Endpoint-Security

Endpoint detection and response combines endpoint telemetry, alerting, and response actions to help detect and contain suspicious activity on devices.

Extended detection and response combines signals from multiple security domains so defenders can investigate and respond with broader context than endpoint data alone.

Antivirus is endpoint protection software that helps detect, block, or remove malicious files and related threats on devices.

Application whitelisting limits which programs are allowed to run so unapproved or unexpected code is blocked by policy.

Mobile device management is the use of centralized policy and control to secure, configure, and manage mobile devices and sometimes other managed endpoints.

Anti-malware is the broader category of controls used to detect, block, or remove malicious software and related harmful behavior on endpoints.

Device hardening is the practice of reducing unnecessary exposure on a device through safer configuration, fewer services, and tighter control settings.

A host-based firewall filters traffic at the device level so each endpoint can enforce its own local network access rules.

Patch management is the process of identifying, testing, deploying, and tracking software updates that reduce security and operational risk.

Secure Boot is a startup trust mechanism that verifies approved boot components before the operating system is allowed to load.

Device compliance is the evaluation of whether a device meets required security conditions before it is trusted for access.

Endpoint isolation is a containment action that cuts a device off from most network communication so security teams can limit spread and investigate safely.

Tamper protection is a control that helps prevent malware or unauthorized users from disabling or weakening endpoint security tools and settings.

Disk encryption is the protection of stored data on a device by keeping it unreadable without the required cryptographic key or unlock process.

Remote wipe is the ability to erase data or reset a managed device from a distance when the device is lost, stolen, or no longer trusted.

Sandboxing is the practice of running code or content in a restricted environment so its behavior is contained and its access to the broader system is limited.

File integrity monitoring is the practice of watching important files for unexpected creation, deletion, or modification.

Mobile application management is a policy approach that controls business apps and their data on mobile devices, often used for BYOD when full device management is not appropriate.

A trusted execution environment is a protected area of a device or processor designed to isolate sensitive operations and data from the rest of the system.

Browser isolation is a security approach that separates web browsing activity from the user's main endpoint so risky web content is less likely to directly affect the device.

Command-line auditing is the practice of recording and reviewing command execution activity so administrators and security teams can understand what actions were taken on systems.