6 components to look for in an endpoint security platform

1. Exploit and threat protection

Exploit and threat protection is a broad category of features that addresses risks such as malware, ransomware, spyware, viruses, zero-day threats or any other type of exploiting software. For example, a security platform might perform scans that target known application and OS vulnerabilities and then wipe out or isolate anything the scan finds. In general, endpoint security should be able to proactively detect and block any attempt to compromise a desktop and its data.

An example of a platform with this functionality is Trend Micro Apex One, which defends against malware, ransomware, malicious scripts and other threats. It also includes advanced capabilities for protecting against unknown threats or fileless attacks. Kaspersky Endpoint Security offers another example of threat protection. It includes Kaspersky Sandbox, a virtualized environment for isolating and analyzing suspicious objects. The results of the analysis inform the platform on how to protect other managed endpoints.

2. Network protection

An effective endpoint protection platform should safeguard a device beyond its own borders to help mitigate threats before they reach the device itself. A good example of this is browser protections that prevent users from accessing malicious or unauthorized websites. Some platforms might also offer email gateways to block suspicious messages or provide firewall and intrusion prevention to keep malware from reaching the computer.

The applications that run on a desktop can be just as susceptible to threats as the underlying OS.

For example, Microsoft Defender Advanced Threat Protection (ATP) includes a network engine that inspects network activity to identify and stop threats. Another example is CrowdStrike Falcon Complete, which provides instant visibility into who and what is on the network at all times. The goal of any network protection feature is to protect desktop endpoints from threats before they reach the machine.

3. Application protection

The applications that run on a desktop can be just as susceptible to threats as the underlying OS. For this reason, many security platforms include patch management features that automatically keep applications up to date. Some platforms also provide application blocklisting and allowlisting, and some platforms might support application hardening to reduce the vulnerability surface.

For example, Trend Micro Apex One includes a feature that virtually patches applications' vulnerabilities until IT can deploy a patch. This platform also safeguards against unwanted or unknown applications such as executables or a dynamic link library (DLL). In addition, Trend Micro Apex One includes blocklisting and allowlisting capabilities and can control application installations based on reputation-related variables.

4. Data protection

Data security and protection is an essential component of any effective endpoint security platform. It helps prevent sensitive data and corporate secrets from being compromised through breaches, carelessness or other behavior. For example, some products might provide full-disk encryption or encrypt all web traffic, or they might offer secure password management, file activity monitoring or other data controls that prevent leaks and improve data security.

For instance, Symantec Endpoint Detection and Response can blacklist and whitelist specific files on managed desktops. If this Endpoint Detection and Response (EDR) platform discovers a file-level threat, the platform automatically deletes the malicious files and associated artifacts to ensure the threat doesn't return. The Symantec offering can also automatically sandbox suspicious files to make them available for analysis.

5. Intelligence and analytics

Endpoint security platforms, like other IT systems, are steadily becoming smarter as they incorporate AI, machine learning (ML) and other advanced technologies. These technologies enable security platforms to perform sophisticated analytics, making it possible to implement features such as behavior monitoring, ML-based anomaly detection, deep learning malware detection, forensic analysis or root-cause analysis.

A good example of this is Sophos Intercept X Endpoint, which includes built-in AI technologies to detect known and unknown malware without relying on signatures. The platform also uses behavioral analytics to prevent boot-record attacks and never-before-seen ransomware. Another product that offers behavioral analytics is Symantec EDR, which uses ML and global threat intelligence to expose suspicious activity while minimizing false positives. Bitdefender GravityZone takes yet another approach, using AI and security analytics to correlate global threat intelligence.

6. Centralized management

IT teams should be able to deploy an endpoint security platform easily and quickly. They should also be able to manage the endpoints from a centralized portal that supports such features as endpoint detection, over-the-air enrollment, default profiles, centralized patch management, support ticket generation or the ability to send installation links to remote users. In addition, administrators should be able to easily hunt for and respond to potential threats or actual incidents.

To accomplish this, CrowdStrike Falcon Complete offers endpoint detection and response and managed threat hunting backed by a CrowdStrike team of experts. Bitdefender GravityZone provides automatic alerts that are triaged to ensure faster incident response. And Symantec EDR simplifies incident hunting by offering a broad view of user, memory, software and network baseline activity. This platform also includes the Endpoint Activity Recording tool for hunting attack indicators and performing endpoint analysis.