By Roark Pollock

In the Age of Connected Devices, What Exactly Does an Endpoint Look Like?

It wasn’t long ago that everyone knew what you meant if you brought up an endpoint. If someone wanted to sell you an endpoint security product, you knew what devices that software was going to protect. But when I hear someone casually mention endpoints today, The Princess Bride’s Inigo Montoya comes to mind: “You keep using that word. I don’t think it means what you think it means.” Today an endpoint could be almost any type of device.

In fact, endpoints are so diverse today that people have taken to calling them “things.” According to Gartner ( at the end of 2016 there were more than 6 billion “things” connected to the internet. The consulting firm predicts that this number will grow to 21 billion by the year 2020. The business uses of these things will be both generic (e.g. connected light bulbs and HVAC systems) and industry specific (e.g. oil rig safety monitoring). For IT and security teams charged with connecting and protecting endpoints, this is only half of the new challenge, however. The embrace of virtualization technology has redefined what an endpoint is, even in environments in which these groups have traditionally operated.

The last decade has seen a massive change in the way end users access information. Physical devices continue to become more mobile with many information workers now doing most of their computing and communication on laptops and mobile phones. More importantly, everyone is becoming an information worker. Today, better instrumentation and monitoring has allowed levels of data collection and analysis that can make the insertion of information technology into almost any task profitable.

At the same time, more traditional IT assets, particularly servers, are becoming virtualized to eliminate some of the traditional limitations in having those assets tied to physical devices.

These two trends together will impact security teams in important ways. The universe of “endpoints” will consist of billions of long-lived and unsecure IoT endpoints as well as billions of virtual endpoint instances that will be scaled up and down on demand as well as migrated to different physical locations on demand.

Enterprises will have very different concerns with these two general types of endpoints. Over their life times, IoT devices will need to be protected from a host of threats some of which have yet to be dreamed up. Monitoring and protecting these devices will require sophisticated detection capabilities. On the plus side, it will be possible to maintain well-defined log data to enable forensic investigation.

Virtual endpoints, on the other hand, present their own important concerns. The ability to move their physical location makes it much more difficult to ensure correct security policies are always attached to the endpoint. The practice of re-imaging virtual endpoints can make forensic investigation difficult, as important data is typically lost when a new image is applied.

So no matter what word or words are used to describe your endpoints – endpoint, systems, client device, user device, mobile device, server, virtual machine, container, cloud workload, IoT device, etc. – it is important to understand exactly what someone means when they use the term endpoint.

Get the General Here