Every point of network interaction is a potential part of the network attack surface. Endpoint security simply involves hardening devices to reduce the attack surface and limiting network attack vectors. Endpoint Detection and Response (EDR) is a critical part of the overall security strategy, which addresses the need for continuous monitoring and responds to advanced threats. Securing endpoints starts with endpoint discovery as it is important to know what's on a network. The discovery of assets helps in building an inventory that includes firmware, OS, and many attributes. Security administrators can now assign the appropriate security policies to endpoints, and they can continue monitoring to help with any policy violations, unwanted changes, and unauthorized access:
EDR systems can also be lightweight programs called agents that run on each endpoint in the form of an application. They may even run in the form of a kernel‐level plugin on devices that may not support hosting applications directly. For some scenarios, an agentless approach can also be used. An agent provides real‐time monitoring for data traffic passing through NIC, analyze, and alert. Your endpoints can be hosted on an on-premise network such as an enterprise data center. They may also be hosted on a cloud network using a variety of devices such as virtual desktop or a wide range of operating systems such as Amazon Web Services and Azure deployments.