Endpoint data security—the protection of devices connected to the network—has become increasingly important to organizations as they struggle to contain malware, ransomware, and other attacks that specifically target user PCs, laptops, and mobile devices. Every user device authorized to access the network potentially increases the attack surface that malicious actors can exploit. The list of devices, applications, and operating systems upon which employees rely is long—and growing in number each day. The challenge for organizations is to balance the productivity and positive user experience of using diverse devices to productively conduct business with the difficult task of protecting a myriad of device types to keep data and the network safe.
Security vendors offer a comprehensive mix of endpoint protection from viruses and malware across many device types. However, properly securing devices can require more than antivirus and malware protection. Endpoint data protection and endpoint encryption are also useful tools in providing integrated, in-depth security.
Endpoint data protection
One of the single greatest security risks for organizations is losing data—from attacks, data corruption, intellectual property theft, or other means. The loss of customer data is especially damaging to not only an organization's bottom line but also its reputation and brand. Additionally, data risks can just as easily originate from disgruntled or dishonest employees as outside hackers. Therefore, superior endpoint data protection should provide the following:
- Protection for the widest range of user devices (types and operating systems)
- Centrally managed, policy-based security by group and user
- Data loss prevention through device behavior monitoring
- Anti-data theft tools and processes
- The ability to automatically restore files encrypted or destroyed by ransomware (watch the Enhanced Remediation with McAfee MVISION Endpoint demo to learn more)
In many ransomware or malware data theft scenarios, masked malicious code can lie in wait after infecting devices, then leak or exfiltrate data to external servers, or in ransomware scenarios, encrypt data before network systems recognize the threat. A good way to defend against these types of attacks is by adding endpoint data encryption and server data encryption.
Encrypted data is useless to thieves—whether it's an insider or a hacker. If a disgruntled employee or cyberthief steals data by emailing it, copying it, or sending it to an unauthorized device, all they obtain is the encrypted—and therefore useless—data. However, endpoint encryption must be transparent and unobtrusive to ensure that user productivity and workload performance is not compromised.
Endpoint encryption coupled with device and application behavior monitoring is especially effective in preventing data loss. Consider the case of network-embedded malware or an insider that initiates data exfiltration. When the malware or employee attempt to send that data outside the network, behavior monitoring can flag it as suspicious and stop the external connection.
To prevent man-in-the-middle data attacks (data intercepted as it traverses the network from endpoint to the cloud or server), encryption of data in transit can provide an even greater level of protection of sensitive data. Deploying all three data loss prevention strategies—data-at-rest encryption, behavior monitoring, and data-in-transit encryption—can deliver superior endpoint protection.
Endpoint data protection, backup, and security management
Data backup also plays a role in endpoint data security and endpoint protection. Organizations should only back up endpoint data—encrypted or not—if it belongs to the organization. Most end user devices, especially tablets and smartphones, can contain numerous files and data that is strictly personal information for the user—and not the organization's concern. For this reason, endpoint use in the workplace should be restricted to adding, creating, or manipulating an organization’s cloud and server-based data—not storing it on the endpoint device.
When using such policies, endpoint security management software can protect against endpoint applications that are not authorized to access or store data locally (see related “What is Endpoint Security Management?”). Only server-based data would be allowed under stricter endpoint policies.
McAfee Endpoint Security
McAfee, a leader in endpoint security, takes a proactive approach to securing all devices and data, automating protection and detection, and improving response capabilities. McAfee Endpoint Security provides a single point of control across endpoints, servers, virtual machine instances, cloud containers, embedded IoT devices, and mobile devices. Our open architecture allows organizations to manage and report on third-party solutions such as Microsoft Defender and Microsoft Firewall and others, providing an additional layer of security where it's needed.
McAfee Complete Data Protection
McAfee Complete Data Protection delivers comprehensive data encryption and encryption management across endpoints and servers. Organizations can choose to use a native built-in operating system (OS) or McAfee enterprise-grade encryption. All encryption is administered through a single console and seamlessly integrates with security management, including policy-based orchestration. The encryption is transparent to users and applications and has little performance overhead, ensuring systems run as expected with no loss in user productivity or effect on application behavior despite endpoint encryption.
As data is encrypted on these protected devices—including hard drives, removable media, etc.—no lost or stolen device data is accessible. This is especially useful with laptops and mobile devices, which are typically accessed at least a portion of the time in the field, and with off-premises data backups.
McAfee ePolicy Orchestrator®
McAfee ePolicy Orchestrator (McAfee ePO™) provides the ability to manage multiple integrated security products from a single unified management console. This means deploying the latest software to endpoints, configuring security policies, providing status and compliance reports, and automating security workflows can be accomplished from a single pane of glass. Endpoint network access permissions, automated responses to device and application behaviors, and integration with other McAfee and third-party products simplifies endpoint security and data protection. Because of its open architecture, McAfee ePO works seamlessly with third-party security solutions to deliver greater endpoint protection throughout an organization's enterprise network.
Endpoint data protection resources