What is an endpoint in networking?
An endpoint is any device that connects to a computer network. When Bob and Alice talk on the phone, their connection extends from one person to the other, and the “endpoints” of the connection are their respective phones. Similarly, in a network, computerized devices have “conversations” with each other, meaning they pass information back and forth. Just as Bob is one endpoint of his and Alice’s conversation, a computer connected to a network is one endpoint of an ongoing data exchange.
Desktop computers, smartphones, tablets, laptops, and Internet of Things (IoT) devices are everyday examples of endpoints.
What is not an endpoint?
Infrastructure devices on which the network runs are considered customer premise equipment (CPE) rather than endpoints. CPE includes:
- Routers
- Switches
- Network gateways
- Firewalls
- Load balancers
Going back to the example above, when Bob and Alice talk on the phone, the cell tower that transmits their conversation is not an endpoint for their data exchange — it is the medium by which the exchange occurs.
As a further example, imagine a grocery store that has several cash registers that connect to the store’s network and run point-of-sale (POS) software, a router that connects the store’s network to the Internet, an internal server that stores records of each day’s transactions, and multiple employees who connect their smartphones to the store’s WiFi. The router would be considered CPE. The rest of these devices are endpoints on the store’s network, even the personal smartphones that are not directly managed by the store.
Why do attackers target endpoints?
Attackers attempt to take over or breach endpoint devices regularly. They may have any number of goals in mind for doing so: infecting the device with malware, tracking user activity on the device, holding the device for ransom, using the device as part of a botnet, using the device as a starting point to move laterally and compromise other devices within the network, and so on.
In a business context, attackers often target endpoints because a compromised endpoint can be an entry point into an otherwise secure corporate network. An attacker may not be able to get through the corporate firewall, but an employee’s laptop could be a slightly easier target.
Endpoints are difficult to secure in business settings because IT teams have less access to them than they do to the internal networking infrastructure. Endpoint devices also vary widely in terms of make, model, operating system, installed applications, and security posture (readiness to face an attack). Security measures that successfully protect smartphones from attack may not work for servers, for example. And while one employee at a company may regularly update their laptop and avoid risky online behaviors, another might avoid software updates and download unsecure files onto their laptop. Yet the company has to find a way to protect both laptops from attack and prevent them from compromising the network.
Because of the difficulty of securing endpoints, and the importance of protecting them, endpoint security is its own category of cyber security (along with network security, cloud security, web application security, IoT security, and access control, among others). There are many types of security products specifically for endpoint protection on the market today.
What is endpoint management?
Endpoint management is the practice of monitoring endpoints that connect to a network, ensuring only authenticated endpoints have access, securing those endpoints, and managing what software is installed on endpoints (including non-security software). Endpoint management software is sometimes centralized; it can also be installed on each individual device to enforce security and authorization policies.
What about API endpoints?
“API endpoint” is a similar term with a slightly different meaning. An API endpoint is the server end of a connection between an application programming interface (API) and a client. For instance, if a website integrated a cartography API in order to provide driving directions, the website server would be the API client and the cartography API server would be the API endpoint. To learn more about this topic, see What is an API endpoint?