Endpoint security is the practice of protecting laptops, desktops, servers, mobile devices, and other endpoints from compromise. It includes prevention, detection, response, hardening, patching, device management, encryption, access control, and visibility.
Endpoint security is often reduced to a single agent, but that is too narrow. Real endpoint security is about whether the device is known, managed, patched, protected, monitored, and tied to the right user and business context.
Endpoints are where people work, where credentials are used, where files are downloaded, and where attackers often get their first foothold. A single unmanaged laptop or poorly protected server can become the starting point for a larger incident.
The endpoint is also where many security controls meet the real world. If the device is missing from management, not reporting, or tied to a risky user, the rest of the security program may have blind spots.
An endpoint is any device that connects to the environment. Common examples include:
The exact definition can vary, but the security question is the same: can the device access business systems, data, or credentials?
Endpoint security usually includes several layers of protection.
EDR is one part of endpoint security. It focuses on monitoring endpoint behavior, detecting threats, supporting investigation, and enabling response actions.
Endpoint security is broader. It includes EDR, but it also includes prevention, patching, encryption, device compliance, hardening, ownership, and policy enforcement.
Endpoint security focuses on the device. XDR connects signals across multiple security layers such as endpoint, identity, email, network, cloud, and SaaS.
Endpoint telemetry is often one of the most important inputs into XDR, but XDR is trying to connect the endpoint story to the rest of the attack.
Endpoint security gaps are common because device environments change constantly. Employees join and leave. Devices age out. Servers are excluded. Agents stop reporting. BYOD enters the environment.
Common gaps include:
Endpoint security should be evaluated by coverage and effectiveness, not just tool ownership.