technologies that work together to protect your endpoints, with an emphasis on preventing threats. A unified EPP may include antivirus, Next-Generation Antivirus (NGAV), antispyware, host IDS/IPS and other endpoint security technologies.
Endpoint Detection and Response (EDR)
PREVENT – DETECT – RESPOND – PREDICT
While threat prevention is critical, nothing stops all threats so you need EDR technology to provide visibility into threats that slip past EPP technologies. The focus for EDR is detection and response – find threat actors that may be quietly resident on your endpoints and get the detailed information you need to evict them. Unlike native OS or device logs, EDR technology gathers telemetry specifically designed to identify cyber threats, even those that use no malware.
Advanced Endpoint Threat Detection (AETD) leverages Endpoint Detection and Response technology combined with Secureworks Threat Intelligence and our experienced analysts to answer critical questions like who is the threat actor, how did they get in, what endpoints are compromised, and much more.
Our AETD Elite service includes all the benefits of AETD plus customized Active Threat Hunting to help you make proactive hunting a regular activity versus something you only do in response to an incident.
Advancing Endpoint Security
Technology alone is not enough to stop endpoint threats. Threat actors have become more sophisticated as you struggle with a skills shortage and an overwhelming amount of alerts from your layered security tools. Signature-based security tools, like traditional antivirus, simply can’t keep up, yet stopping threats fast is the key to reducing the cost and impact of a breach. You need a combination of people, process and technology to keep your endpoints safe.
Moving from outdated, signature-based antivirus is a good step towards preventing more threats on your endpoints. Next-Generation Antivirus (NGAV) leverages machine learning and other non-signature techniques that identify more threats, including those that use little or no malware and thus may slip past traditional antivirus. While NGAV technology is better, a managed NGAV service provides the skills and resources to help you get the most from your investment in this newer technology.