In the world of information technology (IT), an endpoint is any device (be it a laptop, phone, tablet, or server) connected to a secure business network. When you connect to a network, you’re creating a new endpoint.
In a perfect world, employees in the office and working remotely (through a VPN, for example) should be able to log and get their job done safely, but that isn’t always the case. Every endpoint is a soft spot that cybercriminals can take advantage of and gain unauthorized access to the network. It could be through an exploit, phishing attack, spyware, Trojan, malspam, or other form of malware. Endpoint protection is the business of hardening endpoints against potential cyberattacks.
Modern endpoint protection (aka endpoint security) generally has eight key features. These features both define how endpoint protection works and, in some cases, differentiate it from consumer-oriented antivirus or anti-malware—even some early forms of endpoint protection too.
We’ve covered what endpoint protection is. So, what is antivirus? The term “antivirus” gets thrown around a lot as a catchall term for any kind of cybersecurity. As it happens, computer viruses are more of a legacy threat than a modern-day scourge. Yes, antivirus protects against old-fashioned computer viruses, but it can also stop the threats most people are worried about today; e.g., Trojans, ransomware, adware, malvertising, malicious websites, etc. This is where we get the word “anti-malware,” which attempts to bring the terminology in line with what the technology actually does. So, when most people say “antivirus,” they’re probably referring to “anti-malware.”
With the terminology out of the way. Let’s get down to brass tacks.
Modern consumer and business antivirus/anti-malware applications both use a blend of signature-based and behavioral analysis to detect threats. With signature-based detection potential threats are checked against a list of known malware. If the program’s signature matches a known threat, it’s blocked. Signature-based detection is accurate and presents minimal risk of false positives. If, by chance, a strain of malware slips past the signature detection layer, machine learning steps in and stops the malware from getting a foothold. As mentioned earlier, if it acts like malware, it probably is malware.
That said, antivirus/anti-malware is only one piece of what you expect to find in a good endpoint protection solution.
To understand how endpoint protection differs from antivirus, it helps to compare the two different use cases; i.e., an individual consumer protecting their home network versus a system administrator charged with securing a medium-to-large sized business. The primary differentiator here is centralized management.
The consumer at home downloads an antivirus (or anti-malware) program, dials in the protection, and schedules or performs scans as needed. With active threat blocking and automatic software updates there’s not much the consumer needs to do after the initial setup. The only caveat? The consumer must install the security application on each device and set up each device individually. According to Deloitte’s 2019 “Connectivity and Mobile Trends” survey, US households have an average of 11 Internet-connected devices. That may sound like a lot, but it’s generally manageable.
Now, let’s examine the business network. A 2018 LogMeIn survey of IT professionals across Europe and North America found an average of 750 endpoints per organization, comprising servers, computers, and mobile devices. Tellingly, 30% of IT professionals surveyed didn’t even know how many endpoints they managed. A small security team can’t give the same kind of hands-on attention typical of a home user to every endpoint. Moreover, with businesses spread across multiple locations and employees working remotely, it’s not at all possible to get hands-on, literally or figuratively, with every endpoint.
For most businesses, a cloud-based solution is in order, offering unlimited scalability, easy deployment, and robust reporting. Regardless of how big the network is, how many employees work remotely, and how many employees choose to BYOD (bring your own device)—endpoint protection can handle it.
Take a quick scan of infosec news sites on any given day and you can see why companies need endpoint protection. According to Malwarebytes Lab’s 2020 State of Malware Report, attacks on businesses went up 13 percent from 2018 to 2019 while consumer attacks actually went down two percent year over year, showing a marked shift away from consumer attacks, towards business targets. Cybercriminals know which side of the bread is buttered.
Ransomware detections, for instance, are higher than ever, due largely to the Ryuk, Phobos, GandCrab, and Sodinokibi ransomware strains. And it’s not just the big name, Fortune 500 companies getting hit. Organizations of all sizes are being targeted by cybercriminal gangs, lone wolf threat actors, hacktivists, and state-sponsored hackers looking for big scores from companies with caches of valuable data on their networks. Again, it’s the value of the data, not the size of the company. Local governments, schools, hospitals, and managed service providers (MSPs) are just as likely to be the victim of a data breach or ransomware infection.
Consider the average cost of a data breach. The 2019 IBM “Cost of a Data Breach Report” puts the number at $3.92 million. In the US the number is even higher at $8.19 million.
With this sobering data in mind, endpoint protection, like Malwarebytes Nebula for example, is crucial to protecting your endpoints, your employees, your data, the customers you serve, and your business from a dangerous array of cyberthreats and the damage they can cause.
Select your language