End point security, or endpoint security as it is frequently written, is any sort of security measure installed on a computer, smartphone, or other user-driven device. In Internet parlance, and “end point” is the final destination of data delivery, or where online services reach human control and manipulation. Desktop and laptop computers are the most common examples of end points. End point security can be as simple as an installed antivirus program, or as complex as a corporate network control mechanism.
For as many benefits as the Internet imparts, it also carries with it some pretty significant risks. Computer viruses are quick to spread through both e-mail and spyware, which is packaged in many Internet downloads. When computer owners purchase antivirus software or malware detection programs, they are engaging end point security measures.
Most modern corporations operate their own network servers to which all employee computers attach. Each individual computer is its own end point, but the corporate server operator has a great deal of control over the individual machines. Corporate end point security usually involves updates and monitoring on employee machines. Some of this comes as antivirus protection, but the majority is browser updates and software security, website filtering and blocking, and protection against internal threats, including rogue employees who may be looking to steal proprietary corporate data. Much of this happens without the employees’ awareness.
Companies also often engage in end point security that protects not against external threats of viruses or spam, but against information theft from the inside. Employees who have been fired or are planning an imminent departure frequently copy proprietary corporate data from their networked computers onto flash drives or other portable data storage devices. They frequently use this information to compete with the company later on down the line.
End point security programs designed for information security and intrusion detection work in almost the same way as those intended to prevent more external threats. Most of these sorts of programs come in the form of monitoring software. Corporate network managers install this software onto the server’s mainframe computers and are able then to monitor the data exports and information exchanges that happen across all networked computers.
Depending on the sophistication of the program, network managers can monitor the devices that users attach and can also set restrictions on the kinds of external devices that are permitted. It is possible, for instance, to set a network ban on any data transfer to flash drives. Even if transfers are permitted, network administrators can often obtain a record of exactly what was exported by which users and when.
Corporate end point security can also be tailored to limit the sorts of downloads and uploads that users can make on their networked machines. This can help managers’ data security efforts by helping them to identify potentially malicious downloads or data exports and is a major part of intrusion prevention. Limiting downloads is a key way of preventing external attacks, and controlling uploads helps managers keep proprietary information protected.