As a non-technical person living and breathing IT, it can often be confusing trying to sift through the jargon that abounds in the industry. Over the coming weeks I will try to demystify (and maybe do some learning on the job) some of the jargon and make it a bit more accessible for a layperson!
This week I am going to look at the difference between Antivirus and Endpoint Protection.
Firstly, what is an endpoint? An endpoint is a device that is connected to a network, and that communicates, both back and forth, across that network. In the most common usage case, these would be Laptops, PCs or Mobile Devices that communicate over the internet. Endpoints can also be modems, routers, switches or servers.
Antivirus (AV) is a piece of software that will typically reside on an endpoint and forms part of an endpoint protection strategy. Techopedia defines Antivirus as software that detects, prevents and removes viruses, worms and other malware from a computer. This software is usually dynamic, with regular updates ensuring the endpoint is protected against all of the latest threats.
AV software will scan incoming files and then compare them to its database of known threats. Once a threat is detected, the AV will generally send an alert to the endpoint, while placing the threat under quarantine. The user can then go and review the threat and delete it from their endpoint. Not all antiviruses are made equal however, just because one AV was able to stop a threat, doesn’t necessarily mean that all other AVs on the market would also have stopped it.
Endpoint Protection on the other hand is more all-encompassing. Endpoint protection solutions are centrally managed and provide protection across the full range of devices (end user devices, servers, network devices etc) that may be present on the network. The main console will reside on a centrally managed server or gateway within a network, and then a client will be installed on each endpoint to ensure each device is protected.
Gartner defines an Endpoint Protection Platform (EPP) as “a solution deployed on endpoint devices to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.”
So, while AV is absolutely an integral part of an Endpoint Protection strategy, there are many other security techniques that formulate Endpoint Protection such as:
- Host intrusion prevention systems (HIPS)
- Application control
- URL Filtering (e.g. whitelists and blacklists)
- Data loss prevention tools
- Data encryption services
- Endpoint Management
The most comprehensive Endpoint Protection Platforms will also integrate with other platforms that offer patching and configuration management capabilities. This “defense in depth” results in more proactive protection for users and devices.
The best EPPs are cloud managed, allowing continuous monitoring and collection of data to discern behaviour patterns. This also allows Managed Service Providers like Lucidity to immediately take remediation actions should an issue be identified. This is especially pertinent in a world where more and more organisations are embracing BYOD (bring your own device); with a wider variety of endpoints now connecting to an enterprises network, having more control and visibility across these devices is essential, as is being able to immediately address any vulnerabilities.
Endpoints are the most common entry points for cyber-attacks, they need to be protected, not just against viruses, but also against the many other forms of attack that can target your business.
Lucidity utilises a wide range of technologies from leading security vendors to provide protection in-depth to customers. Lucidity’s Managed Desktop has built-in protection from Fortinet and SentinelOne – both global leaders in security. Lucidity offers a range of managed security services that will proactively help you to protect your employees and your business from ransomware, phishing attacks, viruses and other malware.