Endpoint Security Platforms: EPP and EDR

Posted on

An endpoint is any computing device attached to an Internet-connected network, like computers, mobile devices, printers, routers or sensors. Over 70% of IT security breaches originate from endpoints.

Securing any aspect of IoT requires healthy doses of threat prevention and response. Endpoint protection platform (EPP) and endpoint detection and response (EDR) capabilities help secure IoT network endpoints.

Endpoint Protection Platform

EPP works to prevent attacks using the following methods:

  • Signature Matching – identifying threats using known malware signatures.
  • Sandboxing – testing files for malicious behavior in a segregated environment before allowing them to run.
  • Behavioral Analysis – monitoring endpoints for unusual behavior.
  • Static Analysis – using machine learning to recognize unknown threats.
  • Whitelisting and Blacklisting – blocking and permitting IP addresses, URLs and applications by specific designation.
  • Data Encryption – encrypting data sent to and from endpoints.

While EPP contains tools to identify unknown threats, the platform is best used to detect known malware. Therefore, new threats are likely to break through, and EPP doesn’t contain tools to combat attacks once detected.

Endpoint Detection and Response

EDR detects and combats attacks using the following methods:

  • Threat Detection – analyzing data for indicators of compromise (IOCs) to identify threats.
  • Threat Alerts – providing real-time threat alerts for quick action by security teams.
  • Incident Containment – containing threats to prevent spread across the network.
  • Automated Shutdown – blocking infected endpoints from network access or performing other actions that could spread attack.
  • Data Collection – storing data for analysis by security teams in the event of an attack.
  • Contact Tracing – identifying potential paths through the network and to other endpoints the attack might have reached.

EDR works to aggressively identify and shut down endpoint attacks. However, it doesn’t contain tools to keep threats at bay in the first place.

EPP, EDR & Traditional Antivirus

Traditional antivirus (AV) focuses on individual device protection. Antivirus software on computers, mobile phones and tablets target different device-specific threats. Endpoint security platforms like EPP and EDR offer more encompassing protection by focusing on the overall network, making them easier for security teams to manage.

EPP is sometimes referred to as the next-generation antivirus in that is uses similar strategies as traditional antivirus while exhibiting more robust features. However, no one protection strategy (EPP, EDR or AV) is better than the other. Rather than choosing between protecting individual devices, preventing attacks from breaching the network or shutting down threats that breach defenses, an effective security strategy should use all three and employ multiple layers of defense.