What is endpoint protection? Simply stated, it is the defenses that are enabled on end user devices. Some solutions are no cost. Some are low cost. And others, depending upon the capabilities, can be quite expensive.
Before discussing the capabilities of various solutions it would be important to understand the acronyms and what these products can provide.
- EDP-Endpoint Detection and Protection
- What is the difference between EPP and EDR?
- EPP (Endpoint Protection Platform) covers traditional anti-malware scanning, whereas EDR (Endpoint Detection and Response) covers some more advanced capabilities like detecting and investigating security incidents and the ability to remediate endpoints to pre-infection state.
- EDR-Endpoint Detection and Remediation EDR is the baseline monitoring and threat detection tool for endpoints and the foundation for every cybersecurity strategy. This solution relies on software agents or sensors installed on endpoints to capture data, which it sends to a centralized repository for analysis.
- XDR-Extended Detection and Response XDR extends EDR capabilities to protect more than endpoints. The XDR solution “extends” across the infrastructure, streamlining security data ingestion, analysis and workflows across an organization’s entire security stack to enhance visibility around hidden and advanced threats and to unify the response.
Security is most effective when applying layers. The more obstacles you can place between the end user and the bad guys, the more secure your users and your network will be. Base level protections should be implemented before adding additional solutions. This includes enabling host-based firewalls and anti-virus software. Next generation anti-virus (NGAV) goes a step further by combining artificial intelligence and machine learning, behavioral detection and exploit mitigation. This allows for mitigation of unknown threats. Strong and unique passwords along with MFA are beneficial components for protection of users and assets.