Endpoint Security Tools
Endpoint security tools for protecting desktops, laptops, mobile devices, and IoT endpoints from malware and cyber threats.
Browse 396 endpoint security tools
FEATURED
USE CASES
Automated and flexible approach for deploying Windows 10 with security standards set by the DoD.
A repository containing scripts and configuration files to help administrators implement Microsoft AppLocker for application whitelisting based on NSA security guidelines.
Firejail is a Linux sandbox program that isolates untrusted applications using kernel namespaces, seccomp-bpf, and capabilities to reduce security breach risks.
Doorman is an osquery fleet manager that allows administrators to remotely manage the osquery configurations retrieved by nodes.
A cross-platform software library for interacting with iOS devices without jailbreaking.
An Android-based self-defense application against forensic imaging tools like Cellebrite UFED.
shellfirm will prompt challenges to verify risky shell commands, acting as a captcha for your terminal.
An anti-forensic kill-switch tool for USB ports to shut down the computer immediately in case of unauthorized access.
A daemon for blocking USB keystroke injection devices on Linux systems
Santa is a macOS binary and file access authorization system that monitors executions and makes allow/block decisions based on local database rules.
ProcFilter is a process filtering system for Windows with built-in YARA integration, designed for malware analysts to create YARA signatures for Windows environments.
Fleet is an open-source endpoint management platform that provides device management, vulnerability reporting, and security monitoring capabilities for IT and security teams managing large computer environments.
MIDAS (Mac Intrusion Detection Analysis System) - archived and no longer supported.
Firewall, Blackhole, and Privatizing Proxy for macOS with comprehensive security features.
ARM TrustZone provides a secure execution environment for applications on ARM processors.
DocBleach is a Content Disarm and Reconstruction software that sanitizes Office documents by removing potentially malicious dynamic content to prevent security threats.
A laser tripwire device that automatically hides windows, locks computers, or executes custom scripts when motion is detected within 120cm range.
Stronghold is the easiest way to securely configure your Mac.
Enhances Windows OS security through system modifications and settings adjustments.
YARA-Endpoint is a client-server architecture tool that can be used for endpoint protection and incident response.
AMDH is a Python3 Android security tool that automates mobile device hardening through malware detection, privacy protection, CIS benchmark compliance, and application security analysis.
An anti-forensic Linux Kernel Module kill-switch for USB ports.
OpenEDR is an open-source platform enhancing cybersecurity through real-time detection and analysis of cyber threats.
Comprehensive endpoint security solution for enterprise networks and SMBs
Endpoint Security Specializations
396 tools across 5 specializations · 70 free, 326 commercial
Endpoint Detection and Response
Endpoint Detection and Response (EDR) solutions for real-time endpoint monitoring, threat detection, incident investigation, and automated response on endpoints.
Endpoint Protection Platform
Endpoint Protection Platforms (EPP) that combine antivirus, anti-malware, firewall, and intrusion prevention for comprehensive endpoint protection.
Mobile Data Protection
Mobile data protection solutions for securing corporate data on smartphones, tablets, and mobile devices.
Articles About Endpoint Security
Tool roundups, buying guides, and strategic analysis from the CybersecTools resource library.
Endpoint Security Tools FAQ
Common questions about Endpoint Security tools, selection guides, pricing, and comparisons.
EPP (Endpoint Protection Platform) focuses on prevention, blocking known malware, exploits, and malicious files before they execute. EDR (Endpoint Detection and Response) assumes some threats will bypass prevention, providing real-time monitoring, threat detection, investigation, and response capabilities. Modern endpoint security platforms combine both EPP and EDR in a single agent.
Most modern EDR solutions include next-gen antivirus (NGAV) capabilities, making standalone antivirus redundant. EDR goes beyond signature-based detection with behavioral analysis, machine learning, and threat hunting. If your EDR vendor includes NGAV (which most do), you do not need a separate antivirus product.
CrowdStrike Falcon excels in threat intelligence and managed detection with its cloud-native architecture. SentinelOne offers strong autonomous response and rollback capabilities with competitive pricing. Microsoft Defender for Endpoint integrates deeply with the Microsoft ecosystem at lower cost for E5 customers. The right choice depends on your existing stack, budget, and whether you need managed threat hunting.
MTD protects smartphones and tablets from mobile-specific threats: malicious apps, network attacks (man-in-the-middle on public WiFi), OS vulnerabilities, and phishing via SMS/messaging. If your employees access corporate data from mobile devices, MTD is essential, as traditional endpoint security agents do not work on iOS and Android.
