An Endpoint Protection Platform (EPP) is a comprehensive security solution deployed on endpoint devices to protect against threats. It is an integrated suite of endpoint protection technologies such as antivirus, data encryption, intrusion prevention, and data loss prevention that detects and stops a variety of threats at the endpoint. Endpoint protection platforms are the latest evolution of endpoint security, developed to identify attackers who can bypass traditional endpoint security as well as to help consolidate complex security stacks. Key features of an EPP include:
-
Prevention: An EPP is designed to keep out as many malicious elements as possible.
-
Detection: An EPP is designed to find and remove attackers.
-
Zero Trust Assessments: An EPP is designed to ensure least privileged access.
-
Threat Hunting: An EPP is designed to elevate detection beyond automation.
Endpoint protection platforms are typically cloud-based, allowing them to continuously stay up-to-date to keep endpoints protected from the newest threats. They leverage personal firewall, port and device control, and anti-malware capabilities to provide endpoint protection across an organization. They also provide a framework for data sharing between endpoint protection technologies, which provides a more effective approach than a collection of siloed security products that lack the ability to communicate.
Detection capabilities of an EPP will vary, but advanced solutions will use multiple detection techniques, ranging from static IOCs to behavioral analysis. Desirable EPP solutions are primarily cloud-managed, allowing the continuous monitoring and collection of activity data, along with the ability to take remote remediation actions, whether the endpoint is on the corporate network or outside of the office.
In summary, an Endpoint Protection Platform is a suite of endpoint security technologies that work together to prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.
