Endpoint Security: Protecting Devices to Ensure Productivity

Endpoint Security Overview:

  • In the context of a business PC fleet, endpoints include any productivity device, laptop, desktop, tablet, or phone that connects to the corporate network.

  • Malware and phishing are common threats to endpoints, but more sophisticated attacks such as cryptomining and ransomware are on the rise.

  • Hardware-enabled protections and ecosystem support are high-priority considerations for any business crafting an endpoint security strategy.

BUILT IN - ARTICLE INTRO SECOND COMPONENT

Endpoint security includes the strategies and technology solutions that help secure endpoint devices from digital threats and unauthorized access. Ultimately, the goal of endpoint security solutions is to help protect devices, users, and businesses from lost productivity, cost, and reputation.

What Is Endpoint Security?

Endpoint security is the practice of safeguarding endpoints from unauthorized access and digital threats that can expose data or compromise the performance of the endpoint device. An endpoint refers to any device that receives a signal. In the context of business PC management, endpoints specifically refer to the devices that workers use every day to be productive, from desktops to laptops to tablets and smartphones. Endpoints can also refer to any Internet of Things (IoT) device including sensors and digital signage. However, this article will focus primarily on the business PC use case. A comprehensive endpoint security strategy will include hardware-enabled protections and remote management tools to help protect endpoints that connect to the corporate network.

Endpoint security is becoming even more of a priority as global disruptions require businesses to support a remote workforce on short notice.

Why Is Endpoint Security Important?

Endpoint protection is essential to take advantage of the enhanced productivity that endpoint devices offer, especially when connecting to digital resources outside the corporate network. Endpoint security solutions also help protect against malware and countless digital threats that could lead to lost productivity, excessive downtime, data breaches, and loss of reputation.

Endpoint security is becoming even more of a priority as global disruptions require businesses to support a remote workforce on short notice. More workers are using endpoints and personal devices outside the firewall to connect to the corporate network over the cloud in a practice known as Bring Your Own Device (BYOD). Although this practice can alleviate some of the technology requirements on the business end, it can also increase the threat potential from unsecured consumer devices. A sound endpoint security strategy can help safeguard data, devices, and reputation while allowing businesses to accelerate their productivity.

Endpoint Security Threats

The following is not an exhaustive list of digital threats, but this list can serve as a primer for common threats that endpoint security is designed to help protect against.

  • Malware refers to common digital threats such as viruses, trojans horses, and worms. While there is an influx of new malware each day, tools including antivirus software and firewalls help protect against these threats and are supported by global technology providers like Microsoft and Intel, who are constantly updating their threat definition databases.
  • Cryptojacking refers to the practice of running unauthorized cryptomining code on an endpoint device. Cryptomining is the process of authenticating cryptocurrency transactions for a small cryptocurrency reward. Hackers may install malware on a vulnerable endpoint device that runs cryptomining code as a background process, causing a significant drain on performance.
  • Ransomware locks down an endpoint device and directs users to submit a payment in order to restore access, under threat of erasing all data on the device if a payment isn’t provided.
  • Privilege escalation occurs when malware exploits a system vulnerability to obtain higher permission levels on an endpoint device, allowing hackers to gain access to data and apps, or run executables as though they had administrator access.
  • Phishing occurs when hackers send fraudulent emails or messages in an attempt to get unsuspecting workers to follow hyperlinks to compromised websites, download malware, or grant device permissions to unauthorized users. These attacks tend to bypass many endpoint security countermeasures, so it is up to the user to exercise good judgment to identify, avoid, and report phishing attempts.
  • Zero-day attacks refer to previously unknown exploits for which there is no known prevention or remedy. When a zero-day attack occurs, businesses and technology providers have to work quickly to discover a remedy and limit the scope of damage or losses.

Endpoint Security and Virtualization

Virtualization is the practice of using simulated computing environments, complete with their own operating system (OS), abstracted from a device’s hardware. Using virtualization, a user can run multiple virtual machines (VMs), each with their own OS, on the same device. Security experts are looking at virtualization with renewed interest as a way to help secure devices against threats, especially as more workers are using their personal devices for professional use. With virtualization, a user can run one VM for their work-related productivity apps, and another VM for their personal apps and recreation, all on the same device.

The key security benefit with virtualization is that each VM is isolated from other VMs. Malware cannot spread from one VM to another. This workload isolation helps protect sensitive business information while allowing workers to make full use of their devices in a professional or personal capacity.

Endpoint Security and Firewalls

Firewalls are enacted through either software or hardware and they monitor data flow to an endpoint’s device ports. Firewalls measure incoming data packets against established rules or parameters and verify packet source/destination to determine whether to block data flow or allow it to proceed. This capability is ideal for blocking traffic from known malicious sources, but firewalls require direction from a user or device manufacturer to dynamically respond to new threats.

Endpoint Security and Antivirus Software

Antivirus software examines code, scripts, and programs, and matches them against a database of known threats to prevent malware from running on an endpoint device. Many endpoint devices run antivirus software as a background process and are optimized to reduce the drain on performance and productivity. Additionally, many device manufacturers and software providers such as Microsoft have teams working around the clock to identify new threats and add definitions to their antivirus database.

The Difference in Endpoint Security for Businesses vs. Consumers

Security is for everyone, and both business users and consumers deserve a secure and dependable device. Businesses assume greater risk as each endpoint in the network is a potential entry point for attackers and malware. However, businesses are also better equipped and have more tools at their disposal to handle these challenges. Remote manageability is a key example. IT departments can use remote manageability tools to monitor and manage endpoints connected within the corporate network, and even some devices that are outside the corporate firewall and connect over the cloud.

The Intel vPro® platform is a suite of technologies designed for business-class PCs that help enhance performance and security. Intel® Active Management Technology (Intel® AMT) is an exclusive capability within the Intel vPro® platform that allows IT technicians to remotely access devices, even if the device is compromised or the OS is unresponsive. Using Intel® AMT, IT departments can remotely repair, patch, and apply firmware updates to business PCs to maintain device health, ensure productivity, and help secure devices against threats.

The Human Perimeter

As with business endpoint devices, consumer devices rely on many of the same antivirus and firewall technologies to safeguard against threats. However, weak passwords continue to be one of the most common vectors of attack. Consumers must be diligent in following best known methods to help secure their endpoints by creating strong passwords, avoiding phishing schemes, and being prudent with personal details they share on social media. (The latter consideration is important because many apps and websites base their password recovery techniques or security questions on a user’s personal details.) Security professionals sometimes refer to these non-technological elements as contributing to the “Human Perimeter” of endpoint security.

Hardware-Enabled Endpoint Security Features

The cornerstone to any comprehensive endpoint security strategy is hardware-enabled protection. As delivered by 11th Gen Intel® Core™ vPro® mobile processors with Intel® Hardware Shield, Intel engineers invented ground-breaking technology to help shut down an entire class of attacks that long evaded software-only solutions.1 Intel® Control-Flow Enforcement Technology (Intel® CET) also provides hardware-enabled threat detection to help ensure application and data security.1 11th Gen Intel® Core™ vPro® mobile processors with Intel® Threat Detection Technology (Intel® TDT) deliver the industry’s first silicon-enabled AI threat detection to help stop ransomware and cryptomining attacks.1

Intel® Hardware Shield, exclusively part of the Intel vPro® platform, provides hardware-enabled protection that helps secure all layers of an endpoint device, including firmware, VMs, OS, and apps. Intel® Hardware Shield helps prevent malware injections and privilege escalation below the OS, and helps ensure that devices boot into a secure, trusted state.

Endpoint Security as a Practice

Endpoint security is an ongoing effort within any business. IT decision makers should consider what services their technology providers offer after purchase to help secure their network and their endpoints. A key offering of the Intel vPro® platform is the continued support of the Intel security ecosystem in furthering threat detection and prevention. One example of these ongoing efforts is the industry-leading Intel Bug Bounty Program, which encourages widespread testing and identification of new bugs. This program is just one piece of an ongoing effort to constantly refine and harden Intel-enabled platforms.

Product and Performance Information

1In thin and light Windows-based devices, based on unique features and testing by IOActive (commissioned by Intel; as of December 2020) comparing Intel® Hardware Shield, Intel TDT security capabilities with corresponding technologies in an AMD Ryzen Pro 4750U-based system. Intel Control-Flow Enforcement Technology (CET) is designed to help protect against jump/call-oriented programming (JOP/COP) attack methods and return-oriented programming (ROP) attack methods, malware known as memory safety issues and which comprise over half of ZDI-disclosed vulnerabilities. Visit www.intel.com/11thgenvpro for details. Results may vary.​