What Is Endpoint Security?
Endpoint security is the practice of safeguarding endpoints from unauthorized access and digital threats that can expose data or compromise the performance of the endpoint device. An endpoint refers to any device that receives a signal. In the context of business PC management, endpoints specifically refer to the devices that workers use every day to be productive, from desktops to laptops to tablets and smartphones. Endpoints can also refer to any Internet of Things (IoT) device including sensors and digital signage. However, this article will focus primarily on the business PC use case. A comprehensive endpoint security strategy will include hardware-enabled protections and remote management tools to help protect endpoints that connect to the corporate network.
Why Is Endpoint Security Important?
Endpoint protection is essential to take advantage of the enhanced productivity that endpoint devices offer, especially when connecting to digital resources outside the corporate network. Endpoint security solutions also help protect against malware and countless digital threats that could lead to lost productivity, excessive downtime, data breaches, and loss of reputation.
Endpoint security is becoming even more of a priority as global disruptions require businesses to support a remote workforce on short notice. More workers are using endpoints and personal devices outside the firewall to connect to the corporate network over the cloud in a practice known as Bring Your Own Device (BYOD). Although this practice can alleviate some of the technology requirements on the business end, it can also increase the threat potential from unsecured consumer devices. A sound endpoint security strategy can help safeguard data, devices, and reputation while allowing businesses to accelerate their productivity.
Endpoint Security Threats
The following is not an exhaustive list of digital threats, but this list can serve as a primer for common threats that endpoint security is designed to help protect against.
- Malware refers to common digital threats such as viruses, trojans horses, and worms. While there is an influx of new malware each day, tools including antivirus software and firewalls help protect against these threats and are supported by global technology providers like Microsoft and Intel, who are constantly updating their threat definition databases.
- Cryptojacking refers to the practice of running unauthorized cryptomining code on an endpoint device. Cryptomining is the process of authenticating cryptocurrency transactions for a small cryptocurrency reward. Hackers may install malware on a vulnerable endpoint device that runs cryptomining code as a background process, causing a significant drain on performance.
- Ransomware locks down an endpoint device and directs users to submit a payment in order to restore access, under threat of erasing all data on the device if a payment isn’t provided.
- Privilege escalation occurs when malware exploits a system vulnerability to obtain higher permission levels on an endpoint device, allowing hackers to gain access to data and apps, or run executables as though they had administrator access.
- Phishing occurs when hackers send fraudulent emails or messages in an attempt to get unsuspecting workers to follow hyperlinks to compromised websites, download malware, or grant device permissions to unauthorized users. These attacks tend to bypass many endpoint security countermeasures, so it is up to the user to exercise good judgment to identify, avoid, and report phishing attempts.
- Zero-day attacks refer to previously unknown exploits for which there is no known prevention or remedy. When a zero-day attack occurs, businesses and technology providers have to work quickly to discover a remedy and limit the scope of damage or losses.
Endpoint Security and Virtualization
Virtualization is the practice of using simulated computing environments, complete with their own operating system (OS), abstracted from a device’s hardware. Using virtualization, a user can run multiple virtual machines (VMs), each with their own OS, on the same device. Security experts are looking at virtualization with renewed interest as a way to help secure devices against threats, especially as more workers are using their personal devices for professional use. With virtualization, a user can run one VM for their work-related productivity apps, and another VM for their personal apps and recreation, all on the same device.
The key security benefit with virtualization is that each VM is isolated from other VMs. Malware cannot spread from one VM to another. This workload isolation helps protect sensitive business information while allowing workers to make full use of their devices in a professional or personal capacity.
Endpoint Security and Firewalls
Firewalls are enacted through either software or hardware and they monitor data flow to an endpoint’s device ports. Firewalls measure incoming data packets against established rules or parameters and verify packet source/destination to determine whether to block data flow or allow it to proceed. This capability is ideal for blocking traffic from known malicious sources, but firewalls require direction from a user or device manufacturer to dynamically respond to new threats.
Endpoint Security and Antivirus Software
Antivirus software examines code, scripts, and programs, and matches them against a database of known threats to help prevent malware from running on an endpoint device. Many endpoint devices run antivirus software as a background process and are optimized to reduce the drain on performance and productivity. Additionally, many device manufacturers and software providers such as Microsoft have teams working around the clock to identify new threats and add definitions to their antivirus database.
The Difference in Endpoint Security for Businesses vs. Consumers
Security is for everyone, and both business users and consumers deserve a secure and dependable device. Businesses assume greater risk as each endpoint in the network is a potential entry point for attackers and malware. However, businesses are also better equipped and have more tools at their disposal to handle these challenges. Remote manageability is a key example. IT departments can use remote manageability tools to monitor and manage endpoints connected within the corporate network, and even some devices that are outside the corporate firewall and connect over the cloud.
Developed for the IT professionals of today and tomorrow, the Intel vPro® platform integrates a suite of transformative technologies that have received extra tuning and testing for demanding business workloads. Thousands of hours of rigorous validation by Intel and industry leaders ensure that every device built on the Intel vPro® platform sets the standard for business. Each component and technology is designed for professional grade, with many features and benefits enabled right out of the box, so IT can be confident with tools to enhance everyone’s productivity, help secure their business’ data, manage critical devices remotely, and build their fleet on a more reliable platform.
The Human Perimeter
As with business endpoint devices, consumer devices rely on many of the same antivirus and firewall technologies to safeguard against threats. However, weak passwords continue to be one of the most common vectors of attack. Consumers must be diligent in following best known methods to help secure their endpoints by creating strong passwords, avoiding phishing schemes, and being prudent with personal details they share on social media. (The latter consideration is important because many apps and websites base their password recovery techniques or security questions on a user’s personal details.) Security professionals sometimes refer to these non-technological elements as contributing to the “Human Perimeter” of endpoint security.
Hardware-Enabled Endpoint Security Features
The cornerstone to any comprehensive endpoint security strategy is multilayer security, and too often the physical layer doesn’t get enough focus. Devices on Intel vPro® have unique hardware-based security features, many of which are enabled right out of the box, including active monitoring for attacks.
As PC fleets become more dispersed, adding protections to more attack surfaces can help mitigate the risk of threats. Intel® Hardware Shield, exclusive to Windows devices built on Intel vPro®, is a collection of security features that aim to meet and exceed Secured-Core PC requirements, covering the firmware, VMs, the OS, and applications to help secure all layers of an endpoint device.
Endpoint Security as a Practice
Endpoint security is an ongoing effort within any business. IT decision makers should consider what services their technology providers offer after purchase to help secure their network and their endpoints. A key element of Intel vPro® is the continued support of the Intel security ecosystem in furthering threat detection and prevention. One example of these ongoing efforts is the industry-leading Intel’s Bug Bounty Program, which encourages widespread testing and identification of new bugs. This program is just one piece of an ongoing effort to constantly refine and harden Intel-enabled platforms while engaging with the larger security community.2