Endpoint Protection Vs Antivirus
What is endpoint protection?
Endpoint protection is the name given to security solutions that protect endpoints, such as desktop computers, laptops and other devices that connect to a network. Endpoint protection can be accomplished using local solutions, such as software installed on the endpoint itself. In many cases, it involves a centrally managed solution on a server, securing every endpoint connected to the network.
The endpoint is often the weakest link in the organization – especially when used to connect to the Internet – as it serves as a door through which malware and other security threats can gain entry to the organizational network. It’s essential that every endpoint “door” is secured well, to protect the network from security breaches and targeted attacks, in the same way that a person would lock the front door to their home to protect their valuable belongings. Such a solution helps prevent the financial loss, data leaks, and downtime that can occur when a network is compromised.
What is antivirus?
Antivirus software is perhaps the most well-known solution for protecting an endpoint from security threats. It is often, though not always, a local solution, requiring installation on each endpoint. The antivirus software works by scanning incoming files and comparing them to its own database of known threats. If it detects a threat, the antivirus alerts the user, and quarantines or deletes the problematic file. It is an effective and essential step towards protecting the endpoint from known security threats.
However, antivirus itself is not synonymous with endpoint protection. Endpoint protection refers to a comprehensive system of different security techniques, while antivirus is just one of those techniques – it is crucial, but only a part of the bigger picture.
The bigger picture – other endpoint protection methods
There are a number of established endpoint protection methods that can be used in conjunction with antivirus software, such as:
- Firewalls – a firewall can be either a piece of software, or a hardware device. Its primary role is to control the data traffic coming in and out of a network. The firewall can be set up to grant different permissions to different users or endpoints on the network, controlling who can use the network and for what purpose, while also preventing unauthorized access and blocking risky connections. This ensures potential threats are blocked before they get a chance to do any harm. The downside is that some firewalls are over-zealous – blocking harmless applications, which can irritate users, leading to repeated, frantic calls to the Helpdesk.
- URL filtering – URL filtering technology controls which websites can be accessed based on a URL filter list. Usually, organizations will use an existing URL filter database, choosing categories they wish to block - such as known phishing or advertising websites. Lists can also be customized. This is a great way to prevent users from accidentally visiting websites that would make them vulnerable to malware infection and other security breaches. Unfortunately, it’s not practical or possible to include every possible malicious URL – the lists of URLS would be endless, and cyber criminals spin up new domains at a faster pace than any list can track, allowing them to evade the filters. Moreover, threats can be embedded or ‘injected’ into even the most benign websites.
- Endpoint Detection and Response (EDR) – an EDR solution monitors endpoint behavior and detects any abnormal activity that could signal a security threat. EDR tools provide continuous monitoring, gathering information in a central database for behavioral analysis and reporting, all without affecting endpoint functionality. This allows for early identification of known threats, and a fast response to them. EDR relies on sophisticated behavior intelligence, but it is still a detection method – looking for existing threats on endpoints and responding to them. If some unknown threat gets past detection, it could easily compromise a network.
What about unknown and zero-day threats?
Providing prevention, detection, and recovery, all of the above endpoint protection methods create a pretty strong barrier against known security threats. But sophisticated hackers are always creating new web-based threats that can bypass even the most rigorous of detection techniques. These unknown threats - often known as zero-days threats, won’t yet appear on virus databases or URL filter lists, and the way the threat behaves might be different to anything an EDR solution has seen before. To mitigate these threats - another layer of endpoint protection is required.
Remote browser isolation – filling the gap
As the gateway to the Internet, web browsers are the quintessential access point on any endpoint device, making them the leading source of attacks on users according to analysts such as Gartner. While the above detection-based tools do an excellent job addressing known threats that might otherwise penetrate via the browser, Remote Browser Isolation (RBI) protects endpoints against unknown, zero-day web threats that other methods are unable to counter. To the user, browsing is carried out as normal, using a regular web browser. In the background, however, the remote browser isolation solution is busy at work – running all browser-executable code away from the endpoint – in an isolated virtual container located on a cloud or network DMZ. The user is provided with a clean stream of content, seamless and interactive, while no active code, malicious or otherwise, can access the endpoint or network at all. As soon as a user closes the browser, the virtual container itself is destroyed – together with any ransomware, malware or other malicious code inside it.
Endpoint protection from every angle
To adequately secure your network in the best way possible, your endpoints need to be protected from every angle. Antivirus software is just one ingredient. In addition, make use of the best firewall, URL filtering solutions, and EDR tools to protect your endpoints against known threats. Finally, implement solutions such as RBI that protect endpoints from unknown, zero-day threats that attempt to penetrate the organization via web browsers.