Edge Security – Endpoint Security, what’s the difference?

Article Summary

Edge Security is hardware or software to protect your internal network from the Internet.  Endpoint Security is anti-malware software on a device such as a computer, phone, tablet or similar device.

Both types of security are important for the small business.  Endpoint security has evolved beyond simple virus signature scanning to include such things as program behavior analysis and prevention of software installation.  With the move toward remote work, Endpoint Security has become increasingly more important in recent times.


Back before the pandemic, a typical small business had a single location and a simple network.  A typical network looked something like what is shown in figure 1.

A Small Business Network

Figure 1

Edge Security refers to the firewall in Figure 1.  Its job was to protect the internal network from attacks originating outside of the internal network.  Many small businesses use the built-in firewall in most Internet provider’s (ISP) modem.  This is one option that I have never been fond of.  To me, letting your ISP handle who can access your internal network is like letting the locksmith that put the lock in the front door of the house be the only person that can give people keys to that lock.  Most times, the firewall in the modem/router works just fine.  But I have seen occasions were specific configurations were lost because the ISP did a global update or the physical hardware was replaced.

Firewalls can be either specific physical devices or software that runs on multiple physical platforms.  In the old days, firewalls just blocked outside traffic from entering the internal network unless it came through a specific path called a port.  Inbound traffic coming in a specific port would be directed to a specific device on the internal network – like web page requests being sent to a web server.  Current firewalls now watch traffic both inbound and outbound.  They still block traffic unless the traffic comes in specific ports, but they also look at the outbound traffic.  They can block inbound traffic if they detect known malware.  They look at outbound traffic to determine if the destination is a non-desirable location such as a known malware command site or even just a site that management decides is undesirable such as a shopping site.  Some firewalls will actually look at traffic patterns and send notifications if they see activity that is believed to be an indication of a malware infection.

Most firewalls keep detailed logs of the activity traveling in and out of the organization.  Some firewalls actually create reports on a periodic basis that will show things like how many and what types of attacks were blocked, what were the most accessed Internet sites – possibly by time frame and end-user, user Internet usage and other statistical information.

Endpoint Security refers to securing the individual devices in a network.  For the network shown in Figure 1, all of the workstations and the servers would be considered end-points.  The other devices, such as the printer, switch and wireless access point are not typically considered as end-points because of the limited functionality of the devices.  You probably have been doing end-point security for years, only knowing it as anti-virus software.

But Endpoint Security has evolved beyond the old signature scanning that has been around for years.  Advanced Endpoint Security now includes not only virus signature scanning, but behavior analysis, network traffic analysis and some software actually prevents the installation of new programs and the running of lists of commands called scripts.

Now since the pandemic, many more people are working remotely.  That has changed the focus of malware protection from Edge Security to Endpoint Security.  The reason for this change of focus is that in the typical non-office environment, there is no Edge Security other than the local ISP’s protection.  Additionally, non-business members of the family could use the “business” device and access sites that are not that trustworthy.   That is not to say the Edge Security should be ignored, but End-point security has to be more the focus than it has in the past.

A true small business security plan should include the best edge security that can be afforded, but should also address security for the endpoint devices beyond just the normal virus protection.  A proper security plan for endpoint devices – workstations, laptops, tablets, phone – would not just be made up of normal virus protection, but in addition, advanced malware protection and a plan to keep the device patch level up to date.

Subscribe to our newsletter.

Never miss a new article by joining our mailing list!