A firewall at the edge of the network is one of the core layers of corporate security, but on its own it is not enough. The firewall protects the perimeter — who enters the network, who leaves, which traffic is allowed. Yet the moment an employee opens a malicious email, plugs in an infected USB drive or connects from home over VPN, the threat is already inside the perimeter. This is where endpoint security — protecting every PC, laptop and server at the device level — comes in. In this article we explain how a firewall and endpoint protection complement each other, the difference between antivirus and modern EDR, and how this ties into ONYX managed IT.
The firewall protects the perimeter, the endpoint protects the device
It is important not to confuse the two layers. A firewall (such as Fortinet FortiGate, Palo Alto, Checkpoint or our own Onyx Firewall product) sits at the entry and exit point of the network and controls traffic. Endpoint protection runs directly on the device itself — on the Windows or server operating system.
Perimeter layer
The firewall filters incoming threats, enforces segmentation and blocks unauthorised traffic. But it can be blind to a threat that has already made it inside the perimeter.
Endpoint layer
Antivirus and EDR watch the processes happening on the device itself: file encryption, suspicious scripts, unexpected network connections. They see the threat even when it is already inside.
When the two layers work together, defence gains depth: the firewall keeps most attacks out at the edge, while the endpoint catches what slips through or starts from within.
The difference between antivirus and modern EDR
Classic antivirus recognises the signatures of known malware — it blocks threats that have already been catalogued. This is still useful, but new or modified attacks may not exist in the signature database.
EDR looks at behaviour, not just signatures
EDR (Endpoint Detection & Response) watches behaviour on the device: which process started, what was written, where it tried to connect. When it sees suspicious behaviour it raises an alert, isolates the process or disconnects the device from the network. Solutions such as Microsoft Defender for Endpoint deliver these capabilities at enterprise scale; we can also recommend EDR as a general principle without tying it to a specific brand.
- Antivirus: blocks known signatures — fast, but limited against unknown attacks.
- EDR: analyses behaviour, records the event and takes response action — stronger against unknown and targeted attacks.
Central management, policy and updates
The value of endpoint protection lies in being managed centrally. Configuring each device by hand is not realistic — policy must be applied from one place.
Central policy
For Aselsan Azerbaijan, ONYX built Active Directory, file and mail servers and a Checkpoint firewall — accounts and endpoints are managed centrally. This makes it possible to apply policy uniformly across every device.
Patching and updates
A large share of exploited vulnerabilities comes from outdated software. Regular patching of the operating system and applications is an inseparable part of endpoint defence.
Ransomware defence: a layered approach
Ransomware usually starts on a single endpoint and then spreads across the network. No single tool stops it — layered defence is needed: the firewall limits spread, EDR catches encryption behaviour early, central policy narrows permissions, and backups enable recovery. These layers work when they are built together, not when each stands alone.
How this ties into ONYX managed IT
Endpoint protection is not something you set up once and forget — it requires continuous monitoring and updating. ONYX monitors and updates the environments it builds: from firewall policy to endpoint agents, from AD accounts to patches. Configuring a Fortinet FortiGate and its security policy for a non-bank credit organisation in Baku is part of the same approach — perimeter and internal control together.
You can read more on our services and business solutions pages, as well as about our own Onyx Firewall product.
Let us protect your endpoints
To build the firewall, antivirus, EDR and central management as one whole, get in touch with us.