← All topics
Cyber-insurance readiness

Endpoint Security

Endpoint protection and how actively it is monitored.

Why it matters

Modern intrusions move in minutes — only actively-monitored EDR/MDR catches them in time.

What strong practice looks like

Endpoint protection (EDR/MDR) and how actively it is monitored.

What this area covers

Which endpoint protection is deployed?

An endpoint is any device your team works on — laptops, desktops, phones, servers. Endpoint security is the protection running on those devices to catch threats. The common types, from oldest to most capable:

  • Antivirus (AV): the traditional kind — scans for known viruses by matching them to a list of known-bad files.
  • NGAV (next-generation antivirus): also watches for suspicious behavior, not just known viruses, so it can catch brand-new threats the list-based approach misses.
  • EDR (endpoint detection & response): goes further — records what happens on the device so threats can be investigated and shut down, not just blocked.
  • MDR / XDR: the same protection delivered as a managed service (MDR) or extended across more of your systems (XDR).

Not sure which you have? Check with whoever manages your computers (your IT person or provider), or look at the security software installed on a company laptop — the product name usually tells you (examples: CrowdStrike, SentinelOne, Microsoft Defender, Sophos). You only need to know which type is in place.

How is it managed?

How it’s managed means: is someone actually watching and maintaining this protection, or is it just installed and forgotten? Options range from unmanaged (installed, nobody monitoring), to self-managed (your team keeps it updated and watches alerts), to managed by a provider (an outside company monitors it for you, sometimes around the clock).

Carriers ask because protection nobody monitors often misses or ignores alerts — a tool is only as good as the person responding to it. Who watches it matters as much as whether it’s installed.

Also covered in this area

  • Endpoint product / vendor (if any)

This library is general education, not advice about your specific organization. It describes what each control is and what strong practice looks like; whether and how any of it applies to you is your decision, in consultation with your carrier, broker, or counsel.