What are endpoints?
To protect endpoints, it's critical to understand exactly what they are. Here, we'll define what an endpoint is according to Zero Trust, and then introduce the concept of an attack surface based on that definition.
What is an endpoint?
Endpoints are devices that connect to and exchange information through a computer network, such as computers, mobile devices, and servers. Other devices such as Internet of Things (IoT) devices like cameras, smart thermostats, and speakers are also considered as endpoints.
On the flip side, devices that a network runs on, such as firewalls, load balancers, and routers are not endpoints. They are consumer premise equipment (CPE).
Endpoints can be owned by an organization or a user and can be fully managed by an organization's IT team (think work laptops) or partially managed. For example, you can own a personal device that you use to access work emails. While the device isn't owned by your organization, the IT department can manage the email client.
In short, endpoints vary widely in type, ownership, and management.
What is an attack surface?
Cybercriminals look for entry points to carry out an attack. The collection of possible entry points is what is defined as attack surface. This term is used interchangeably with attack vectors. Because endpoints can pretty much be anything that connects to the computer network - an endpoint is a typical attack surface.
Let's look at how the use of endpoints can result in a pervasive and encompassing attack surface:
As we can see, the typical employee at an organization might use several devices to carry out their daily work, from home, all the way to their office. This creates a large attack surface, which cybercriminals can take advantage of. As devices become more integrated in our lives, attack surfaces will continue to get larger. Because of this, it's very important to protect endpoints to keep organizations safe.