What Is Endpoint Protection? Breaking Down Next-Gen Security

Aaron Walker
Aaron Walker  |  January 10, 2018

IT security innovation aims to stay one step ahead of hackers, malware technology and other emerging digital threats.

While the cybersecurity technology market is booming, so is the lucrative practice of stealing data and holding victims for ransom. Cyber criminals are creating 1.4 million phishing sites a month, ransomware damages have increased 15x over the last two years and DDoS attacks have quadrupled in size, according to Cybersecurity Ventures. Spending on cybersecurity is predicted to grow from $86.4 billion in 2017 to well over $1 trillion by 2021.

The internet of things (IoT) security is only adding to the burden, especially with a talent shortage in the field. Every day new kinds of devices are connected to the internet, and each type poses a unique threat. They’re potentially vulnerable to hackers, malware and DDoS takeover.

Because cybersecurity is such an urgent concern, we aim to provide technology users with the most up-to-date and specific differentiations between security tools.

Earlier this year we created eight new categories, which included emerging technologies such as threat intelligence, cloud security and encryption tools. This month, we’ve broken out our general endpoint protection categories into three subcategories: Endpoint Antivirus, Endpoint Detection and Response (EDR) and Endpoint Management. Below, we’ve outlined some of the differences in the categories, how each type of tool can benefit a user or company and some products currently leading the way in each space. Please note: All review totals and data accurate as of December 1, 2017.

Endpoint antivirus

Endpoint antivirus software is the most basic of the three categories. These tools simply protect your endpoint devices — anything with an IP address connected to your network — from viruses and malware.

They provide tools to detect computer viruses and malware and prevent them from infecting devices. This is traditionally done with algorithms and heuristics that identify incoming files listed in a database of virus signatures. The tools block endpoint devices from downloading the file, or quarantine them in a secure environment.

Newer tools help identify malicious browser helper objects (BHOs), which often inject your device with malware or give control of your device to hackers. Endpoint antivirus vendors also have improved virus signature identification, signatureless identification and defense against other forms of malicious code execution.

Many antivirus solutions are marketed towards individual users, but a lot of them offer enterprise editions. Many of those let users perform ad-hoc scans or schedule routine scans across an entire company. Either way, these tools reduce the possibility of individual devices becoming infected with viruses and malware.

Key company benefits of endpoint antivirus software:
— Improved device and data security
— Improved endpoint health monitoring
— Improved malware identification

To qualify for inclusion in the Endpoint Antivirus category, a product must:
— Possess malware identification and/or removal features
— Possess antivirus and/or antispyware features
— Show health status of individual devices
— Distribute updates as new virus signatures are detected

Top Endpoint Antivirus Products

Malwarebytes
Reviews: 92
Stars: 4.5/5

Avast Endpoint Protection
Reviews: 39
Stars: 4.4/5

AVG AntiVirus Business Edition
Reviews: 7
Stars: 4.0/5

Avira Endpoint Security
Reviews: 16
Stars: 4.1/5

Norton
Reviews: 58
Stars: 3.8/5

Endpoint detection and response (EDR)

EDR software is the next generation of endpoint protection, combining components of antivirus software, network monitoring software and malware remediation tools. These products continually monitor individual devices and alert administrators of individual anomalies.

They store historic event data and information within a centralized database. The products contain analytics capabilities paired with monitoring features to compare information about the current state of a device with the historical data associated with it. When abnormal events are identified, administrators are alerted.

When security tools fail to deflect common forms of malware, many EDR tools can automatically isolate a device, encrypt its data and/or remove dangerous files. More complex penetrations will be detected but may require more advanced removal methods.

EDR tools also improve the investigation and reporting process. It can help identify which devices are impacted frequently, which helps improve vulnerabilities and determine best practices for device security.

Key company benefits of EDR software:
— Improved system health visibility
— Improved malware mitigation time
— Reduced data theft and system failure
— Simplifies security scaling

To qualify for inclusion in the EDR category, a product must:
— Alert administrators when devices have been compromised
— Search data and systems for the presence of malware
— Possess analytics and anomaly detection features
— Possess malware removal features

Top EDR Products

ESET Endpoint Security
Reviews: 30
Stars: 4.2/5

McAfee Endpoint Protection
Reviews: 59
Stars: 3.9/5

Sophos Endpoint Security
Reviews: 52
Stars: 3.9/5

Symantec Endpoint Protection
Reviews: 107
Stars: 4.0/5

Cb Defense
Reviews: 14
Stars: 4.2/5

Endpoint management

Endpoint management solutions help companies manage endpoint assets and ensure their security compliance. Common features include asset discovery, device governance and remote device updates.

They’ll connect to a network and identify each connected device. They often have the ability to require updates or update devices remotely, ensuring they are not vulnerable to malware or other security threats.

Updates may be anything from new operating systems, to individual application updates and server patches. Connectivity enforcement features will require certain standards to ensure a device is secure and up to date.

Some tools are capable of performing health assessments or compliance audits to identify endpoints in need of an update. These features are important because allowing just one single device to be compromised can put entire networks and databases at risk.

All of these features come in handy, especially in the bring-your-own-device (BYOD) world. It is often difficult to know who should be connected, what kinds of devices should be connected and when devices don’t meet security standards.

Key company benefits of endpoint management software:
— Ensured security updates and patches
— Improved visibility of a network's endpoints
— Improved governance and access privilege administration
— Reduced possibility of connecting vulnerable devices

To qualify for inclusion in the Endpoint Management category, a product must:
— Manage endpoint assets connected to a network
— Manage patch updated and ensure device compliance
— Detect new or suspicious devices connected to a network
— Have the ability to install new operating systems or applications to an endpoint device

Top Endpoint Management Products

Webroot Endpoint Protection
Reviews: 62
Stars: 4.6/5

LogMeIn Central
Reviews: 76
Stars: 4.0/5

Druva inSync
Reviews: 75
Stars: 4.6/5

VIPRE for Business
Reviews: 46
Stars: 4.3/5

Kaspersky Endpoint Security
Reviews: 50
Stars: 4.1/5

While endpoint security as a whole is incredibly valuable, it’s also important to identify unique characteristics of products within the endpoint security ecosystem. Some are better suited for device management, while others are better suited for malware removal.

There is never going to be a silver bullet for cybersecurity, so a well-rounded approach is the safest. Consider historical threats, company size, device ranges and data sensitivity when evaluating products.

If you can’t afford multiple security solutions or you can’t staff experienced security professionals, consider outsourced cybersecurity services. For further product research, browse our IT security software categories to learn more.

Aaron Walker
Author

Aaron Walker

As an Analyst at G2, Aaron's research is focused on security technologies and their adjacent markets. As the cybersecurity market has rapidly expanded, he has spent his years at G2 maintaining and growing market representation on G2.com, with over 75 categories of security technology represented (and emerging technologies added regularly). His industry knowledge is developed via direct vendor briefings, surveys, connections with member organizations and independent market research to provide security software buyers the most accurate information possible about how to protect their businesses. Aaron's exposure to both security vendors, and data from security buyers, provides him a unique perspective that fuels his research reports and content. Coverage areas include: Cloud Security, Network Security, Information Security, Data Privacy