Endpoint Protection Platform (EPP) Definition

What is the difference between an endpoint protection platform and endpoint detection and response (EDR)?

EDR focuses primarily on threats that have evaded front-line defences and entered into your environment. An endpoint protection platform, however, focuses solely on prevention. Because no endpoint protection platform can successfully block 100 percent of threats, it should be paired with an EDR solution. In the ideal case, a comprehensive endpoint security solution includes both EPP and EDR capabilities.

What challenges does an endpoint protection platform address?

With more than 80 percent of cyber attacks focused on endpoints, your users' mobile devices, laptops, workstations and your server are at risk. An endpoint protection platform provides preventative security on the endpoint, blocking known malware at the point of entry using built-in protection mechanisms, including signature-based malware defences.

Does an EPP provide enough protection?

An EPP can often be described as a traditional anti-virus solution. While deploying an anti-virus solution will improve your front-line security, it does not protect your endpoints from more sophisticated threats that may find a way into your network. Endpoint security solutions should have endpoint protection platform capabilities, but they must also have the capabilities of an endpoint detection and response solution.

For more information on an EDR solution: What Is an EDR?

Anti-malware protection: a key component of endpoint protection

One of the largest threats to an endpoint is malware. Malware can come from many sources, but often it gets onto a device when users click a link from an email or the web. Once inside your environment, malware seeks to infect as much data and as many processes as it can. Ransomware, phishing and cryptomining are just some of the more recent malware variants.

An endpoint protection platform solution protects endpoints by preventing malware from getting onto your environment. Like a firewall blocks illicit access to the network, an endpoint protection platform solution blocks known threats to your endpoints.

But anti-malware protection is not as simple as granting and denying access to your devices. This is because malware is clever; it can look harmless at one point and morph into something dangerous at a later time. And as we all know, malicious actors are persistent. They will try many tricks to sneak malware onto your environment.

For these reasons, an effective endpoint protection platform needs to leverage advanced anti-malware capabilities such as:

• Machine learning. Machine learning capabilities allow the endpoint protection platform to leverage large-scale data to determine the true malicious nature of files.
• Threat intelligence. Expansive threat intelligence allows the EPP to leverage both historical and real-time data from billions of threats to automatically block known malefactors.
• Sandboxing. Sandboxing allows the endpoint protection platform to isolate suspect files into a safe environment. Within this environment, the endpoint protection platform can safely detonate and monitor the nature of the files without risking detriment to the rest of the system.

Even with all of these capabilities, no endpoint protection platform can guarantee 100 percent efficacy. That is why a traditional anti-virus solution cannot provide sufficient endpoint security. A true next-generation endpoint security solution combines endpoint protection platform capabilities with EDR capabilities.