Endpoint Security

Endpoint security protects end-user devices such as computers, mobiles and tablets against malware, ransomware and unauthorised access. Modern endpoint security combines prevention, detection and response in a single platform.

Back to Dictionary

What is endpoint security?

An endpoint is any device that connects to the organisation’s network: laptops, desktops, smartphones, tablets, servers and IoT devices. Each endpoint is a potential entry point for attackers, and endpoint security is about protecting these entry points.

Traditional antivirus is no longer sufficient. Modern threats use fileless attacks, zero-day exploits and advanced social engineering that bypass signature-based detection. Endpoint security has therefore evolved into platforms that combine prevention, behavioural analysis and automated response.

Endpoint security is part of a defence in depth alongside firewalls, network segmentation and identity management. Even the strongest perimeter security is of no help if an attacker is already on a compromised device.

Components

A modern endpoint protection platform (EPP) typically includes:

Anti-malware: Signature-based and heuristic detection of malware, ransomware and spyware.
Behavioural analysis: Monitors processes and file activity to detect abnormal patterns that may indicate an attack.
Host-based firewall: Controls network traffic to and from the device.
Device control: Manages access to USB ports, external drives and other peripheral devices. Prevents data theft via physical media.
Disc encryption: Encrypts data on the device so it is protected in the event of theft or loss.
Vulnerability assessment: Scans endpoints for missing patches and known vulnerabilities. Works closely with patch management.

For mobile devices, mobile device management (MDM) supplements endpoint security with features such as remote locking, remote wiping and app control.

EDR and XDR

EDR (Endpoint Detection and Response) goes beyond prevention and focuses on detecting and responding to threats that have already got through:

Continuous monitoring: EDR records all activity on the endpoint and sends telemetry data to a central platform.
Threat detection: Analyses data with rules, threat intelligence and machine learning to identify suspicious behaviour.
Investigation: Provides the security team with tools to investigate incidents, trace attack chains and understand scope.
Response: Ability to isolate compromised devices, kill malicious processes and roll back changes.

XDR (Extended Detection and Response) extends EDR by aggregating data from endpoints, networks, email and cloud into a single platform. It integrates with SIEM systems and gives incident response teams a unified view.

Regardless of whether you choose EPP, EDR or XDR, security awareness among users remains the most important factor. Technology catches a great deal, but an alert user catches what technology misses.

Regulations and standards

NIS2 requires essential and important entities to implement measures to protect their IT systems, including endpoints. DORA imposes similar requirements on financial institutions’ ICT security.

ISO 27001 and Annex A contain controls for protection of user devices (A.8.1) and malware protection (A.8.7). An ISMS should define endpoint security requirements as part of technical and organisational measures.

CIS 18 dedicates Control 10 to malware defence, which directly concerns endpoint security. Under GDPR, endpoint security is relevant for protecting personal data on employees’ devices.

Frequently Asked Questions about Endpoint Security

What is the difference between antivirus and EDR?

Traditional antivirus matches files against a database of known threats. EDR (Endpoint Detection and Response) monitors behaviour in real time, detects unknown threats based on abnormal patterns and enables investigation and response to incidents.

Does endpoint security also cover mobile devices?

Yes, modern endpoint security platforms cover computers, mobiles and tablets. However, mobile devices often require a separate MDM (Mobile Device Management) solution for full control over the device.

What is XDR?

XDR (Extended Detection and Response) extends EDR by aggregating data from endpoints, networks, email and cloud into a single platform. It provides a unified overview and enables faster detection and response across the entire IT environment.

Is endpoint security enough to protect an organisation?

No, endpoint security is one layer in a defence in depth. You also need network security, identity management, security awareness and incident response. An attacker who bypasses endpoint security must encounter multiple barriers.