Endpoint Protection and EDR

Cynet converges endpoint protection, EDR and all other essential security technologies into the first autonomous security platform to provide total environment visibility and protection

Learn More

Top 5 Endpoint Protection Platforms and How to Choose

Endpoint Protection Platforms (EPP) are essential to defend your organization’s workstations, mobile devices, servers and containers. Modern EPP solutions include advanced preventative measures, such as Next-Generation Antivirus which can block both known and unknown malware, and active defensive measures known as Endpoint Detection and Response (EDR).

In this page we’ll help you understand the criteria for selecting and evaluating EPPs, and review the top 5 EPP solutions, breaking down their capabilities into preventive and EDR features.

In this article you will learn:

What Should You Look for in an Endpoint Protection Platform?

EPP solutions include the following features and capabilities:

Malware protectionProtects against known and unknown malware variants.
Protection from exploitsPrevents zero-day vulnerabilities and known software vulnerabilities
Email threats protectionScans email attachments, detects and blocks malicious payloads
Downloads protectionPrevents unintentional user download of malicious files and drive-by downloads
Application ControlEnables whitelisting and blacklisting of applications on the endpoint
Behavior AnalysisMonitors behavior of the endpoint and uses machine learning techniques to identify suspicious activity
Endpoint Detection and Response (EDR)Provides visibility into security incidents on the endpoint and gives security teams the tools to investigate and respond to them
Data Loss Prevention (DLP)Prevents insider threats focused on data theft and exfiltration attempts by external attackers

Top 5 Endpoint Protection Platforms

1. Symantec Endpoint Protection

Operating system support: Windows 7, 8, 10, Windows Server 2012, 2016, 2019, MacOS, Azure, Amazon Workspaces, VMware WS, ESX, ESXi, XenServer, Oracle VirtualBox

Prevention features: Antivirus, firewall and intrusion prevention, application and device control including file, registry and device access, application whitelisting and blacklisting, automated device erasure, enforcing policy on hosts, system lockdown.

EDR features: Offers Targeted Attack Analytics (TAA) with local and global telemetry, machine learning analysis of device behavior, threat intelligence. Assist with attack investigation, containment and resolution.

Download product datasheet

2. Kaspersky Endpoint Security for Business

Operating system support: Windows, Linux, MacOS

Prevention features: Mobile threat defense, security policy management, role-based access control (RBAC), adaptive anomaly control, encryption management, vulnerability and exploit prevention, security for web gateways and email servers, ransomware protection, application control, whitelisting and blacklisting, operating system and third-party software installation.

EDR features (EDR offered as separate product):

  • Library of automated responses to security incidents, such as wiping and reimaging endpoints.
  • Proactive Threat Hunting with fast search for threat data, Indicators of Compromise (IoC) search, proactive scanning of endpoints for anomalies
  • Central visibility and control of incident detection, forensics, prevention activity, and security alerts.

Download product datasheet

3. McAfee Endpoint Security

Operating system support: Windows XP, Vista, 7, 8, 10, Windows Server 2003, 2008, 2012, 2016, 2019, any virtualization platform running these operating systems.

Prevention features: Behavior classification for detecting zero-day threats, adaptive scanning for malware and other threats, next-gen anti-malware engine, safe browsing with web protection and filtering, prevents ransomware and grayware, integrated firewall blocks network attacks,

EDR features:

  • Threat Intelligence Exchange offers intelligence from multiple external and internal security sources
  • Dynamic Application Containment secures endpoints used as entry points for attacks
  • Repairs endpoint to last known good state
  • Actionable forensics helps identify infections and react quickly to contain them

Download product datasheet

4. SentinelOne Endpoint Protection

Operating system support: Windows, Linux, MacOS, Virtualization

Prevention features: Protects against trojans, worms, backdoors, fileless attacks, malicious documents (Office, Adobe, Macros, spear phishing), browser vulnerabilities (Java, JavaSCRIPT, IFrame, plugins), download protection, script-base attacks (PowerShell, WMI, PowerSploit), credentials-based and token attacks.

EDR features: Tracks all activity on endpoints, contextualizes and identifies suspicious activity in real time, enables rapid response and rollback to last known good configuration, advanced threat hunting with full context of security incident forensics.

Download product datasheet

5. Malwarebytes Endpoint Protection

Operating system support: Windows and MacOs

Prevention features:

  • Hardens endpoints and applications, reducing vulnerability surface.
  • Prevents command and control communication and blocks malicious websites
  • Detects and blocks exploits targeting application vulnerabilities, blocks code execution
  • Performs behavioral analysis to ensure applications are behaving as usual
  • Analyzes binary payloads, combining heuristic and behavioral rules
  • Prevents ransomware by blocking file encryption using behavioral monitoring

EDR features (EDR offered as separate product):

  • Monitors and provides visibility into Windows desktops with tracking of file system, network, processes and registry.
  • Isolates endpoints to prevent lateral movement, while safely keeping system online for further analysis.
  • Rolls back systems affected by ransomware to restore files encrypted or deleted.

See product page

8 Tips for Actively Testing EPP Solutions

Don’t take vendor claims as a given. Take your EPP solution of choice for a spin before you by. Try some of these to test EPP capabilities for yourself:

  1. Run known malware, both on an off the network, and see if the platform detects and prevents them
  2. Check how much CPU and memory resources the platform consumers on the endpoint when idle
  3. Change policies and see how long the changes take to propagate to endpoints.
  4. Run a fileless attack such as Unicorn PowerShell to test both prevention and EDR abilities.
  5. Run suspicious shell commands and note if your activity is detected, and how much information is provided in the alert.
  6. See what it involves to deploy the platform on an endpoint and uninstall it.
  7. Test remote control and visibility features – get information on processes, downloaded files, try killing a process and quarantining the endpoint, and see if after quarantine network access is really blocked.
  8. Create a whitelist for files, websites or applications and check if they are really blocked

Endpoint Protection—Prevention, Detection and Protection with Cynet 360

Cynet 360 is a security solution that includes a complete Endpoint Protection Platform (EPP), including Next-Generation Antivirus (NGAV), device firewall, advanced EDR security capabilities and automated incident response. The Cynet solution goes beyond endpoint protection, offering network analytics, UEBA and deception technology.

Cynet’s platform includes:

  • NGAV—blocks malware, exploits, LOLBins, Macros, malicious scripts, and other known and unknown malicious payloads.
  • Zero-day protection—uses User and Entity Behavior Analytics (UEBA) to detect suspicious activity and block unknown threats.
  • Monitoring and control—asset management, endpoint vulnerability assessments and application control, with auditing, logging and monitoring.
  • Response orchestration—automated playbooks and remote manual action for remediating endpoints, networks and user accounts affected by an attack.
  • Deception technology—lures attackers to a supposedly vulnerable honeypot, mitigating damage and gathering useful intelligence about attack techniques.
  • Network analytics—identifying lateral movement, suspicious connections and unusual logins.

Learn more about the Cynet 360 security platform.

Dive In

Ebook Free Download

Securing Your Organization’s Network on a Shoestring

How to protect your resource-constrained organization’s endpoints, networks, files and users without going bankrupt or losing sleep.

DOWNLOAD NOW
Ebook Free Download

Securing Your Organization’s Network on a Shoestring

How to protect your resource-constrained organization’s endpoints, networks, files and users without going bankrupt or losing sleep.

DOWNLOAD NOW
SOLUTION BRIEF

Automated Threat Discovery & Mitigation

Secure your all organizational assets with a single platform. Cynet 360 protects across all threat vectors, across all attack stages.

DOWNLOAD NOW
SOLUTION BRIEF

Automated Threat Discovery & Mitigation

Secure your all organizational assets with a single platform. Cynet 360 protects across all threat vectors, across all attack stages.

DOWNLOAD NOW
FREE TRIAL

Deploy Cynet in Minutes and Try it for 14 Days

Try Cynet’s easy-to-launch prevention, detection and response platform across your entire organization - free for 14 days!

START YOUR TRIAL