This content is part of the Essential Guide: Antimalware tools and techniques security pros need right now
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Antimalware protection and the fundamentals of endpoint security

Learn about antimalware protection and how endpoint security technology can prevent malware from infecting end-user computers and corporate networks.

Endpoint antimalware protection actively works to prevent malware from infecting a computer. In many such products, the security technology extends to virtual desktops and mobile devices, as well as workstations and laptops.

Common types of malware that affect computers and all kinds of mobile devices include viruses, Trojan horses, worms, spyware, rootkits and the like.

The term endpoint used with antimalware usually implies a product is designed for use within an organization (versus individual consumer use on a one-off or per household basis), which could mean a small business, branch office, midsize company, government agency or enterprise.

With millions of different kinds of malware in the wild, and with cyberattacks on the rise, one hyper-critical issue for organizations of any size is ensuring strong protection against malware. Plus, organizations that fall under the regulatory umbrella of laws like the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act, or that adhere to PCI DSS standards for accepting payment cards, must run antimalware software to honor their compliance requirements.

The beauty of endpoint antimalware protection software

Endpoint antimalware protection must be able to prevent malware attacks; protect users when they are exchanging emails, browsing the web or connecting devices; and stop the proliferation of any attacks that manage to succeed.

To meet those goals, today's endpoint antimalware protection suites provide layered protection in the form of robust antivirus functionality -- with the ability to shield against new or otherwise unknown threats, or zero-day threats – such as antispyware, email inbox protection, host-based firewalls, data loss prevention, warnings when visiting websites that could pose safety risks and much more.

The beauty of such antimalware suites is that a single package with multiple functionalities presents a cohesive defense between external malware and internal systems and data. This type of in-depth defense uses different methods to stop malware, so an attempted attack or intrusion is unlikely to succeed simply by making its way through a single layer of protection. Plus, a suite is easier for IT to manage than a collection of different applications from different vendors.

Think of a computer or device with endpoint antimalware protection installed as a heavily fortified castle with thick walls, a moat, steel gates and drawbridges. Guards, inside and out, constantly watch for suspicious activity, ready to block or slay the dragons.

Characteristic features of endpoint antimalware protection

Here are some typical features found in endpoint security suites:

  • Antivirus: Malware writers go to great lengths to create malware that can avoid detection and resist removal. Today's antimalware products typically combine signature-based scanning with heuristics technology and cloud-based global threat intelligence to recognize and root out malware on systems and to prevent infections in the first place. Heuristics is the practice of identifying malware based on previous experiences, observations of malware behavior and typical points of attack. This combination of antivirus technologies is also effective against zero-day threats, which have historically posed major challenges to IT security teams.
  • Antispyware: A malicious spyware infection is probably easier to pick up than a common cold, and it's a major threat to protecting sensitive or confidential data. Antispyware software runs constantly in the background to block spyware installation, regardless of the source.
  • Data loss prevention (DLP): The technologies involved in DLP aim to protect data that leaves the security of the internal business network, whether it's via email messages, USB drives, on a laptop or mobile device, or uploaded to the cloud.
  • Integrated firewall: Although a network should always be protected by a firewall, running a second firewall on the endpoint provides another layer of defense against malware that finds any cracks in the armor.
  • Device control: Malware can infect a computer that isn't connected to a network or the internet. Connecting a USB device to a computer or installing software from a CD or DVD always runs the risk of transferring an infected application to the target machine. Device control enables IT to restrict or block user access by setting and enforcing device access rules.
  • Email protection: This component of antimalware suites attempts to filter out phishing emails, spam and other messages that could carry malicious or otherwise suspect content.
  • Website browsing protection: Also referred to as reputation technology, most antimalware protection suites consult some type of ratings database that indicates whether a website is safe to browse or not. With such protection in place, websites reported as unsafe will not be opened. Users will receive warning messages instead.

In addition to the preceding features, some endpoint antimalware suites roll in antiransomware technology, intrusion detection and prevention functionality, application control, and network access control. Some packages also perform patch assessment and management, in which system threats are assessed and the most critical patches are applied first, in addition to vulnerability assessments and full-disk encryption to protect stored data.

Deploying and managing endpoint antimalware products

Typically, endpoint antimalware products require an administrator to install a management console on a server to help manage clients, product licenses and logs, or to use a web-based console that's part of a cloud service.

This step also creates a database containing settings, privileges, events and security policies. An organization that's very large or that has multiple sites may need to install additional management servers for performance reasons, as well as to replicate data. The next step is to install software (sometimes referred to as an agent) on client computers and devices, either directly or across the network.

Regardless of the approach taken, clients must be configured for client software updates (automatic or pushed from the server) and virus definition updates, at a minimum.

Overall, endpoint antimalware protection is an important and necessary element in any organization's security infrastructure, though it shouldn't be the only element organizations implement. Before diving in, IT managers and security specialists should assess their environments to determine what specifically they need to protect, and they should look ahead two to three years at how their environment is expected to change.

It's also a good idea to research several highly rated endpoint antimalware packages to see how their features compare, determine which packages are most suitable to the organization's size and needs, and keep an eye on costs to get the best product for the budget.

Next Steps

Explore endpoint antivirus alternatives for malware protection

Learn about some of the emerging endpoint security technologies

This was last published in July 2017

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

How has your enterprise benefited from endpoint antimalware?