Trellix Introduction Video

Trellix Introduction

A living security platform with a pulse that is always learning and always adapting.

XDR Solution Brief

XDR Solution Brief

Learn how an XDR ecosystem that’s always adapting can energize your enterprise.

Gartner Magic Quadrant for Endpoint Protection Platforms

Gartner MQ (Endpoint)

Download the Magic Quadrant report, which evaluates the 19 vendors based on ability to execute and completeness of vision.

Gartner Marketplace Guide (XDR)

Gartner® Report: Market Guide for XDR

As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."

Prime Minister’s Office Compromised

Prime Minister’s Office Compromised

Multi-stage cyberespionage campaign targeting high-ranking government officials overseeing national security policy and defense industry.

January 2022 - Threat Report

Trellix Threat Report: January 2022

Our new company’s first threat report features research on Log4j, prevalent ransomware, APT tools, ATR malware data, targeted clients, customer sectors, and MITRE ATT&CK techniques.

McAfee Enterprise and FireEye emerge as Trellix

McAfee Enterprise and FireEye emerge as Trellix

Two trusted leaders in cybersecurity have come together to create a resilient digital world.

Trellix CEO

Our CEO on living security

Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.

What Is Endpoint Antivirus?

Endpoint Antivirus is a type of software designed to help detect, prevent and eliminate malware on devices. This traditionally included viruses, but some endpoint antivirus software will also detect worms, bots, trojans and more.

Endpoint antivirus solutions are installed on endpoint devices both inside and outside an organization’s firewall—these typically include desktop and laptop computers and network servers but can also include things like mobile phones. Endpoint Antivirus software is available from a variety of vendors, with versions designed for personal use, small businesses, and large enterprises.

Traditional endpoint antivirus solutions feature large databases of virus signatures and definitions. They find malware by scanning files and directories and looking for patterns that match the virus signatures and definitions on file. These systems can only recognize known threats. Endpoint antivirus vendors, then, must constantly be on the lookout for new malware, so that they can add it to the databases.  Since new malware is being developed all the time, with endpoint antivirus, if you don’t constantly update the software, it will be unable to detect the latest malware, leaving you open to an attack.

In some cases, if malware is found on an endpoint, the software can automatically block, quarantine or remove it. Otherwise, it will issue an alert notifying the user that malware has been found and prompts them to take action to resolve the threat. Notifications also appear to remind users to update their directories, if it has been awhile and they have become out of date.

Next-generation endpoint security featuring AI and machine learning helps organizations keep pace with the increasing number and sophistication of threats. Organizations and security staff overwhelmed by the time and skill level needed to effectively utilize more products, more management tools, and more manual workflows with less available talent can benefit from the automation functions provided by next-generation endpoint security. 

Key features of endpoint antivirus solutions


Most endpoint antivirus solutions include the following capabilities:

  1. The ability to run scans both at scheduled intervals and manually
  2. Internet safety features, including warning you when you’re about to visit a site that appears malicious and blocking automatic and malicious downloads
  3. Updates automatically to ensure that the endpoint is protected against the newest threats
  4. The ability to identify the type of malware attacking the endpoint.

The evolution of endpoint security solutions


As threats have evolved from viruses and worms to more sophisticated forms of threat, the solutions responsible for safeguarding against these threats has evolved too. Traditional endpoint antivirus solutions, with their signature-based approach, are not capable of detecting fileless and signatureless threats, which make up an increasing percentage of malware attacks. They also aren’t capable of protecting against any form of internal attack, such as data exfiltration. Most importantly, they’re difficult to administer in today’s world of BYOD and remote work.

To combat against the vastly expanded attack surface, a new type of endpoint protection has evolved. Often referred to as an endpoint protection platform, this solution includes all of the capabilities found in legacy endpoint antivirus, along with additional capabilities designed to safeguard the modern enterprise.

What’s the difference between Endpoint Security and Antivirus Security?


While both of these solutions were designed to safeguard your enterprise and its data, they are not interchangeable. Rather, endpoint antivirus can be thought of both as the predecessor to Endpoint Security, and also as a component of it. Here are some of the key differences:

Individual vs. Enterprise-wide visibility and control

Traditional endpoint antivirus solutions were typically isolated—if a threat was detected, only the user would be notified. Worse, if the issue proved too complex for the user to resolve, the endpoint would need to be investigated in person by a security professional. However, endpoint protection solutions offer a centralized portal, allowing IT and other security professionals the ability to remotely monitor activity, investigate suspicious traffic, install and configure software, administer patches/updates and resolve issues. More importantly, administrators can apply updates and changes to multiple endpoints at once. This relieves IT staff of the responsibility to manage devices on an individual basis—an increasingly unmanageable task given the proliferation of devices in the enterprise and the increase in workforce mobility. Endpoint protection solutions also offer the advantage of integration—whereas endpoint antivirus operated as a single program, a few cybersecurity vendors offer the ability to operate their various endpoint protection offerings as a suite, as well as the ability to integrate with third-party solutions.

Internal Threat Vulnerability vs. Internal Threat Protection

Enterprises relying on legacy endpoint antivirus solutions may be able to block malware, but they have no protection against employees placing sensitive data on a USB drive and removing it from the purview of your cybersecurity team

Endpoint protection solutions offer greatly enhanced protection against nontraditional threats such as data loss. This includes technologies such as data encryption and data access controls, which prevent unauthorized employees from accessing certain categories of data.

Standardized Defense vs. Customized Protection

Endpoint antivirus solutions were largely uniform—you could choose your brand and your version (personal, small business, enterprise, etc.), but the included capabilities were primarily one-size-fits-all. But factors as diverse as increasingly stringent compliance requirements, the increased sophistication of cybercrime, and the move to the cloud have made cookie-cutter solutions largely obsolete—no two businesses have the same set of needs, vulnerabilities, and operational requirements. Endpoint protection solutions offer administrators the ability to customize cybersecurity based on these unique needs. These capabilities include the ability to prevent employees from accessing certain apps, the ability to block certain websites, and control access to sensitive data.

Virus Protection vs. Threat Protection

Endpoint antivirus software can recognize known malware, but the only threats it is capable of identifying are those included within the database of known threats. However, many threats do not feature a traditional “signature”—meaning that enterprises relying solely on these solutions are not fully protected.

However, endpoint protection solutions take a more holistic view. These solutions offer protection against threats such as data loss, phishing, fileless and signatureless malware, “drive-by” malware, and more, in addition to the capabilities included with traditional endpoint antivirus products.

Which endpoint security solution is right for my business?


If you’re wondering which solution—endpoint antivirus or endpoint security—is the best fit to safeguard your enterprise, here are some factors to consider:

  • How Many Employees Does Your Organization Need to Safeguard?
    If there are only a handful of people at your company, managing devices on an individual level may not be burdensome. Any more than that, though, and you’ll see a tremendous efficiency boost by adopting an endpoint protection solution with centralized control

  • Where Do They Work?
    If all your employees are at a central location, it may not be difficult to access problematic endpoints personally to resolve any issues. But unless your cybersecurity team wants to start making house calls, enterprises that grant employees mobile and remote work capabilities would be much better served by an endpoint protection platform that allows them to access the affected devices from anywhere.

  • Are People Coming in and out?
    In the era of BYOD, IT staff need the ability to monitor endpoints remotely If there are new devices coming onto and going off your network, you’ll have no way to control them without the benefit of an endpoint security solution.

  • Do Your Business Handle High-Value Intellectual Property or Sensitive Data?
    Endpoint antivirus software only safeguards your data against viruses—it does not safeguard the data itself. Unless your business still relies on couriers and filing cabinets, an endpoint antivirus-based security approach will leave your enterprise open to data loss. In the case of sensitive data or third-party data, a breach like this could result in reputational damage. Moreover in the vast majority of cases, relying exclusively on endpoint antivirus software for your cybersecurity needs will not satisfy compliance requirements—resulting in failed audits at best, and massive fines resulting from a preventable breach at worst.