Here is our list of the best endpoint protection solutions and software:

  • CoSoSys Endpoint Protector EDITOR’S COICE Cloud-based data loss prevention software that also available as a virtual appliance. It helps towards HIPAA, GDPR, and PCI DSS. Get free demo.
  • ManageEngine Vulnerability Manager Plus (FREE TRIAL) An endpoint security system that is bundled into a unified endpoint management service. Installs on Windows and Windows Server.
  • Barracuda XDR (GET FREE DEMO) A managed security service that MSPs can pass on to their clients. This is a SaaS package.
  • ThreatLocker (GET FREE DEMO) This cloud-based service blocks all software from running on endpoints unless it is specifically approved and so disables all malware.
  • ManageEngine Log360 (FREE TRIAL) Endpoint agents gather logs activity data that is sent to a central server for SIEM threat hunting. Runs on Windows Server.
  • Bitdefender Gravity Zone Endpoint Security Protection for devices that can be combined with network protection.
  • CrowdStrike Falcon A cloud-based endpoint protection platform that combines a next-generation AV, a threat intelligence feed, a UEBA, and firewall management to coordinate full system security.
  • Sophos Intercept X Endpoint An AI-based security system.
  • Trend Micro Apex One A blend of traditional and innovative protection techniques.
  • ESET Endpoint Security Endpoint protection that includes network protection tools.
  • N-able EDR A combined endpoint and network protection solution.
  • Check Point Harmony Endpoint Includes threat detection and remediation, phishing protection, and a ransomware immunizer.
  • Symantec Endpoint Detection and Response Cutting-edge malware and intrusion protection
  • Panda Endpoint Protection Protection for networked computers, managed from the Cloud.
  • CounterTack GoSecure ESL Predictive, AI-driven endpoint protection.
  • Malwarebytes Endpoint Protection Cloud-based protection for computers on a network.
  • Cylance Protect AI threat protection for endpoints.

Are endpoint protection solutions better than using antivirus software?

As soon as antivirus producers produce a solution to a piece of malware, hackers discover another attack strategy. New viruses, for which an antidote has not yet been created, are called “zero-day” attacks. Hackers can continue to cause damage to the computers of businesses and the general public by keeping a virus production pipeline running.

Knowing that there is always going to be another virus on the horizon to deal with, cybersecurity companies have chosen a new approach. Rather than trying to identify individual viruses and work on blocks for them, companies now focus on spotting anomalous behavior and locking down key services on computers and computerized devices to prevent tampering.

This new strategy is broader than the antivirus or anti-malware approach of one application to defend a computer. Many no longer include a virus database, which, by some industry definitions, means that they do not qualify for the label “antivirus.” A new buzzword emerging in the field is “replacement” technology. These new cybersecurity suites replace antivirus systems entirely with a new AI-based baseline and deviation detection systems.

What is an Endpoint Protection Solution?

The umbrella term applied to all cybersecurity efforts to protect a device connected to a network, as opposed to the network itself, is “endpoint protection”. This review will look at the leaders in the field of endpoint protection and how each of those cybersecurity providers approaches the task of protecting user devices.

There isn’t a single solution format for replacement technology. The defining feature of endpoint protection is that it is based on the device that the user accesses. In some cases, that solution is delivered from an external source, but its priority is to protect individual devices, not an entire system of network-connected devices.

Firewalls aren’t regarded as part of endpoint protection. This is because they are designed to protect networks. In many domestic implementations, firewalls run on a computer and operate to protect just one computer. However, firewalls are designed to block traffic, whereas endpoint protection looks at the processes running on a computer.

There are some types of cybersecurity strategies that fall both into the network protection and endpoint protection categories. An example of these is cyber defense which focuses on analyzing log file messages to spot malicious activity – that strategy can be applied to both network and endpoint protection.

The best endpoint protection solutions and software

Although attacks on privately-owned devices are of serious concern, the main focus of the cybersecurity industry is on solutions to defend businesses. Corporate buyers need protection for all of their equipment, including networks and endpoints. So, many endpoint protection systems form part of a suite of programs that cover the entire technology infrastructure. In this guide, we will detail only those modules that protect endpoints.

With these selection criteria in mind, we identified the outstanding EPPs that provide universal protection strategies. You can read more about these options in the following sections.

Our methodology for selecting an endpoint protection solution 

We reviewed the market for endpoint protection solutions and analyzed tools based on the following criteria:

  • Behavior tracking for baselining
  • Asset identification
  • Anomaly detection to combat zero-day attacks
  • A range of system protection measures for a multi-strategy approach
  • Automated responses
  • A free trial or a demo for a risk-free assessment opportunity
  • Value for money from a reliable protection system that is offered at a fair price

1. CoSoSys Endpoint Protector (ACCESS FREE DEMO)

Endpoint Protector is a data loss prevention system that uses traffic monitoring and encryption enforcement to protect data. The service examines traffic to block intruder data theft and insider threats.

Key Features

  • Cloud-based edge service
  • Data loss prevention
  • Agent-based endpoint protection
  • USB and port controls
  • PII tracking

The Endpoint Protector system is an edge service and it can be implemented through a SaaS system hosted by CoSoSys, the creators of the protection service. Customers can also get the system as software to be installed on an AWS, Azure, or Google Cloud Platform account. Another option is to install the software onsite as a virtual machine. In all cases, the Endpoint Protector system is charged for by subscription.

Agents on devices add further protection for Windows, macOS, and Linux endpoints. These services implement USB and port control to block data from being transferred onto portable storage devices. Not all devices will be blocked because some businesses rely on attached storage devices. Where transfers to devices are allowed, the Endpoint Protector system automatically encrypts data as it passes to the device.

One big problem that many organizations have is that they don’t properly categorize all of their data and don’t know where all of the PII that they manage is actually held. This becomes a headache when the business starts to implement a data security standard, such as HIPAA or PCI DSS.

Endpoint Protector has an eDiscovery module that scans all devices and identifies the locations of all PII. This search enables PII to be protected with encryption and gives the system administrator the option of planning a central data store for PII, which can be monitored and protected more easily than ad-hoc distributed data stores.

You can evaluate the online version via a free demo.

Pros:

  • Custom security policies can be based on the user rather than the machine
  • Automatically assesses risk based on vulnerabilities found on the endpoint
  • Can alert to improper file access or insider threats (Acts as a DLP solution)
  • Prevents data theft and BadUSB attacks through device control settings

Cons:

  • Would like to see a trial version available for testing

CoSoSys Endpoint Protector Get Demo

2. ManageEngine Vulnerability Manager Plus (FREE TRIAL)

ManageEngine Vulnerability Manager Plus offers protection for endpoints running Windows, Windows Server, macOS, and Linux – the console for this package of security services installs on Windows Server and each enrolled device requires an agent program installed in it.

  • Automated vulnerability scanning
  • Patch management
  • System hardening

The endpoint protection system is actually a bundle of tools. Central to the whole package is a vulnerability scanner. When starting its service, the system searches the network for all endpoints and installs an agent on each. Then it does a full scan, looking for vulnerabilities.

The vulnerability scanner receives an update feed whenever a new vulnerability is discovered. This could be a loophole in a piece of software or a combination of system settings that makes life easier for hackers. A new problem to look out for triggers a new scan of the entire system. The agents on each endpoint also perform a scan automatically every 90 minutes – this catches any new software that might be installed and also picks up on system configuration changes.

Vulnerability Manager Plus polls for new software updates – these are often the main solution to shut down loopholes. The system can implement problem remediation automatically. This will install patches and reconfigure devices to tighten up security. Alternatively, you can set the system to notify you of problems and suggest solutions, so you can investigate and launch the repairs yourself.

Vulnerability Manager Plus is offered in three editions: Free, Professional, and Enterprise. The free version is limited to monitoring 25 computers. The Professional edition covers one site and the Enterprise edition covers WANs. Both paid systems are offered on a 30-day free trial.

  • Great for proactive scanning and documentation

  • Robust reporting can help show improvements after remediation

  • Built to scale, can support large networks

  • Flexible – can run on Windows, Linux, and Mac

  • The ManageEngine ecosystem is very detailed, requiring time to learn all of its features

ManageEngine Vulnerability Manager Plus Start 30-day FREE Trial

3. Barracuda XDR (GET FREE DEMO)

Barracuda XDR is a managed security service. That means that the XDR is not only a SaaS package but it also comes with a team of cybersecurity experts to run the system for you. The XDR is marketed to managed service providers. The proposal is that MSPs offer the Barracuda XDR to their clients and Barracuda does all of the work.

  • Network security
  • Cloud security
  • Email security

The Barracuda XDR proposal provides a Security Operations Center (SOC) for MSP clients. The full menu of services included in each package can be customized. Options include network, cloud, email, endpoint, and server security monitoring.

The XDR installs an agent on the client’s system and then gathers log messages. These are uploaded to the Barracuda cloud server where they are consolidated and searched for threats. If a threat is detected, the service can implement automated responses, such as suspending a user account or blocking communication from a suspicious IP address. The security experts examine these actions and decide whether further action is needed.

The threat hunting service works by anomaly detection. This uses machine learning to establish a pattern of regular activity per user and per device. Deviations from this standard provoke an alert. The Barracuda SOC is operational around the clock, so protection is never lacking at any time of the day or night.

Barracuda offers a demo of their XDR service.

  • Constant vigilance from a remote monitoring team

  • Anomaly detection with AI-based baselining

  • No work for the MSP that sells on the service to its clients

  • MSPs could be handing Barracuda their client lists

Barracuda XDR Get FREE Demo

4. ThreatLocker (ACCESS FREE DEMO)

ThreatLocker takes a different approach to endpoint protection. Rather than scanning constantly for malicious programs that could start running and cause damage, the ThreatLocker system blocks all software from being able to run. This default block is then modified by Allowlisting specific software. Thus, anything that is not on the list will be unable to launch. Any new software, including malware, will be similarly disabled and so does not present a threat.

Key Features:

  • A closed security stance
  • Controls software executions
  • Controls peripheral devices

The ThreatLocker system operates a Learning Mode for its allowlisting. This takes about a week and it records the software that is regularly used on each endpoint, creating a candidate list of software that could be allowed to continue to operate once the learning phase ends and lockdown starts.

USB memory devices present a number of problems for cybersecurity managers. The first of these is that they can be used to introduce malware to an endpoint but that isn’t an issue with ThreatLocker-guarded computers. However, those memory sticks can also be used to steal data. So, ThreatLocker blocks them from attaching to the operating system. Users have to request permission to use a USB device and that permission can be withdrawn at any time.

Other features on the ThreatLocker platform include an application fencing service, which restricts which drives and files a software package is allowed to access. There is also a network access control (NAC) service. This relates to devices rather than to users and it is implemented through the Access Control Lists (ACL) that any administrator familiar with router-based network security will understand.

ThreatLocker is a cloud service and during the onboarding process, you will be guided by the setup system to download and install agents on all of your devices and that gets the ThreatLocker package active. Access a demo to learn more about ThreatLocker.

  • Fast onboarding

  • Implements a form of Zero Trust Access

  • Protects cloud accounts as well as on-site servers

  • Doesn’t include a full access rights manager

ThreatLocker Register for the FREE Demo

5. ManageEngine Log360 (FREE TRIAL)

ManageEngine Log360 is a SIEM system that collects log data from endpoints to identify whether one is under attack. The security offered by this system also covers cloud platforms. The endpoint hosts an agent that gathers data to be sent to the log server and SIEM for analysis.

  • Centralized threat detection
  • On-device agent
  • SIEM

The agent collects Windows Events and Syslog messages from operating systems and also interacts with more than 700 software packages. When logs arrive at the log server, they are converted to a neutral format so that they can be stored and searched together.

The SIEM looks through these records in a threat hunting process that is enhanced by a threat intelligence feed. If suspicious activity is identified, the system raises an alert. This appears in the dashboard of Log360 and cal also be forwarded as a notification, fed through a service desk system, such as ManageEngine ServiceDesk Plus, Jira, and Kayoko.

Logs are stored for compliance auditing and the Log360 system also includes a compliance reporting module for HIPAA, PCI DSS, FISMA, SOX, GDPR, and GLBA.

Responses for endpoint protection require manual intervention or the participation of an external SOAR service.

The server for ManageEngine Log360 runs on Windows Server. You can assess the package with a 30-day free trial.

  • Fast identification of malicious activity on endpoints

  • Integrates with service desk systems

  • Includes cloud platform protection

  • Compliance reporting

  • No server software for Linux

ManageEngine Log360 Start 30-day FREE Trial

6. Bitdefender Gravity Zone Business Security

Bitdefender has been an anti-virus (AV) producer since it started up in 2001. More recently, the company has shifted its defense systems from the traditional antivirus model to comprehensive system defense packages. The company produces network defense systems as well as endpoint protection.

  • Signature-based AV
  • Anomaly-based threat detection
  • USB controls

GravityZone includes a signature detection database, which is similar to the traditional method of looking through a list of virus characteristics. Another similarity to traditional AV performance is that GravityZone terminates virus processes and removes the program. GravityZone adds on intrusion detection procedures to that layer of AV actions.

The tool monitors for attempts to access the device and blocks those communication sources that display malicious intent. It also tracks regular activities on the device to establish a baseline of typical behavior. Anomalous activity that deviates from that baseline provokes defense measures. The measures include tracking apparent exploit activity that characterizes “zero-day” attacks.

On top of threat resolution, the security suite will strengthen the defenses of your device. This module of the suite includes a patch manager to automatically install updates to the software. It also encrypts all of your disks to make data unreadable to intruders. The package also includes web-threat protection, USB checks, and application monitors. The package also includes a firewall.

Bitdefender offers a free trial of GravityZone.

  • Simple UI reduces the learning curve and helps users gain insights faster

  • Uses both signature-based detection and behavior analysis to identity threats

  • Offers disc encryption on top of endpoint protection

  • Includes device control options for locking down USB ports

  • Could use more documentation to help users get started quicker

7. Sophos Intercept X

Sophos is one of the leading implementers of AI-methods in the cybersecurity industry. Intercept X uses machine learning to establish a baseline of regular activity on a device and then generates alerts when it detects events that do not fit into regular work patterns. That element of the security system detects malware and malicious intrusion. A second element automates responses to detected problems.

  • AI-based user behavior analysis
  • Fileless malware blocks
  • Automated threat response

Other elements in the Intercept X package focus on specific threat types. For example, CryptoGuard is a ransomware blocking system. Other tools in the pack prevent malware from sneaking onto your device through a browser. This system blocks the methods used by fileless malware, which leaks onto a computer from infected web pages. Another tool checks downloads for viruses and will block the downloads from completing if a virus is sniffed in the file as it downloads. Similarly, the software scans all directories for malware and will also verify any USB memory sticks when they are attached.

8 CrowdStrike Falcon

  • Leverages machine learning and artificial intelligence to stop new and evolving threats

  • Offers protection against fileless malware and ransomware

  • Users can implement automation to stop threats, or immediately escalate issues

  • Scans external devices as soon as they’re plugged into the computer

  • Better suited for small to medium-sized companies

CrowdStrike Falcon is a cloud-based endpoint protection platform (EPP). The system includes AV, threat protection, and device control. This multi-vector approach creates a very thorough endpoint protection system that deploys AI techniques and threat intelligence to block any damaging events that would harm your enterprise.

  • AI-based baselining
  • Avoidance of false-positive reporting
  • Flexible modular solution
  • Firewall coordination
  • Distributed protection

The platform is composed of modules and all operate both in the cloud and on-site. The on-premises element of the EPP is implemented with an agent that you need to install on your system. This agent ensures that endpoint protection keeps running even if you lose your internet connection.

The key endpoint protection module of Falcon is called Falcon Prevent. This is the AV replacement that combats malware. The system uses machine learning to monitor the regular activities on a device and then identify anomalous actions. The advantage of this AI approach is that it can cat malicious activity that hijacks authorized programs to implement attacks. An example of this type of attack is fileless malware, which traditional AV systems could not spot.

The CrowdStrike Falcon platform is offered in four editions: Pro, Enterprise, Premium, and Complete. The Complete package is a managed service, which removes the need for you or your staff to monitor the service to spot problems and act on them – the CrowdStrike staff does that for you. The Pro edition is the entry-level package that includes Falcon Protect plus Falcon Intelligence, which is a threat intelligence system. The Pro package also includes Falcon Device Control, which lets you block or manage access to USB devices. Another module in the Falcon Pro bundle is Falcon Firewall Management. This doesn’t replace your firewall, but it interfaces to it, making policy creation a lot easier.

CrowdStrike offers a free trial of Falcon Pro.

  • Doesn’t rely on only log files to threat detection, uses process scanning to find threats right away

  • Acts as a HIDS and endpoint protection tool all in one

  • Can track and alert anomalous behavior over time, improves the longer it monitors the network

  • Can install either on-premise or directly into a cloud-based architecture

  • Lightweight agents won’t slow down servers or end-user devices

  • Would benefit from a longer trial period

9. Trend Micro Apex One

Trend Micro is a prominent AV producer that has crossed over into more sophisticated endpoint protection solutions. Apex One is a blend of old and new. It still has a traditional anti-malware system at its heart, but that threat database lists system vulnerabilities rather than virus signatures. Apex One has added behavior monitoring to improve defenses against zero-day attacks.

  • Blocks web-borne attacks
  • User behavior assessments
  • Automated responses

The threat hunting element of this package is a host-based intrusion detection system with automated defense actions. The tool will identify malicious processes. It kills that program and isolates the program that started it. The company calls this “virtual patching.” It will suspend the capabilities of the problematic program until a patch is available for it to close the exploit. Automatically, that process removes malware, because those malicious programs will never get an update to remove the troublesome behavior.

Apex One provides defense against cryptomining, ransomware, and fileless malware as well as the traditional Trojans and viruses. This is a Cloud-based service, but you will need to install an agent on your computer for it to monitor the system. This runs on Windows and Windows Server.

10. ESET Endpoint Security

  • Can detect system vulnerabilities as well as threats based on behavior

  • Includes HIDs features for additional protection

  • Can isolate unpatched applications and systems until fixes are deployed

  • Stops browser-based threats such as crypto mining, and click-jacking

  • Is only available as a cloud-based solution

ESET Endpoint Security protects your company’s computers from malicious activity that might enter over your network. It also blocks any malicious software from connecting to your network. This is termed a “two-way firewall” and it is the second line of defense. The first line of defense is a Host-based Intrusion Prevention System (HIPS) that monitors event messages in the log files on your computers.

  • Host-based intrusion prevention system
  • Botnet detection
  • On-premises or cloud-based

The HIPS methodology looks for patterns of malicious behavior. The responses to any discovery can be automated so that damage will not continue during the times that the security system’s dashboard is unattended. Some of the actions that the detection system looks for are botnet messages that generate DDoS attacks on other computers and ransomware.

This security service runs on-site and it can be installed on Windows and Linux. A Cloud-based version is available. ESET also produces network attack protection software.

11. N-able EDR

  • Excellent dashboards – highly customizable with visual displays

  • Leverages HIPS techniques to uncover threats by their behavior, not signature

  • Can prevent bot attacks and identify threats by looking for C&C messages on the network

  • Available as a cloud-based SaaS, or on-premise

  • Many features are tailored to medium to large-size networks, smaller home networks may not use all features available

The N-able Endpoint Detection and Response is a good example of the evolution in endpoint security to a full suite of attack protection. This is part of an overall system security service, which is managed from the Cloud. The tool uses log analysis and protection methods that derive from SIEM (System Information and Event Management).

  • Host-based intrusion prevention system
  • Anomalous behavior monitoring
  • Automated threat response

The main module of the Threat Monitor examines log files for warning signs. Just about every action that takes place on your computer and on your network generates a log message. These log messages are not collected automatically. Many businesses just ignore this amazing source of system information that will highlight the anomalous activity that is caused by malicious programs or unauthorized access.

The EDR isn’t just endpoint security because it covers networks as well. The service gathers all of those event messages and stores them to files for analysis. The tool is an Intrusion Protection System (IPS) which can generate standard signs that something is not right on your system. Traditional malware protection will warn you of dangerous processes. The IPS goes one step further than just blocking processes or removing a piece of software because it can block malicious users as well.

You can register for a demo.

  • Designed to provide endpoint protection at scale – great for enterprise networks

  • Identifies threats based on behavior and alerts to anomalous activity

  • Provides protection against insider threats (IPS)

  • Integrates well with SolarWinds SEM and Patch Manager

  • Would like to see a longer trial period

12. Check Point Harmony Endpoint

Harmony Endpoint is an endpoint protection (EPP) and endpoint detection and response (EDR) solution from Check Point. This software has AI procedures built into it and includes a range of defense strategies. The package is intended to address the risks to the computers of remote workers and the possibility that portable storage devices can spread viruses.

  • AI-based baseline strategy
  • Credential protection
  • System-wide coordinated defense

NSS Labs encountered a threat catch rate of 99.12 percent from Harmony Endpoint during the 2020 edition of its Advanced Endpoint Protection industry assessment tests. That was the highest score of all the security software products that were examined in the comparison. Thus, the test awarded Harmony Endpoint its highest rating: AA.

Harmony Endpoint deploys a number of strategies to protect endpoints from attack. One of these is its anti-bot system, which blocks the protected computer from communicating with a command and control center. If the computer has been infected to become part of DDoS attacks, the anti-bot will prevent it from part of an attack.

The Harmony Endpoint system isolates files in a virtual sandbox for inspection so that they can’t operate on the computer until they have been fully assessed. The virus and threat detection module of Harmony Endpoint uses AI techniques to spot anomalous behavior and raise an alert. Remedial action can be automated so that Harmony Endpoint becomes a threat prevention system.

The Check Point ThreatCloud threat database provides constantly updated threat intelligence to the Harmony Endpoint EPP.

When viruses are detected, Harmony Endpoint Forensics documents the attack, identifying its entry point and its actions. These reports give technicians indicators on the weak points of the endpoint, allowing for vulnerabilities to be closed off.

Anti-Ransomware features in the Harmony Endpoint package includes automatic file restoration in case its immunizer doesn’t prevent the threatened action from taking place. Other modules include Zero-Phishing, which prevents credential theft and fraud and also blocks access to suspicious sites.

Check Point offers a free trial of Harmony Endpoint .

  • Leverages artificial intelligence to detect and prevent cyberattacks

  • Offers bot protection by continuously monitoring the threat landscape

  • Provides ransomware detection and phishing protection

  • Works well on both smaller networks and enterprise environments

  • It can take time to fully explore and configure all of the settings available on the platform

13. Symantec Endpoint Detection and Response

Symantec’s Endpoint Detection and Response employs AI methods to track down malicious activity – this is called “threat hunting.” The system is available as a software module, as an appliance, and as a Cloud-based service. If you opt for the Cloud version, you still have to install agent software on your site. This runs on Windows and Windows Server. The on-premises software runs on Windows, Windows Server, Mac OS, and Linux. Endpoint Protection and Response is an upgrade to the Symantec basic Endpoint Protection service.

  • Coordinated, distributed system defense
  • AI-based baselining
  • Memory scanning

The system implements SIEM procedures to check for worrying events written in log files. It also establishes a pattern of normal behavior on the device and raises an alert when processes on the computer deviate from this record. The threat hunter also continuously scans memory for malicious activity. It keeps a record of all activity patterns for long-term analysis. As well as raising alerts, the system can also trigger automated actions to shut down malicious processes as soon as they are spotted. You can get the Endpoint Detection and Response system on a free trial.

Related post: Symantec Endpoint Protection: Full Review & Rival Comparison

  • Takes a forensic level approach to identity, blocking, and documenting threats

  • Highly flexible – available on-premise or as a cloud-based service

  • Uses SIEM features to ingest information from across the network to identify threats from anywhere

  • Would like to see more data visualization options

14. Panda Endpoint Protection

Endpoint Protection from Panda Security centralizes the protection of all of the computers connected to your network. That is, you can see all security events on all of the computers on your network on one single console, which is provided from the Cloud. The protection operates on desktop computers, laptops, mobile devices, and servers; those protected endpoints can be running Windows, Windows Server, Mac OS, Linux, or Android. The company calls this “collective intelligence.”

The system will check on the statuses of peripherals as well as the directly-connected devices. It establishes a policy baseline and then automatically drops processes that don’t conform to the profile.

15. CounterTack GoSecure ESL

  • Great for small to medium-sized networks

  • Endpoint agents are designed for cross-platform use – including mobile devices

  • Immediately scans new devices and hardware plugged into the network for threats

  • Enterprises and larger networks might need more advanced options and customization

GoSecure is the main brand of cybersecurity startup, CounterTack. ESL stands for Endpoint Security Lifestyle. This is a vulnerability monitor and it doesn’t include any antivirus module. However, it will monitor any third-party AV system running on your network-attached endpoints.

The features of this tool include asset discovery, patch management, AV monitoring, configuration management, and vulnerability assessment.

The premise of this tool is that you just need to keep your system tight with all software up-to-date in order to protect against malware. This service is delivered from the Cloud.

16. Malwarebytes Endpoint Protection

  • Uses a simple yet informative user interface

  • Focuses more on finding vulnerabilities than providing anti-virus services

  • A solid option for small to medium-sized networks

  • Only available as a cloud service

  • Does not offer anti-virus services, but can centrally manage third-party AV software

The Malwarebytes security system will protect endpoints running Windows and Mac OS. This is a Cloud-based system, so it will need access to your network through your firewall.

The remote system communicates with an agent installed on one of your servers. The agent searches the computers on your system to read through lists of active processes, logging activity. It then keeps a check on any unusual activity that doesn’t conform to this pattern of normal behavior. The malware detection system also relies on the traditional AV method of a threat database that stores the characteristic behavior of known viruses.

Responses to detected threats are launched automatically. The protection extends to the blocking of botnet activity and the refusal to allow browsers to load infected web pages.

Malwarebytes offers a free trial of Endpoint Protection.

  • Provides high-level insights of threats and asset heath from devices across the entire network

  • Identifies both malicious processes and behavior

  • Offers botnet protection as well as protection from browser-based threats

  • Would like to see a longer trial of the full product for testing

17. Cylance Protect

Cylance Protect is an AI-based endpoint protection system that does away with the need for a threat database. You have a choice of getting the Cylance Protect software to install on your own server, or accessing it as a Cloud-based service with an agent program installed on one of your sites.

The service monitors file operations on your computers, blocking the installation of malicious programs. It will also scan memory for unauthorized activity, which will block off the operations of fileless malware. All in all, the Cylance strategy is designed to prevent zero-day attacks by preventing the need for malware analysis and threat response distribution.

Threat remediation occurs immediately. This takes the form of blocking incoming traffic from a suspicious address, booting off intruders, and killing malicious processes.

Endpoint protection in context

As a business user, you will be managing many endpoints within your offices and also remote computers owned by telecommuting freelancers and home-based employees. An open network that includes remote and user-owned devices is vulnerable to greater risk than a contained office LAN.

  • Uses artificial intelligence to continuously stop new threats

  • Offers both cloud-based service as well as an on-premise version

  • Uses simple dashboards for individual or NOC monitoring

  • Supports automation – great for immediately squashing attacks or escalating to technicians

  • Would like to see more documentation for new users

Endpoint protection is certainly necessary. However, this shouldn’t be your only line of defense against malware and intruders. You should consider your IT infrastructure as a whole when implementing security measures and make sure that your network is protected by strong security as well as by introducing endpoint protection.