Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
A networked end-user computer—desktop or laptop—that serves one user and forms a major endpoint attack surface secured by EDR, patching, and hardening.
Workstation Definition: A networked end-user computer—desktop or laptop—that serves one user and forms a major endpoint attack surface secured by EDR, patching, and hardening.
A workstation is a networked computer that serves a single user—typically a desktop or laptop used to perform daily work tasks. As an endpoint, it processes sensitive data, interacts directly with users, and connects to networks and services, making it one of the most significant attack surfaces in any organization.
Workstations run a standard operating system, productivity and business applications, and local data, and they authenticate to enterprise resources. They are managed through a combination of standardized secure images, configuration management, endpoint protection agents, and centralized policy such as Active Directory Group Policy. Their behavior, patch level, and security posture are commonly governed by baselines like CIS Benchmarks and controls in NIST SP 800-53, supported by tooling for patching, application control, and monitoring.
Workstation security is central to overall security posture because users and their devices are the most frequent targets of phishing, malware, and credential theft. A single compromised workstation can give an attacker an interactive foothold, harvested credentials, and a launch point for lateral movement deeper into the network. Defenses include endpoint detection and response (EDR), antimalware, host firewalls, full-disk encryption, least-privilege local accounts, application allowlisting, automated patch management, and ongoing user security awareness training.
For example, a law firm builds every workstation from a hardened standard image: full-disk encryption protects data if a laptop is stolen, users run as standard accounts without local admin rights, application allowlisting blocks unsigned executables, EDR watches for suspicious behavior, and patches deploy automatically. When an attorney is targeted by a phishing email and opens a malicious attachment, the allowlisting and EDR controls stop the payload from executing and alert the security team, containing what could otherwise have become a network-wide breach.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →