Endpoint detection is intelligent security software that is installed on the end device (eg computer, smartphone, tablet) of the user, in conjunction with monitoring by IT security experts. The goal is to protect the devices from cyber attacks and react as quickly as possible in the event of an incident.
How exactly does endpoint detection work?
The service comes in two stages and is roughly comparable to security checks at events.
Stage 1: The rough scan
Intelligent antivirus protection scans all data that arrives on the device for known malicious programs from the stored database. Machine learning can also detect variations of dangerous programs. Suspicious actions are automatically blocked. Inconspicuous information is allowed through. As with security checks, anyone who looks harmless and is not a known troublemaker will come in.
Stage 2: The manual examination
The intelligent part of the service detects suspicious activity that is not clearly a cyber attack from the outset. These are immediately reported to IT security experts who manually check the irregularities. If it is an attack, they take initial action. In major incidents, those affected will be informed promptly to take joint action. Again, the comparison with the security check fits: Whoever behaves suspiciously is checked and not even let in, or kicked out if necessary.
The range of services offered in the individual components, artificial intelligence, software, monitoring and IT security experts, can vary greatly from provider to provider.