June 17, 2024
Why AI and behavioral analytics are stealth strengths of Gartner's MQ on endpoints

They are the silent strengths that endpoint providers rely on to sharpen their arsenals and keep them ready for the next onslaught of cyberattacks. AI and behavioral analytics are core to the DNA of the leading endpoint providers, including Cisco, CrowdStrike, ESET, Fortinet, Microsoft​​ and Palo Alto Networks

Each of these endpoint providers sees cybersecurity as a data problem first and has invested in AI and behavioral analytics for years. That decision proved prescient because being strong at AI and behavioral analytics gave each the ability to drive a fast consolidation strategy on behalf of their customers. 

CISO’s demands to consolidate their cybersecurity tech stacks and reduce spending while increasing visibility is the reality every endpoint provider deals with in sales cycles today. In late 2023 and going into 2024, cybersecurity budgets were getting cut, forcing IT and cybersecurity leaders to re-evaluate every line item on their budgets. Endpoint providers were seeing signs of consolidation back in 2022. CrowdStrike’s selling consolidation as a growth strategy set that strategy in motion across the endpoint platform market, with Palo Alto Networks and others following. 

Gartner writes in this year’s magic quadrant (MQ) for endpoint protection platforms, “the endpoint protection platform (EPP) market is no longer limited by vendors only offering EPP and endpoint detection and response (EDR) capabilities, and buyers are increasingly looking for fewer vendors to deliver a wider array of capabilities.” The report continues, “email security, identity threat detection and response and extended detection and response (XDR) are increasingly part of the purchasing decision.”

Leaders make a point of excelling at AI and behavioral analytics

The AI and behavioral analytics lessons learned by the top endpoint providers give them the scale they need to excel on key metrics, including those Gartner uses to rank vendors. Gartner’s MQ for EPP, published late last month, categorizes six endpoint platform providers as leaders. These include CrowdStrike, Microsoft, SentinelOne, TrendMicro, Palo Alto Networks and Sophos. 

Gartner’s methodology vetted each, and their analysis reflects how well each of these company’s formidable R&D, engineering, product management, professional services and senior management teams are performing in a tough market. Another factor each of these companies share is an intensity to excel at AI and behavioral analytics. While Gartner didn’t include AI and behavioral analytics in this year’s MQ, each leader has a proven track record of integrating these new technologies into their platforms, driving new sales growth and increasing upsells to existing customers. 

Source:Gartner, Magic Quadrant for Endpoint Protection Platforms, 31 December 2023, Evgeny Mirolyubov, Max Taggett, Franz Hinner, Nikul Patel

Every one of the sixteen endpoint providers mentioned in the MQ has either announced or is currently shipping AI-based cybersecurity. These include Bitdefender, Broadcom​​, Broadcom (VMware)​​, Check Point Software Technologies​​, Cisco​​, CrowdStrike​​, Cybereason​​, ESET​​, Fortinet​​, Microsoft​​, Palo Alto Networks, SentinelOne​​, Sophos​​, Trellix​​, Trend Micro and WithSecure.​

A quickening pace in the AI arms race

Every endpoint provider on this year’s MQ has advanced AI and behavioral analytics on their roadmaps, including generative AI. Gartner mentioned that many vendors they track are also trialing or announcing generative-AI-guided investigation capabilities in 2024. 

At RSAC 2023  last year, ChatGPT-based co-pilots dominated the event.  Google Security AI Workbench, Microsoft Security Co-pilot (launched before the show), Recorded Future, Security Scorecard, and SentinelOne were among the many vendors launching ChatGPT solutions. Since then, there have been many more launched, with the most noteworthy ones being BigID’s CoPilot, CrowdStrike’s Charlotte AI, Fortinet Advisor, and ConductorOne’s Co-pilot for identity governance.     

VentureBeat has learned through a series of briefings with endpoint providers that their roadmaps include a series of new AI apps and tools, in addition to new behavioral analytics apps and suites due out later this year. Common design goals include finding new ways to close the widening identity–endpoint gaps that attackers look to capitalize on. The combination of endpoint sprawl and increasing numbers of identities assigned to endpoints create gaps that attackers continue to look for ways to exploit.   

Indicators of attack (IOA) and indicators of compromise are also a high priority across roadmaps for this year. An IOA focuses on detecting an attacker’s intent and trying to identify their goals, regardless of the malware or exploit used in an attack. Conversely, an indicator of compromise (IOC) provides the forensics needed as evidence of a breach occurring on a network. IOAs must be automated to deliver accurate, real-time data on attack attempts to understand attackers’ intent better and kill any intrusion attempt. 

CrowdStrike, Cyberreason, DarkTrace, Deep Instinct, Fortinet,  ThreatConnect and Orca Security are leaders in using AI and ML to streamline IOCs. “CrowdStrike leads the way in stopping the most sophisticated attacks with our industry-leading indicators of attack capability, which revolutionized how security teams prevent threats based on adversary behavior, not easily changed indicators,” said Amol Kulkarni, chief product and engineering officer at CrowdStrike.  

One notable achievement of CrowdStrike’s AI-powered IOAs is their identification of more than 20 adversary patterns that had never been seen before. These patterns were discovered during testing and implemented into the Falcon platform for automated detection and prevention. 

More behavioral analytics support is on the way

By definition, AI-based behavioral analytics provides real-time data on potentially malicious activity by identifying and acting on anomalies. Getting behavioral analytics right starts with behavioral machine learning models. While each endpoint provider takes a different approach, all aim to have their models trained on the terabytes of high-resolution behavioral and contextual data, enabling their data scientists to fine-tune models for threat detection and prevention. 

The goal is to achieve a real-time evaluation of behavioral activities and, identify subtle patterns of behavior, detect threats, and aid in post-incident investigation. It’s common to find behavioral analytics integrated into EDR and XDR platforms. 

Endpoint providers tell VentureBeat the goal of an EDR and XDR when it comes to behavioral analytics is to record and store endpoint-system-level behaviors and then use data analytics techniques to identify anomalies in endpoint behavior. Taking those steps provides real-time visibility into all activities happening on the endpoints. Leading providers include Broadcom, CrowdStrike, CyberArk, Cybereason, Ivanti, SentinelOne, Microsoft, McAfee, Sophos and VMWare Carbon Black.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.

Source link