Every endpoint connected to the Internet faces 1.5 attacks per minute.
According to a study by the Ponemon Institute, 68% of organizations have experienced one or more endpoint attacks that successfully compromised data and/or their IT infrastructure.
Teknologize CEO, Byron Martin, and CTO, Dan Morgan sat down to discuss the difference between antivirus software and endpoint security.
Byron Martin: What's the difference between antivirus and advanced endpoint protection?
Dan Morgan: So anti-virus is going to be more about caring about the files on the computer. Is this file you downloaded, is this a temporary file that's in your cache, are these known bad files?
Byron Martin: Okay.
Dan Morgan: Endpoint protection is more about protecting the entire computer.
Now it doesn't care just about the files, it cares about how is this process this windows process that's more of a cohost, right? Every malware under the sun, I think runs as cohost, so endpoint protection takes it a bit further.
It goes in and it says, hey this process is doing something that we don't really like, let's stop it. Let's say no, process conhost.exe you can't do that, you know, maybe it'll be a false positive but chances are that analysis is going to prove that it might've been a malicious intent and it also does a lot more and that's why it does a lot better at lessening those attack vectors.
It sees a file being encrypted in the Windows operating system by an unknown process that doesn't typically encrypt files and it throws up red flags and stops the process in its tracks.
So, it really can help alleviate some of the risk that comes with using a computer on the internet. But it has functionality, right? We're talking about just the antivirus or the anti-malware component of it. The other functionality that an endpoint production has is kind of that USB drive functionality.
You can disable or enable USB drives if you don't want your employees using or you know, whomever using a USB hard disc you can turn that off.
You can make it, so they only are allowed to use HID devices, human interfaces, keyboards, mice, stuff like that, that kind of thing.
Byron Martin: It definitely sounds like it's significantly more advanced. Two things I pulled out of it is that it watches for behavior versus just comparing files to known bad files. It watches more behavior and analyzes that, but then it has a couple of other things that it will do.
Like you said, block USB ports and things where you can add additional security layers and things like that.
Dan Morgan: Yeah exactly, I mean, it's the behavioral analysis it's really the important part that's what's in the new next-gen, if you will antivirus.
Antivirus software, is a computer program used to prevent, detect, and remove software viruses, and other malicious software like worms, trojans, adware, and more on individual devices such as a laptop or computer.
Endpoint Security, also known as, advanced endpoint protection, protects systems from file, fileless, script-based and zero-day threats by using machine-learning or behavioral analysis across an entire network as a whole including the endpoints (devices used to access the network).
See the entire discussion and the test results of several antivirus software programs to see how well they did against live Ransomware.
If you’re interested in learning more about Endpoint Security for your organization call 509-396-6640 or Contact us for more information!
Teknologize is a SOC 2 certified, Professional Technology Services company with clients throughout the Pacific Northwest. We have offices located in:
Questions about your IT or Cybersecurity? Give us a call today!