Videos
What is an Endpoint Protection Platform?
Gartner defines an endpoint protection platform (EPP) as security software designed to protect managed endpoints — including desktop PCs, laptop PCs, virtual desktops, mobile devices and, in some cases, servers — against known and unknown malicious attacks. EPPs provide capabilities for security teams to investigate and remediate incidents that evade prevention controls. EPP products are delivered as software agents, deployed to endpoints, and connected to centralized security analytics and management consoles.
EPPs provide a defensive security control to protect end-user endpoints against known and unknown malware infections and file-less attacks using a combination of security techniques (such as static and behavioral analysis) and attack surface reduction capabilities (such as device control, host firewall management and application control). EPP prevention and protection capabilities are deployed as a part of a defense-in-depth strategy to help reduce the endpoint attack surface and minimize the risk of compromise. EPP detection and response capabilities are used to uncover, investigate and respond to endpoint threats that evade security protection, often as a part of broader threat detection, investigation and response (TDIR) capable products.
What is Information-Centric Endpoint and Mobile Protection?
Information-centric security products focus on content, more than device, and apply encryption and authentication to block file access and movement from unauthorized people or circumstances. Endpoint systems are porous, mistakenly sharing data is easy, and users can be careless. Information-centric security is the last line of defense for data when firewalls, anti-malware tools, best practices and other traditional defenses fail. The scope of this market is the protection of stored information, commonly referred to as data at rest. The protection of data at rest in some ways takes precedence, because the interconnectedness of today’s systems often undermines network protections. In other words, high-value information should be protected “at rest” to prevent the risk of a breach caused by an unexpected data in motion event.
This can be completely subjective, but, share your thoughts and context such as what’s great for massive enterprises and small shops, good budget/no budget, HALO products and vendors, and those to be avoided no matter the org.
For instance, I’ve never had a good experience with Trend or Sentinel… have others? What are your thoughts and experience supporting EDR?
Thanks!