Resources > Security Terms Glossary > What is an Endpoint Protection Cloud

What is an Endpoint Protection Cloud?

What Is An Endpoint Protection Cloud?

An “endpoint protection cloud” refers to the use of cloud services to enable security teams to protect endpoints. Endpoints include a range of devices that connect to an enterprise’s distributed network, which may include local-area networks, wide-area networks, public, private, and hybrid clouds, virtual private networks, and more. Endpoints may include servers, desktops and laptops, workstations, mobile devices, internet-of-things (IoT) devices and operational technology (OT) systems.  

Typically, endpoint protection security solutions have fallen into one of two categories: prevention (before an attack) and response (after a cyberattack). Modern endpoint protection platforms (EPPs) incorporate both prevention and response managed via a single, centralized interface.

Today’s endpoint protection cloud solutions make it easy for organizations to manage remote assets, which is important with so many people connecting off the network, outside of firewalls and network-based mobile device management tools. According to Gartner’s 2019 Magic Quadrant for Endpoint Protection Platforms (registration required), the capabilities of endpoint detection and response (EDR) solutions are now considered core components of an EPP, enabling enterprise threat investigators to:

  • Detect system-level suspicious behavior
  • Block malicious activity and contain the incident at the endpoint
  • Provide contextual information about potential threats
  • Investigate security incidents
  • Provide remediation guidance

Evolution of endpoint protection

Endpoint protection emerged in the 1980s in the form of antivirus security software managed by an on-premises server. At the time, viruses were designed to propagate widespread infection through malicious code, which is why antivirus solutions based on signature (code) detection were effective.

But things have changed. Today’s cybercriminals are using more sophisticated techniques, have access to more resources, and take a more targeted approach. Endpoint protection had to evolve rapidly to keep up with the evolving threat environment, the culture of bring your own device (BYOD), and the rise in remote work, which was accelerated by COVID-19 restrictions. Many users are now using personally-owned devices and connecting over unsecured home broadband networks, and devices run a wide range of operating systems, including a range of non-standard IoT operating systems in addition to the many flavors of Microsoft Windows, Google Android, Apple iOS, etc.

Traditional endpoint protection solutions are unsuitable for the cloud and mobile world, because the endpoint software that gets installed on devices has to connect to the management console via the VPN to work—and with most people using direct-to-cloud connections to access cloud apps, such on-premises solutions are blind to their activity. 

Desirable EPP solutions are primarily cloud-managed, allowing the continuous monitoring and collection of activity data, along with the ability to take remote remediation actions, whether the endpoint is on the corporate network or outside of the office.

Gartner

Why cloud is important for endpoint protection

With the increase in remote work, endpoints are easier targets than ever before. According to IDC, even with the growth in attacks against applications and cloud workloads, seventy percent of all breaches still originate at endpoints, despite increased IT spending on this threat surface.

The IBM Cost of Data Breach Report 2020 identified endpoints as the root cause of breaches, with 52 percent of data breaches caused by malicious attacks, 25 percent by glitches, and 23 percent by human error. Of the malicious attacks, endpoint threat vectors most targeted include:

  • Compromised credentials (19%)
  • Vulnerability in third-party software (16%)
  • Phishing (14%)
  • Business email compromise (5%)

The sudden need for employees to work from home has increased the prevalence of remotely connected devices and has placed pressure on IT security teams to quickly spin up cloud-based solutions that protect against advanced threats. With these changes come specific cybersecurity risks:

Misconfigurations: The pace of change in cloud technology paired with the number of tools connected and the speed of work creates an environment that’s challenging to manage, secure, and keep updated. One simple misconfiguration can open the door to cyberthreats, data loss, and result in potentially devastating consequences, making it essential to prevent cloud misconfigurations, which have become the leading cause of cloud data breaches.

Increased exposure to attackersGartner’s 2021 Planning Guide for Security and Risk Management cautions against this challenge, “by the move to cloud-based services and work-from-home scenarios, which often make previously firewalled users and assets more exposed. Common attacks include siegeware and ransomware, business email compromise, and credential phishing and stuffing.” Credential phishing has been the cause of highly publicized breaches in which millions of customer records have been exposed.

Device control: With so many mobile devices connecting over unsecured networks, enterprises are at a much greater risk of attack from sophisticated and well-financed adversaries. Attackers often target employees of a company hoping to infect just one device. When that employee connects to the network, the malware can propagate, attacking more valuable targets, stealing data, making applications inaccessible, and more.

Another challenge is the growing attack surface from IoT devices, OT systems that control manufacturing and production, and agents connecting to the internet and enterprise network and applications—many of which are designed with minimal security. Gartner explains this challenge in its 2021 Planning Guide for Security and Risk Management: “Some of them are multihomed, combining a Wi-Fi or hardwired network connection with cellular communications, thus creating possible entry points onto the enterprise network. Various intelligent agents...take over human tasks, but their security is not yet well understood.”

As security teams investigate more effective ways to protect their organizations’ data, networks, and end users without hindering productivity, they must inevitably turn to cloud security, including cloud-delivered endpoint protection.

 

How endpoint protection works using a cloud service

On-premises management of endpoint security leaves room for vulnerabilities, while a cloud-native architecture is fast to set up and provides always-up-to-date threat protection. Zscaler partners with leaders in endpoint security to further control connectivity to corporate assets, isolate infected devices, and receive and share threat intelligence to deliver endpoint reporting to enterprise customers.

  • Cloud-native EDR/EPP deploys endpoint sensors to devices alongside Zscaler Client Connector in a matter of hours.
  • Endpoint sensors send event-related data to the cloud for adaptive machine learning-based behavior and posture analysis.
  • Indicator of compromise (IoC) enrichment data feeds into the Zscaler Zero Trust Exchange, so that single event data helps protect all users.

 

How to improve endpoint security with Zscaler

Zscaler enables organizations to boost endpoint-to-cloud security by reducing vulnerabilities and minimizing the impact of attacks. Here’s how:

  • Implements zero trust access based on the real-time security posture of the endpoint
  • Provides broad visibility into any compromised device connecting through the Zscaler cloud
  • Provides the most updated protection at all times, with more than 200,000 unique security updates per day in the Zscaler cloud
  • Enables immediate incident response
  • Delivers security as a service with unlimited scale

Learn about the Zscaler technology partner ecosystem, which includes leading vendors and service providers of endpoint protection such as VMware Carbon Black, Crowdstrike, and SentinelOne.

Learn about the Zscaler Zero Trust Exchange platform

Learn about end-to-end visibility with Zscaler Digital Experience