In order to fully understand how end point security works, we need to first understand how malware works. Malware is designed by cybercriminals, which means that they can program their malware to complete various tasks or operate in a specific way — in other words, malware can be customised by cybercriminals, making each one unique.
When malware is sent to an endpoint, it manifests in different components. Initially, the malware will consist of two components. The first is the virus itself which is encrypted, and the second component is used to extract the encrypted file. When the malware is downloaded onto an endpoint, the extraction will autorun in the background of the device, which means that the user won’t know about the malware being installed on the endpoint.
When the malware has been extracted, two more components will be revealed. A persistence mechanism is the first element, which is used to take over the operating system processes — this allows the malware to start up everytime the device is switched on. The second component is the malware itself, which can have a range of functions from stealing user data to encrypting or deleting files.
Each of these components has a recognisable signature on the endpoint. Endpoint protection is used to recognise these signatures and then delete them from the device before they can cause any further damage. Endpoint security software is programmed to catch these signatures in their early stages before the malware is installed.
