Endpoint Security
Terms for protecting devices such as laptops, servers, mobile devices, and workloads through monitoring, policy, and response.
Endpoint Security
This section covers endpoint protection vocabulary such as antivirus, EDR, XDR, hardening, device management, and host-based controls.
Use it when the term is about protecting the device or workload itself.
Core Articles
Endpoint security works best when it reinforces Least Privilege, Defense in Depth, Multi-Factor Authentication, and Network Segmentation.
In this section
- Anti-Malware
Anti-malware is the broader category of controls used to detect, block, or remove malicious software and related harmful behavior on endpoints.
- Antivirus
Antivirus is endpoint protection software that helps detect, block, or remove malicious files and related threats on devices.
- Application Whitelisting
Application whitelisting limits which programs are allowed to run so unapproved or unexpected code is blocked by policy.
- Browser Isolation
Browser isolation is a security approach that separates web browsing activity from the user's main endpoint so risky web content is less likely to directly affect the device.
- Command-Line Auditing
Command-line auditing is the practice of recording and reviewing command execution activity so administrators and security teams can understand what actions were taken on systems.
- Device Compliance
Device compliance is the evaluation of whether a device meets required security conditions before it is trusted for access.
- Device Hardening
Device hardening is the practice of reducing unnecessary exposure on a device through safer configuration, fewer services, and tighter control settings.
- Disk Encryption
Disk encryption is the protection of stored data on a device by keeping it unreadable without the required cryptographic key or unlock process.
- Endpoint Detection and Response
Endpoint detection and response combines endpoint telemetry, alerting, and response actions to help detect and contain suspicious activity on devices.
- Endpoint Isolation
Endpoint isolation is a containment action that cuts a device off from most network communication so security teams can limit spread and investigate safely.
- Extended Detection and Response
Extended detection and response combines signals from multiple security domains so defenders can investigate and respond with broader context than endpoint data alone.
- File Integrity Monitoring
File integrity monitoring is the practice of watching important files for unexpected creation, deletion, or modification.
- Host-Based Firewall
A host-based firewall filters traffic at the device level so each endpoint can enforce its own local network access rules.
- Mobile Application Management
Mobile application management is a control approach focused on governing business apps and their data on mobile devices without necessarily managing the entire device at the same depth as MDM.
- Mobile Device Management
Mobile device management is the use of centralized policy and control to secure, configure, and manage mobile devices and sometimes other managed endpoints.
- Patch Management
Patch management is the process of identifying, testing, deploying, and tracking software updates that reduce security and operational risk.
- Remote Wipe
Remote wipe is the ability to erase data or reset a managed device from a distance when the device is lost, stolen, or no longer trusted.
- Sandboxing
Sandboxing is the practice of running code or content in a restricted environment so its behavior is contained and its access to the broader system is limited.
- Secure Boot
Secure Boot is a startup protection mechanism that verifies trusted boot components before the operating system is allowed to load.
- Tamper Protection
Tamper protection is a control that helps prevent malware or unauthorized users from disabling or weakening endpoint security tools and settings.
- Trusted Execution Environment
A trusted execution environment is a protected area of a device or processor designed to isolate sensitive operations and data from the rest of the system.