What is Endpoint Protection?
An Endpoint is any device that is connected to a network. This can include the devices we most commonly think of when we talk about cyber security, such as desktop computer, laptops, servers, and mobile devices like phones and tablets, but there are more endpoints than just these on almost every home and work network. Wearable technology such as smart watches, integrated smart solutions that connect to Wi-Fi such as door control, CCTV, and smart home technology (called Internet of things (IoT) devices), as well as practical utilities such as printers, and network infrastructure devices including servers and switches are all considered endpoints.
Any endpoint can be used by hackers to access your network, so endpoint security is very important in order to protect your data and privacy. Traditionally when you consider security for your devices such as PCs and laptops, you think of antivirus. Antivirus is a program that protects your device from lots of different forms or malware and viruses, as well as blocking dangerous websites and preventing phishing attempts by flagging malicious links and emails. Antivirus software is usually installed on one endpoint at a time and offers protection for that device only. Endpoint Protection systems, also called Endpoint Detection and Response (EDR) solutions, take a more holistic approach to your cyber security. Instead of focusing on the security of just one device, endpoint protection offers security to the whole network and all connected endpoints.
Antivirus software works by having a library of malicious content that it is looking out for on your systems. When it recognises a website or piece of malware that is knows is dangerous, it will alert you to the problem and sometimes also step in to block it from running. This works well for controlling old, known malware, but what about a new cyber attack with new malware that hasn’t been seen before? Endpoint protection is cloud-based, and keeps up to date automatically, using threat hunting capabilities to identify instances of an attack on your network, identify and block malicious activity, and build a connected story of how the attack happened and what steps were taken to remediate it for your SOC team to review. Using AI capabilities, EDR solutions can resolve security incidents before they spread and have a proactive role in maintaining the security of your network, not just functioning as an alert system that then requires human interaction.
Endpoint protection software is managed centrally by IT security admins and the SOC team. Any changes that are made to the security configurations at the central location, whether that is a physical server or cloud-based, are automatically applied to all the endpoints on the network. This can also be used across a virtual network environment, when devices are out of the offices because employees are working remotely, or in situations where no physical office exists. If your employees can access your corporate network remotely, then any cyber criminals with access to their devices or home networks can too. Endpoint protection systems being applied to those remote working devices, including BYOD (bring your own device) and IoT devices, reduces the likelihood and effectiveness of a cyber attack.
Cool Waters SentinelOne EDR provides industry leading protection for your business, that is actively managed and monitored by our SOC 24*7. It can be licensed stand alone and is included as standard in our Managed Cyber Team service.
Our Managed Cyber Team is a great way to outsource your cyber security operations to ensure the best protection for your business. We use the industry leading endpoint protection solution SentinelOne combined with a SIEM service that collects all the event logs from across your network. This provides a holistic view of your network and endpoints to effectively manage suspicious activity and deal with malware or hackers. SentinelOne’s EDR provides the SOC team with a full picture of events, through their behavioural engine that tracks all activity across the network. This removes the likelihood of attacks being missed by human error through ‘alert fatigue’, where the threat analysts have so many logs to dig through that they miss what is really important.
Cool Waters Managed Cyber Team provides you with a Security Operations Centre (SOC) team to proactively manage your cyber security, actively monitoring 24 hours a day, 7 days a week. This includes training and monitoring the SIEM to spot attacks and attempted breaches as they occur and then to respond in real time to contain the intruders or malware. Our SIEM service, backed up by our SOC, is a cost-effective way to meet the needs of PCI-DSS for daily log monitoring and investigations – including log retention for 12 months. Our Emergency Response Team (ERT) is available to assist with significant attacks on your network, drawing the expertise of the SOC team to deploy at short notice experts skilled in handling the most complicated and aggressive ransomware and cyber attacks.
Book a free discovery call to find out how quickly and easily we can get started.