Endpoint Protection and EDR

Cynet converges endpoint protection, EDR and all other essential security technologies into the first autonomous security platform to provide total environment visibility and protection

Learn More

EPP Security: Prevention, Detection and Response at Your Fingertips

There is a huge proliferation of endpoints in organizations: workstations, corporate mobile devices, Bring Your Own Device (BYOD), container-based resources, cloud servers, and more. All of these are attractive targets for attackers, who can bypass the traditional security perimeter and directly target endpoints.

Until not long ago, an antivirus package was considered state of the art endpoint protection. Today, legacy antivirus is still important but is only a small piece of the puzzle. In this article we explain how modern Endpoint Protection Platforms (EPP) and a new EPP Security paradigm can help prevent a wide range of evolving threats, as well as allow teams to detect and react to breaches on endpoints across the enterprise via EDR security technology.

In this article you will learn:

What is EPP?

Endpoint Protection Platforms (EPP) are defined by Gartner as:

“A solution deployed on endpoint devices to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.”

EPP Prevention Features

The first part of the definition – “a solution to prevent malware …” is the next logical step after traditional antivirus. EPP aims to prevent and block a wide range of threats, by providing:

  • Next-Generation Antivirus (NGAV) – detects and blocks new types of malware, and malware that evades detection by modifying its binary signature.
  • User and Event Behavioral Analytics – to detect anomalous or suspicious behavior on an endpoint, and other measures to block evolving threats.
  • Application control, browser control and whitelisting – restricts and blocks certain applications and websites on the endpoint.
  • Device control and compliance – enables security teams to remotely control endpoints, gather data from endpoints for auditing, investigation and compliance purposes, and enforce policies.
  • Sandbox – an isolated location on the device where potential malware can be contained, analyzed and “detonated” in a way that does not threaten the rest of the device.

Which Types of Attacks Can EPP Prevent?

The preventive side of an EPP solution can block many types of attacks, including:

  • Malware with known attack signatures (detectable by legacy AV)
  • Zero-day malware or malware without a known attack signature
  • Fileless attacks
  • Ransomware
  • Exploits of known software vulnerabilities
  • Code injection
  • Rootkits and backdoors

EPP with EDR for Detection and Response

The second part of the Gartner definition – “provide investigation and remediation capabilities” – talks about Endpoint Detection and Response (EDR) technology, which helps security teams react to incidents that occur on endpoints, gather information and take immediate action to contain and mitigate them.

To many in the industry EPP is only about preventive measures that can block threats on endpoints. But in Gartner’s holistic definition, EPP also includes EDR.

Preventive EPP vs EDR – What is The Difference?

Keep in mind that in the modern definition of EPP, EPP includes both the preventive aspects and also EDR components that allow security teams to respond if a security breach has also occurred.

The differences between these two parts of EPP solutions can be summarized as follows:

Preventive EPP is a first-line defense that “just works”, it blocks threats without requiring active involvement from security staff. It focuses on protecting each endpoint individuallyEDR helps deal with ongoing attacks that have already occurred. It helps security staff identify and respond to security incidents, by aggregating endpoint data from across the enterprise, and executing automatic or manual actions on the endpoint to mitigate the threat.

Below we show the main system components of the preventive part of EPP platforms, vs. the EDR part.

Components of Preventive EPPComponents of EDR
Legacy antivirusData collection via software agents
Next-Generation AntivirusDetection engine to discover anomalies on the endpoint
Device FirewallData analytics to identify security incidents
Application ControlThreat intelligence
Device ControlAutomated incident response
Sandbox

How to Choose the Right EPP Solution

Before evaluating EPP solutions, do some research about your needs:

  • Take an inventory of your endpoints and understand which operating systems they are running, which are the applications most commonly used by your users.
  • Investigate which threats have affected your company and industry in the recent path. Decide if fileless attack prevention and EDR are a priority for you.
  • Understand which existing tools you have (for example, firewall, threat intelligence platform, SIEM) and how the EPP solution could integrate with them.
  • Understand how many endpoints you have, now and in the foreseeable future, and what will be the license price for EPP, which may depend on capabilities used

Capabilities checklist
Create a checklist and identify, for each of the vendors you are evaluating, who has the points below that are most significant you:

Infrastructure CapabilitiesPrevention Capabilities
  • On-demand manual scan of local files
  • Machine learning or other approaches to reduce false positives
  • Ability to quarantine systems or kill processes
  • Inspection of downloaded files
  • Detect and prevent malware
  • Whitelist files/directories
  • Whitelist applications
  • Preventing fileless attacks

Endpoint Protection—Prevention, Detection and Protection with Cynet 360

Cynet 360 is a security solution that includes a complete Endpoint Protection Platform (EPP), including Next-Generation Antivirus (NGAV), device firewall, advanced EDR security capabilities and automated incident response. The Cynet solution goes beyond endpoint protection, offering network analytics, UEBA and deception technology.

Cynet’s platform includes:

  • NGAV—blocks malware, exploits, LOLBins, Macros, malicious scripts, and other known and unknown malicious payloads.
  • Zero-day protection—uses User and Entity Behavior Analytics (UEBA) to detect suspicious activity and block unknown threats.
  • Monitoring and control—asset management, endpoint vulnerability assessments and application control, with auditing, logging and monitoring.
  • Response orchestration—automated playbooks and remote manual action for remediating endpoints, networks and user accounts affected by an attack.
  • Deception technology—lures attackers to a supposedly vulnerable honeypot, mitigating damage and gathering useful intelligence about attack techniques.
  • Network analytics—identifying lateral movement, suspicious connections and unusual logins.

Learn more about the Cynet 360 security platform.

Dive In

Ebook Free Download

Securing Your Organization’s Network on a Shoestring

How to protect your resource-constrained organization’s endpoints, networks, files and users without going bankrupt or losing sleep.

DOWNLOAD NOW
Ebook Free Download

Securing Your Organization’s Network on a Shoestring

How to protect your resource-constrained organization’s endpoints, networks, files and users without going bankrupt or losing sleep.

DOWNLOAD NOW
SOLUTION BRIEF

Automated Threat Discovery & Mitigation

Secure your all organizational assets with a single platform. Cynet 360 protects across all threat vectors, across all attack stages.

DOWNLOAD NOW
SOLUTION BRIEF

Automated Threat Discovery & Mitigation

Secure your all organizational assets with a single platform. Cynet 360 protects across all threat vectors, across all attack stages.

DOWNLOAD NOW
FREE TRIAL

Deploy Cynet in Minutes and Try it for 14 Days

Try Cynet’s easy-to-launch prevention, detection and response platform across your entire organization - free for 14 days!

START YOUR TRIAL