Endpoint Security

Firewall | Patches | Signatures | Heuristics

What is Endpoint Security?

The innermost protective circle of our Layered Security concept protects the heart of every corporate network: the clients on which employees work with sensitive data on a daily basis, where they enter access data and open attachments from e-mails. Endpoint Security includes all the technologies that protect these clients directly from threats and exploiting vulnerabilities. This includes proactive protection against malware, including an effective client firewall and efficient patch management to prevent vulnerabilities in installed programs from becoming an attacker's gateway.

Reliable detection of known malware

Most attacks on corporate networks are carried out with known malware that attempts to penetrate the outer defence layers every second. Classical detection of malware using signatures is closely linked to behavior-based detection and plays a key role in the Layered Security concept for early detection of threats. This is not only why it is indispensable in modern security solutions. In addition to the virus scanner on the clients, the protection technologies also rely on signatures that work at the network borders in the Layered Security concept - for example, the e-mail filter or the URL blocker. This allows them to detect malicious files on the network before they reach the clients.

G DATA regularly delivers a new signature list via update, so that the computers in the network are protected against known malware in a timely manner. The signature of an unknown malware that has been stopped by behavior-based detection is immediately communicated to all protection technologies so that they can next time stop the malware directly at the outer layers.

Diagram of the number of new malware types

In the first quarter of 2017 alone, the G DATA experts identified 1,852,945 new types of malware.

(Source: G DATA)

What are signatures?

All files or programs have a unique "fingerprint": the so-called signature. If a file or program is classified as malicious, it will be listed on a black list. During a virus scan, the signatures of files are compared with this list - this happens very quickly and is done regularly in the background. If the anti-virus software finds a file signature on the blacklist, it will be detected as malicious and quarantined.

Next Generation Proactive Technologies

If malware was intercepted by its signature on the outer defense rings, it could not cause any damage yet. Only when the code contained in the code is actually executed and gets computing time in the processor can it unfold its potential. Once a malware has overcome all levels and is activated on the client, it encounters behavior-based detection. This is the last line of defense. Only when it's taken is the attacker at the target.

G DATA business solutions have numerous next-generation technologies such as

  • heuristic algorithms
  • Exploit Protection
  • BankGuard
  • Keylogger Protection
  • Behavior Blocking

They are able to identify and stop unknown malware by its behavior before damage occurs. The software is then added to the signature list of malicious programs so that the outer defense rings can intervene at an early stage during the next attack.

Infographic on G DATA's next-generation technologies

We're changing the rules of the game:
Artificial intelligence against cybercrime

By means of our brand new DeepRay® technology, we're changing the rules in the fight against cybercrime: Thanks to artificial intelligence and machine learning, DeepRay® immediately unmasks camouflaged malware. This innovative analysis method significantly improves your protection against cyber attacks.

Ransomware: A new challenge for companies

Extortion Trojans are currently keeping the corporate world particularly busy. Once a computer is connected to it, the so-called Ransomware encrypts the local files - usually also those on other clients and servers in the network. The attackers then demand a ransom for decrypting the data. Prominent variants such as Petya, WannaCry or Locky could thus cause damage amounting to millions.

Our new Anti-Ransomware module protects against these perfidious attacks: It detects when a program wants to encrypt many files in a short time and stops the process early.

Infographic on the infection path of the “Patya” ransomware
Infographic opens on click


In addition to malware detection methods, our firewall checks client communication with the corporate network and the Internet. This means that no malware can reach the computers in your network via these connections, no one can gain access to your data, and no malware can establish a connection to the Internet.

In times of "Bring Your Own Device" (BYOD) and consumerization, the client firewall is more important than ever: When employees use your company's devices in another network - for example, an unsecured WLAN in a café - our firewall ensures outside the company that attackers do not gain unnoticed access to the device.

Image of a firewall
Patch Management in action


For many vulnerabilities in software, there are already updates that fill these gaps. The problem: These patches often don't reach the clients fast enough. After the infection with the extortion Trojan horse "WannaCry", the disaster for hundreds of thousands of IT managers - see info box. But how do you keep track of the software and patches used in your company? The solution: G DATA's centralized Patch Management. Reduce the size of your clients' attack area and prevent many cyber attacks that exploit known vulnerabilities.

G DATA Patch Management

  • Pre-tested updates from the world's largest patch directory
  • Inventory of installed software on the clients
  • Implementation in test environments
  • Rollback orders as required
  • Reports

The "WannaCry" case

The blackmailer Trojan "WannaCry" spread all over the world on May 12, 2017 and attacked corporate networks. In Germany, operations in numerous hospitals were at a standstill, and the Deutsche Bahn scoreboards only showed the message of blackmailers instead of the current departure times. Production and workflows in global companies such as the French car manufacturer Renault were massively affected by the attack.

The Trojan horse could spread so rapidly due to a known vulnerability in the Windows operating system alone. This gap was already closed two months before the outbreak. The infection could have been avoided if the patch released by Microsoft had been installed on the affected systems in time.


infected systems

(Source: heise.de)

countries concerned

(Source: heise.de)

Which G DATA solutions contain the features?


Client Security BusinessCSB

Endpoint Protection BusinessEPB

Managed Endpoint SecurityMES
Endpoint Security
Virus monitor with CloseGap hybrid technology
Behaviour monitoring of files
Protection against security vulnerabilities in installed software
Online banking and browser protection
Protection against malware and phishing when surfing
Protection against manipulated USB devices
DeepRay AI technology
Light Agent for virtual machines
Patch Management
= optional modules
Request an offer nowRequest an offer nowRequest an offer nowRequest an offer now
Managed Endpoint Security

Managed Endpoint Security

Outsource your IT security and benefit from all the advantages of our Endpoint Protection Business: Your G DATA partner will take care of all the tasks for you - from rolling out the software on your endpoints to configuring the firewall and adopting your Active Directory policies.

  • Deployment and maintenance by G DATA experts
  • Fast response to problems
  • Compliance with your company guidelines
  • Easy integration into your infrastructure
  • Remote maintenance without downtime

Focus on your core business, cost-efficiently and without disrupting your day-to-day business due to administrative downtime.

IT security from the cloud

Your G DATA partner can now also set up virtualized management servers for you via the cloud platform Microsoft Azure.

Microsoft Azure cloud platform
Schutz für Ihre virtuelle Infrastruktur

Virtual infrastructure protection

The virtual machines in your network are also protected by our award-winning G DATA Endpoint Security. Lightweight agents on the individual VMs outsource the malware scan to dedicated scan servers and thus preserve your resources.