As soon as antivirus producers produce a solution to a piece of malware, hackers discover another attack strategy. New viruses, for which an antidote has not yet been created, are called “zero-day” attacks. Hackers can continue to cause damage to the computers of businesses and the general public by keeping a virus production pipeline running.
Knowing that there is always going to be another virus on the horizon to deal with, cybersecurity companies have chosen a new approach. Rather than trying to identify individual viruses and work on blocks for them, companies now focus on spotting anomalous behavior and locking down key services on computers and computerized devices to prevent tampering.
This new strategy is broader than the antivirus or antimalware approach of one application to defend a computer. Many no longer include a virus database, which, by some industry definitions, means that they do not qualify for the label “antivirus.” A new buzzword emerging in the field is “replacement” technology. These new cybersecurity suites replace antivirus systems entirely with a new AI-based baseline and deviation detection systems.
The umbrella term applied to all cybersecurity efforts to protect a computer, as opposed to a network, is “endpoint protection.” This review will look at the leaders in the field of endpoint protection and how each of those cybersecurity providers approaches the task of protecting user devices.
We get into a lot of detail on each of the tools that made this list, but if you haven’t got time to read through to the end, here is our list of the 10 best endpoint protection solutions:
- SolarWinds Threat Monitor (FREE TRIAL) A combined endpoint and network protection solution.
- Bitdefender Gravity Zone Endpoint Security Protection for devices that can be combined with network protection.
- Sophos Intercept X Endpoint An AI-based security system.
- ESET Endpoint Security Endpoint protection that includes network protection tools.
- Trend Micro Apex One A blend of traditional and innovative protection techniques.
- Symantec Endpoint Detection and Response Cutting edge malware and intrusion protection
- Panda Endpoint Protection Protection for networked computers, managed from the Cloud.
- CounterTack GoSecure ESL Predictive, AI-driven endpoint protection.
- Malwarebytes Endpoint Protection Cloud-based protection for computers on a network.
- Cylance Protect AI threat protection for endpoints.
Defining endpoint protection
There isn’t a single solution format for replacement technology. The defining feature of endpoint protection is that it is based on the device that the user accesses. In some cases, that solution is delivered from an external source, but its priority is to protect individual devices, not an entire system of network-connected devices.
Firewalls aren’t regarded as part of endpoint protection. This is because they are designed to protect networks. In many domestic implementations, firewalls run on a computer and operate to protect just one computer. However, firewalls are designed to block traffic, whereas endpoint protection looks at the processes running on a computer.
There are some types of cybersecurity strategies that fall both into the network protection and endpoint protection categories. An example of these is cyberdefense that focuses on analyzing log file messages to spot malicious activity – that strategy can be applied to both network and endpoint protection.
The best endpoint protection systems
Although attacks on privately-owned devices are of serious concern, the main focus of the cybersecurity industry is on solutions to defend businesses. Corporate buyers need protection for all of their equipment, including networks and endpoints. So, many endpoint protection systems form part of a suite of programs that cover the entire technology infrastructure. In this guide, we will detail only those modules that protect endpoints.
You can read more about these options in the following sections.
The SolarWinds Threat Monitor is a good example of the evolution in endpoint security to a full suite of attack protection. This is part of an overall system security service, which is managed from the Cloud. The tool uses log analysis and protection methods that derive from SIEM (System Information and Event Management).
The main module of the Threat Monitor examines log files for warning signs. Just about every action that takes place on your computer and on your network generates a log message. These log messages are not collected automatically. Many businesses just ignore this amazing source of system information that will highlight the anomalous activity that is caused by malicious programs or unauthorized access.
The Threat Monitor isn’t just endpoint security because it covers networks as well. The service gathers all of those event messages and stores them to files for analysis. The tool is an Intrusion Protection System (IPS) which can generate standard signs that something is not right on your system. Traditional malware protection will warn you of dangerous processes. The IPS goes one step further than just blocking processes or removing a piece of software because it can block malicious users as well.
SolarWinds produces a range of system security tools. Within this group of products is an alternative to the Threat Monitor, which is the Log and Event Manager. This tool has very similar functionality to the Threat Monitor. You would also benefit from the Patch Manager. Keeping your software up-to-date is an important security task because software houses regularly produce updates to their products in order to close off newly-discovered hacker exploits. The Patch Manager creates a register of all of your software and monitors for updates for these. It will automatically rollout the updates for you.
All SolarWinds products are available on trials and demos. You can get a 14-day free trial of the Threat Monitor.
Monitor real-time security threats, and respond and report from remote locations. The interface is simple yet powerful, easy to deploy and fully scalable.
Official Site: SolaWinds.com
Bitdefender has been an anti-virus (AV) producer since it started up in 2001. More recently, the company has shifted its defense systems from the traditional antivirus model to comprehensive system defense packages. The company produces network defense systems as well as endpoint protection.
GravityZone includes a signature detection database, which is similar to the traditional method of looking through a list of virus characteristics. Another similarity to traditional AV performance is that GravityZone terminates virus processes and removes the program. GravityZone adds on intrusion detection procedures to that layer of AV actions.
The tool monitors for attempts to access the device and blocks those communication sources that display malicious intent. It also tracks regular activities on the device to establish a baseline of typical behavior. Anomalous activity that deviates from that baseline provokes defense measures. The measures include tracking apparent exploit activity that characterizes “zero-day” attacks.
On top of threat resolution, the security suite will strengthen the defenses of your device. This module of the suite includes a patch manager to automatically install updates to the software. It also encrypts all of your disks to make data unreadable to intruders. The package also includes web-threat protection, USB checks, and application monitors. The package also includes a firewall.
Bitdefender offers a free trial of GravityZone.
Sophos is one of the leading implementers of AI-methods in the cybersecurity industry. Intercept X uses machine learning to establish a baseline of regular activity on a device and then generates alerts when it detects events that do not fit into regular work patterns. That element of the security system detects malware and malicious intrusion. A second element automates responses to detected problems.
Other elements in the Intercept X package focus on specific threat types. For example, CryptoGuard is a ransomware blocking system. Other tools in the pack prevent malware from sneaking onto your device through a browser. This system blocks the methods used by fileless malware, which leaks onto a computer from infected web pages. Another tool checks downloads for viruses and will block the downloads from completing if a virus is sniffed in the file as it downloads. Similarly, the software scans all directories for malware and will also verify any USB memory sticks when they are attached.
Trend Micro is a prominent AV producer that has crossed over into more sophisticated endpoint protection solutions. Apex One is a blend of old and new. It still has a traditional anti-malware system at its heart, but that threat database lists system vulnerabilities rather than virus signatures. Apex One has added behavior monitoring to improve defenses against zero-day attacks.
The threat hunting element of this package is a host-based intrusion detection system with automated defense actions. The tool will identify malicious processes. It kills that program and isolates the program that started it. The company calls this “virtual patching.” It will suspend the capabilities of the problematic program until a patch is available for it to close the exploit. Automatically, that process removes malware, because those malicious programs will never get an update to remove the troublesome behavior.
Apex One provides defense against cryptomining, ransomware, and fileless malware as well as the traditional Trojans and viruses. This is a Cloud-based service, but you will need to install an agent on your computer for it to monitor the system. This runs on Windows and Windows Server.
ESET Endpoint Security protects your company’s computers from malicious activity that might enter over your network. It also blocks any malicious software from connecting to your network. This is termed a “two-way firewall” and it is the second line of defense. The first line of defense is a Host-based Intrusion Prevention System (HIPS) that monitors event messages in the log files on your computers.
The HIPS methodology looks for patterns of malicious behavior. The responses to any discovery can be automated so that damage will not continue during the times that the security system’s dashboard is unattended. Some of the actions that the detection system looks for are botnet messages that generate DDoS attacks on other computers and ransomware.
This security service runs on-site and it can be installed on Windows and Linux. A Cloud-based version is available. ESET also produces network attack protection software.
Symantec’s Endpoint Detection and Response employs AI methods to track down malicious activity – this is called “threat hunting.” The system is available as a software module, as an appliance, and as a Cloud-based service. If you opt for the Cloud version, you still have to install agent software on your site. This runs on Windows and Windows Server. The on-premises software runs on Windows, Windows Server, Mac OS, and Linux. Endpoint Protection and Response is an upgrade to the Symantec basic Endpoint Protection service.
The system implements SIEM procedures to check for worrying events written in log files. It also establishes a pattern of normal behavior on the device and raises an alert when processes on the computer deviate from this record. The threat hunter also continuously scans memory for malicious activity. It keeps a record of all activity patterns for long-term analysis. As well as raising alerts, the system can also trigger automated actions to shut down malicious processes as soon as they are spotted. You can get the Endpoint Detection and Response system on a free trial.
Endpoint Protection from Panda Security centralizes the protection of all of the computers connected to your network. That is, you can see all security events on all of the computers on your network on one single console, which is provided from the Cloud. The protection operates on desktop computers, laptops, mobile devices, and servers; those protected endpoints can be running Windows, Windows Server, Mac OS, Linux, or Android. The company calls this “collective intelligence.”
The system will check on the statuses of peripherals as well as the directly-connected devices. It establishes a policy baseline and then automatically drops processes that don’t conform to the profile.
GoSecure is the main brand of cybersecurity startup, CounterTack. ESL stands for Endpoint Security Lifestyle. This is a vulnerability monitor and it doesn’t include any antivirus module. However, it will monitor any third-party AV system running on your network-attached endpoints.
The features of this tool include asset discovery, patch management, AV monitoring, configuration management, and vulnerability assessment.
The premise of this tool is that you just need to keep your system tight with all software up-to-date in order to protect against malware. This service is delivered from the Cloud.
The Malwarebytes security system will protect endpoints running Windows and Mac OS. This is a Cloud-based system, so it will need access to your network through your firewall.
The remote system communicates with an agent installed on one of your servers. The agent searches the computers on your system to read through lists of active processes, logging activity. It then keeps a check on any unusual activity that doesn’t conform to this pattern of normal behavior. The malware detection system also relies on the traditional AV method of a threat database that stores the characteristic behavior of known viruses.
Responses to detected threats are launched automatically. The protection extends to the blocking of botnet activity and the refusal to allow browsers to load infected web pages.
Malwarebytes offers a free trial of Endpoint Protection.
Cylance Protect is an AI-based endpoint protection system that does away with the need for a threat database. You have a choice of getting the Cylance Protect software to install on your own server, or accessing it as a Cloud-based service with an agent program installed on one of your sites.
The service monitors file operations on your computers, blocking the installation of malicious programs. It will also scan memory for unauthorized activity, which will block off the operations of fileless malware. All in all, the Cylance strategy is designed to prevent zero-day attacks by preventing the need for malware analysis and threat response distribution.
Threat remediation occurs immediately. This takes the form of blocking incoming traffic from a suspicious address, booting off intruders and killing malicious processes.
Endpoint protection in context
As a business user, you will be managing many endpoints within your offices and also remote computers owned by telecommuting freelancers and home-based employees. An open network that includes remote and user-owned devices is vulnerable to greater risk than a contained office LAN.
Endpoint protection is certainly necessary. However, this shouldn’t be your only line of defense against malware and intruders. You should consider your IT infrastructure as a whole when implementing security measures and make sure that your network is protected by strong security as well as by introducing endpoint protection.