Defence in Depth Layer 4: Endpoint security

Relying on a single layer of security is risky, which is why cyber security experts recommend the Defence in Depth (DiD) strategy. This strategy uses multiple layers of security, making it difficult for attackers to breach critical assets. The next layer of protection after Email and Web Security, Perimeter Security, and Internal Network and Access Security is Endpoint Security.

What is Endpoint Security?

Endpoint Security is designed to secure any device connected to a network or IT system. This includes laptops, mobile phones, desktops, IoT devices, servers and virtual environments. This layer achieves security through an Endpoint Protection Platform (EPP). This also includes includes Endpoint Detection and Response (EDR) and automated investigation and remediation.

What is Endpoint Detection and Response (EDR)?

Endpoint Detection and Response (EDR) is one of the key technologies within an endpoint protection solution. It detects attacks based on endpoint behaviour. Including such as process information, network activities, user login activities, file system changes and more. It can detect abnormal behaviours in near real-time, allowing for either manual or automatic live response capabilities. Furthermore, As EDR uses behavioural-based classification, it can also detect zero-day threats. It can detect them before they cause greater issues.

Moreover, many EPPs have automated investigation and remediation capabilities. Therefore, once a potential threat is found, the solution can perform automated remediation actions, such as sending a file to quarantine, stopping a service, removing a scheduled task and more. This greatly reduces the chance of a business falling victim to a cyberattack while there are no IT managers actively checking the system.

The Endpoint Security layer is relatively deep because it does not prevent cyberattacks, but rather detects if there is a hacker or malware currently on a device.