Buyer's Handbook:

Assess endpoint security tools to fulfill organizational needs

Antimalware protection and the fundamentals of endpoint security

Learn about antimalware protection and how endpoint security technology prevents malware from infecting end-user computers and corporate networks.

Endpoint antimalware protection actively works to prevent malware from infecting a computer. In many such products, the security technology extends to virtual desktops and mobile devices, as well as to workstations and laptops.

Common types of malware that affect computers and all kinds of mobile devices include virusesTrojan horseswormsspywarerootkits and the like.

The term endpoint used with antimalware usually implies a product is designed for use within an organization versus individual consumer use on a one-off or per-household basis, which could mean a small business, branch office, midsize company, government agency or enterprise.

With millions of different kinds of malware in the wild and with cyberattacks on the rise, one hypercritical issue for organizations of any size is to ensure strong protection against malware. In addition, organizations that fall under the regulatory umbrella of laws, such as the Gramm-Leach-Bliley Act and HIPAA, or that adhere to PCI DSS standards for accepting payment cards, must run antimalware software to honor their compliance requirements.

The advantages of endpoint antimalware protection software

Endpoint antimalware protection must be able to prevent malware attacks; protect users when they are exchanging emails, browsing the web or connecting devices; as well as stop the proliferation of any attacks that manage to succeed.

To meet those goals, today's endpoint antimalware protection suites provide layered protection in the form of powerful antivirus functionality such as Antispyware, email inbox protection, host-based firewalls, data loss prevention, warnings when visiting websites that could pose safety risks and much more. Endpoint antimalware protection suites also bring the ability to shield against zero-day threats: new or otherwise unknown exploits.

The beauty of such antimalware suites is that a single package with multiple functionalities presents a cohesive defense between external malware and internal systems and data. This type of in-depth defense uses different methods to stop malware, so an attempted attack or intrusion is unlikely to succeed simply by making its way through a single layer of protection. A suite is also easier for IT to manage than a collection of different applications from different vendors.

Think of a computer or device with endpoint antimalware protection installed as a heavily fortified castle with thick walls, a moat, steel gates and drawbridges. Guards inside and out constantly watch for suspicious activity, ready to block or slay the dragons.

Characteristic features of endpoint antimalware protection

Here are some typical features found in endpoint security suites:

  • Antivirus. Malware writers go to great lengths to create malware that avoids detection and resists removal. Today's antimalware products typically combine signature-based scanning with heuristics technology and cloud-based global threat intelligence to recognize and root out malware on systems and to prevent infections in the first place. Heuristics is the practice of identifying malware based on previous experiences, observations of malware behavior and typical points of attack. This combination of antivirus technologies is also effective against zero-day threats, which have historically posed major challenges to IT security teams.
  • Antispyware. A malicious spyware infection is probably easier to pick up than a common cold, and it's a major threat to protecting sensitive or confidential data. Antispyware software runs constantly in the background to block spyware installation, regardless of the source.
  • Data loss prevention (DLP). The technologies involved in DLP aim to protect data that leaves the security of the internal business network, whether it's via email messages, USB drives, on a laptop or mobile device, or uploaded to the cloud.
  • Integrated firewall. Although a network should always have firewall protection, running a second firewall on the endpoint provides another layer of defense against malware that finds any cracks in the armor.
  • Device control. Malware can also infect a computer not connected to a network or the internet. Connecting a USB device to a computer or installing software from a CD or DVD always runs the risk of transferring an infected application to the target machine. Device control enables IT to restrict or block user access by setting and enforcing device access rules.
  • Email protection. This component of antimalware suites attempts to filter out phishing emails, spam and other messages that could carry malicious or otherwise suspect content.
  • Website browsing protection. Also referred to as reputation technology, most antimalware protection suites consult some type of ratings database that indicates whether a website is safe to browse or not. With such protection in place, users will be aware they shouldn't open websites reported as unsafe because they will receive warning messages instead.
  • Encryption tools. Many endpoint security suites include tools to encrypt data to protect sensitive information stored on endpoint systems. The only person who can decrypt the data is its intended recipient.
  • Endpoint detection and response. Endpoint protection and response tools use software agents on the endpoints to monitor network events occurring at those endpoints and to report those events to a central database for advanced analysis of suspected malicious activity. When these programs detect any potentially abnormal activity within the network, they flag it as a potential threat.

In addition to the preceding features, some endpoint antimalware suites roll in anti-ransomware technology, application control and network access control, as well as vulnerability assessments and full-disk encryption to protect stored data. Some packages also perform patch assessment and management, assessing system threats and making sure that the most critical patches are applied first.

Deploying and managing endpoint antimalware products

Typically, endpoint antimalware products require an administrator to install a management console on a server to help manage clients, product licenses and logs, or use a web-based console that's part of a cloud service.

This step also creates a database containing settings, privileges, events and security policies. An organization that's very large or that has multiple sites may need to install additional management servers for performance reasons, as well as to replicate data. The next step is to install software (sometimes referred to as an agent) on client computers and devices, either directly or across the network.

Regardless of the approach, clients must be configured for software updates (automatic or pushed from the server) and virus definition updates, at a minimum.

Overall, endpoint antimalware protection is an important and necessary element in any organization's security infrastructure, though it shouldn't be the only element organizations implement. Before diving in, IT managers and security specialists should assess their environments to determine specifically what they need to protect, and they should look two to three years ahead at how their environments are expected to change.

It's also a good idea to research several highly rated endpoint antimalware packages to see how their features compare, determine which packages are most suitable to the organization's size and needs and keep an eye on costs to get the best product for the budget.

Linda Rosencrance contributed to this report

Next Steps

Explore endpoint antivirus alternatives for malware protection

Learn about some of the emerging endpoint security technologies

This was last published in March 2019

Dig Deeper on Network security