TO mark the 9th article in the series on cybersecurity, we are recounting the critical guidance shared to ensure that our recommendations can be taken as a whole.

We have combed through all the major frameworks and extracted the essential components, and we are sharing these steps with you.

Step 1 was to take stock of your complete technology landscape. The last four articles were focused on Step 2: Lock shop, in other words, enable the most secure configuration of all your software and devices and secure your entry and exit points on your network. Today we begin Step 3: Use a lot of protection — meaning endpoint protection.

What is an endpoint?

At the endpoint is where most cybersecurity issues occur. Just about all devices connected to your company's network is an endpoint; these include all your mobile devices, laptops, desktops devices and servers. This pandemic has driven the demand for more endpoints in mobile devices as workers now need to work anywhere at any time. This increases the risks as the typical malware detection software alone cannot deliver the data and reporting analysis required to fight the more advanced and sophisticated threats.

Traditional antivirus vs endpoint protection

Simply put, antivirus (AV) protection could be considered as the first-generation endpoint safeguard, and it is mainly based on the signature comparison. It monitors your endpoints for evidence of known threats and blocks them. It does this by analysing the code or a specific behaviour by comparing the same with known viruses. As the sophistication of threats increased, antivirus software developers had to expand the techniques and technologies to include artificial intelligence and machine learning to recognise suspicious activity, including unusual software behaviour. These more advanced versions of antivirus are being referred to as endpoint protection solutions or endpoint protection platforms (EPP). To keep it in plain English, an EPP can be considered as second-generation antivirus protection. While EPP platforms are much better for identifying vulnerabilities and preventing attacks than essential AV solutions, these platforms stop short of doing anything to remove active threats that advance past your endpoints. This is why IT security professionals speak about layered security systems; antivirus is the security guard, EPP is the police force, then enter EDR – the SWAT team.

Endpoint detection and response (EDR)

EDR is the most advanced endpoint protection and comprises a wide range of capabilities, including collecting, correlating and analysing endpoint data, and coordinating alerts and responses to immediate threats. EDR includes antivirus components but it also contains many security tools like a firewall, whitelisting, monitoring, etc to provide comprehensive protection against digital threats. EDR solutions work by monitoring network and endpoint events and storing the information on a centralised database for further analysis, investigation, or reporting. A wide range of EDR applications now exist on the market, and each will have its flavour of additional feature sets required to achieve its objective, which is ultimately to eliminate the threat.

Traditional antivirus protection on its own cannot provide adequate protection; more is required.