Network Security - endpoint security

1. Antivirus / Anti-Malware

Definition:
Software that detects, prevents, and removes malicious software (malware) from devices. Malware includes viruses, worms, trojans, ransomware, spyware, and adware.

Functions:

  • Real-time scanning: Monitors files, downloads, and emails for malware.

  • On-demand scanning: Allows manual scanning of files or drives.

  • Quarantine and removal: Isolates infected files and removes threats.

  • Signature and heuristic detection:

    • Signature-based: Detects known malware using predefined patterns.

    • Heuristic-based: Detects unknown malware by analyzing suspicious behavior.

Importance:

  • Protects endpoints from infections that can compromise data, applications, and network security.

  • Stops malware from spreading to other devices in the network.

Example:

  • Detecting and removing a ransomware file before it encrypts all documents on a laptop.

2. Endpoint Detection and Response (EDR)

Definition:
Advanced security tools that continuously monitor endpoint activity to detect, investigate, and respond to sophisticated threats.

Functions:

  • Behavior monitoring: Detects unusual activity such as unauthorized file access or suspicious network connections.

  • Threat detection and analysis: Identifies malware, zero-day exploits, or lateral movement attempts.

  • Automated response: Can isolate compromised endpoints or terminate malicious processes.

  • Forensics: Logs and stores detailed data for post-attack analysis.

Importance:

  • Provides real-time protection and visibility beyond traditional antivirus.

  • Helps detect advanced persistent threats (APTs) that evade standard security measures.

Example:

  • An EDR tool detects unusual attempts to access multiple sensitive files and automatically quarantines the affected device.

3. Patch Management

Definition:
The process of regularly updating operating systems, software, and firmware to fix vulnerabilities and improve security.

Functions:

  • Vulnerability identification: Detects outdated software or missing patches.

  • Patch deployment: Installs updates to endpoints automatically or manually.

  • Compliance tracking: Ensures systems meet security and regulatory standards.

Importance:

  • Prevents attackers from exploiting known vulnerabilities.

  • Keeps systems up-to-date with the latest security enhancements.

Example:

  • Installing a security patch for Windows that fixes a flaw allowing remote code execution.

4. Device Encryption

Definition:
The process of converting data on a device into unreadable code to prevent unauthorized access if the device is lost or stolen.

Functions:

  • Full-disk encryption: Encrypts the entire hard drive of the endpoint.

  • File/folder encryption: Encrypts specific sensitive files or directories.

  • Key management: Securely stores encryption keys for authorized access.

Importance:

  • Protects sensitive data at rest on endpoints.

  • Ensures confidentiality even if the device is physically compromised.

Example:

  • Encrypting all files on a company laptop so that if it is stolen, attackers cannot access confidential documents.