Endpoint Security
Endpoint security is the process of securing various endpoints of a network, such as laptops, smartphones, and servers, from malicious threats and cyberattacks.
Components: 1. EDR/XDR. 2. Data Loss Prevention (DLP). 3. Device Control (USB blocking). 4. Host-based Firewall. 5. Patch Management.
graph LR
Center["Endpoint Security"]:::main
Rel_multi_sig["multi-sig"]:::related -.-> Center
click Rel_multi_sig "/terms/multi-sig"
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧒 Explain Like I'm 5
Imagine you have a big office building. Instead of just having a guard at the front door, you have a private security officer assigned to every single person who works there. That officer follows them everywhere (even when they go home) to make sure they don't accidentally bring something dangerous into the building. That's [endpoint security](/en/terms/endpoint-security).
🤓 Expert Deep Dive
Technically, we have evolved from 'Endpoint Protection Platforms' (EPP), which use signature-based detection, to 'Endpoint Detection and Response' (EDR). EDR tools use 'Heuristics' and 'Behavioral Analytics' to identify threats. For example, if a process starts 'Process Hollowing' or excessive 'Disk Encryption', the EDR can automatically isolate the host from the network. Another critical component is 'Zero Trust'—the assumption that the endpoint is already compromised until proven otherwise. This includes 'Posture Checks' (verifying the OS is patched and encryption is active) before allowing access to corporate resources.