Endpoint Protection Tools, Products and Best Practices
Protecting endpoints is crucial to keeping your organizational network secure. While network perimeter security provides some protection, endpoint devices are the primary entry points through which malware and other security threats can breach the network.
Efficient endpoint protection requires a multilayered approach, with a combination of several different endpoint protection products to cover different aspects of endpoint security. It is also important to follow best practices in implementing and managing each tool to ensure optimal security.
Popular endpoint protection tools
Firewalls are commonly used endpoint protection platforms that act as a barrier between an endpoint and the Internet. A firewall filters information entering the network or endpoint through the Internet. If a packet of data is flagged, it is not allowed through. Here are a few best practices for firewall setup and use:
- Don’t buy the first one you come across. Search online and consult with peers to find the most suitable option for your purposes.
- Get an expert to configure and manage the firewall. If you do not have an in-house expert (e.g., on your IT team), consider outsourcing this task to an outside expert.
- Make it secure, but not too secure. An overprotective firewall can prevent users from being able to carry out their everyday tasks – and their frustration will quickly trickle down to the Helpdesk.
- Ensure every endpoint is protected by a software firewall and every Internet connection/server is protected by a hardware firewall.
Antivirus (AV) software is typically installed directly on endpoints, and allows for the detection and removal of malicious applications. Traditional AV uses a virus database to identify potential threats, which are then isolated and destroyed, while Next Generation Antivirus (NGAV) solutions generally incorporate additional technology to help them identify threats without relying solely on a virus database. When using antivirus software, follow these practices:
- Choose a good quality antivirus. While basic, free antivirus solutions are available all over the web, it’s worth investing in a more advanced solution that will provide a higher degree of protection.
- Ensure every endpoint on the network has its own antivirus installation, and that this software is updated regularly. It’s advisable to include this as a rule in organizational security policies.
- Consider complementing AV with additional anti-spyware, anti-malware and anti-rootkit software, to protect endpoints from other forms of malicious threats.
- Ensure endpoints run frequent, regularly scheduled full scans in order to detect any existing viruses that may have penetrated.
- Update virus databases at least once a day, to protect endpoints from the latest threats.
- Use additional endpoint protection features included with most modern antivirus solutions, such as heuristic virus detection and email scanning, for further protection.
Restricting web traffic using URL filtering prevents users from accessing sites that are known or suspected to be malicious or harmful. When using a URL filtering tool, make sure to do the following:
- Set comprehensive policies to determine which web site categories should be allowed and which should not.
- Whenever users come across a suspicious site that is not categorized correctly, it should be submitted to the URL filtering system for classification.
Endpoint detection and response (EDR)
EDR systems include sophisticated intelligence-based tools that continuously monitor endpoints for suspicious activity or other potential security issues, and initiate a real-time response whenever unusual behaviour is detected. When choosing and implementing an EDR system, adhere to the following guidelines:
- Create a thorough security policy for your organization before selecting an appropriate EDR, so you have a clear idea of what you want the EDR to achieve.
- Ensure the solution is appropriate for all types of endpoints used on your network.
- Select an EDR that is compatible with all other elements of your endpoint protection system.
- Ensure that the EDR vendor you select will assist with installation, configuration and integration of the EDR system.
Browser isolation solutions are an essential layer in any comprehensive endpoint protection strategy, as they protect the most prevalent attack vector for ransomware, zero-day attacks, drive-by downloads and other malicious content – the web browser. These solutions fill in a critical gap left by tools such as firewalls and antivirus, as they don’t rely on detecting threats in order to guard against them. Instead they run all active browser-executable code – whether malicious or not – inside an isolated environment such as a VM or container. This ensures that even if there happens to be any malicious code running on the browser, it cannot affect the endpoint. When implementing a browser isolation solution, here are some best practices:
- Choose a remote browser isolation solution (RBI) that executes browsing sessions outside of the organizational network, in a cloud or network DMZ. This shifts any potential risk away from the endpoint and network, for optimal protection.
- Choose a solution that minimizes threat persistence, by ensuring that the browsing environment is reset to a known good state at the end of each session. For instance, Ericom Shield remote browser isolation runs each browser tab in its own disposable container, which is destroyed at the end of the browsing session or after a predetermined period of inactivity, further reducing the risk of infection.
- Aim for a solution that provides the best possible user experience on any device, preferably one that does not require any local agent to be installed, so that users can browse as normal from the device and browser of their choice and IT does not need to install or maintain anything on individual endpoints.
- Ensure the solution is compatible and can integrate effectively with the other components of your organizational security system.
- Utilize integrated file cleansing technology. Some browser isolation solutions come pre-integrated with CDR or other tools for disarming files that users download while browsing.
Best practices for best protection
By layering a variety of endpoint protection tools and following best practices such as those outlined above, IT and security experts can ensure that the network and its endpoints are covered from all angles and greatly reduce the risk of malware infection and other security breaches.
Read about Endpoint Protection Vs Antivirus