Why AI and behavioral analytics are stealth strengths of Gartner’s MQ on endpoints

Key Takeaways:

– AI and behavioral analytics are key elements of leading endpoint providers’ strategies, including Cisco, CrowdStrike, ESET, Fortinet, Microsoft, and Palo Alto Networks.
– Endpoint providers have invested in AI and behavioral analytics to address the data problem in cybersecurity and drive consolidation strategies.
– The demand for consolidation and cost reduction in cybersecurity tech stacks is a reality for endpoint providers.
– Gartner’s magic quadrant for endpoint protection platforms highlights the increasing importance of capabilities like email security, identity threat detection, and extended detection and response (XDR).
– The top endpoint providers excel at AI and behavioral analytics, which contributes to their ranking as leaders in the market.
– All sixteen endpoint providers mentioned in the magic quadrant have either announced or are shipping AI-based cybersecurity solutions.
– The AI arms race is accelerating, with endpoint providers incorporating advanced AI and behavioral analytics into their roadmaps.
– Indicators of attack (IOA) and indicators of compromise (IOC) are high priorities for endpoint providers, with a focus on automating IOAs for better threat detection and prevention.
– CrowdStrike is a leader in IOAs, using AI to detect emerging threats and predict adversarial patterns.
– AI-based behavioral analytics provides real-time data on potentially malicious activity and is integrated into EDR and XDR platforms.
– Endpoint providers aim to achieve real-time evaluation of behavioral activities, detect threats, and aid in post-incident investigation.
– Leading endpoint providers that integrate behavioral analytics into their platforms include Broadcom, CrowdStrike, CyberArk, Cybereason, Ivanti, SentinelOne, Microsoft, McAfee, Sophos, and VMWare Carbon Black.

VentureBeat:

They are the silent strengths that endpoint providers rely on to sharpen their arsenals and keep them ready for the next onslaught of cyberattacks. AI and behavioral analytics are core to the DNA of the leading endpoint providers, including Cisco, CrowdStrike, ESET, Fortinet, Microsoft​​ and Palo Alto Networks

Each of these endpoint providers sees cybersecurity as a data problem first and has invested in AI and behavioral analytics for years. That decision proved prescient because being strong at AI and behavioral analytics gave each the ability to drive a fast consolidation strategy on behalf of their customers. 

CISO’s demands to consolidate their cybersecurity tech stacks and reduce spending while increasing visibility is the reality every endpoint provider deals with in sales cycles today. In late 2023 and going into 2024, cybersecurity budgets were getting cut, forcing IT and cybersecurity leaders to re-evaluate every line item on their budgets. Endpoint providers were seeing signs of consolidation back in 2022. CrowdStrike’s selling consolidation as a growth strategy set that strategy in motion across the endpoint platform market, with Palo Alto Networks and others following. 

Gartner writes in this year’s magic quadrant (MQ) for endpoint protection platforms, “the endpoint protection platform (EPP) market is no longer limited by vendors only offering EPP and endpoint detection and response (EDR) capabilities, and buyers are increasingly looking for fewer vendors to deliver a wider array of capabilities.” The report continues, “email security, identity threat detection and response and extended detection and response (XDR) are increasingly part of the purchasing decision.”

VB Event

The AI Impact Tour – NYC

We’ll be in New York on February 29 in partnership with Microsoft to discuss how to balance risks and rewards of AI applications. Request an invite to the exclusive event below.

 


Request an invite

Leaders make a point of excelling at AI and behavioral analytics

The AI and behavioral analytics lessons learned by the top endpoint providers give them the scale they need to excel on key metrics, including those Gartner uses to rank vendors. Gartner’s MQ for EPP, published late last month, categorizes six endpoint platform providers as leaders. These include CrowdStrike, Microsoft, SentinelOne, TrendMicro, Palo Alto Networks and Sophos. 

Gartner’s methodology vetted each, and their analysis reflects how well each of these company’s formidable R&D, engineering, product management, professional services and senior management teams are performing in a tough market. Another factor each of these companies share is an intensity to excel at AI and behavioral analytics. While Gartner didn’t include AI and behavioral analytics in this year’s MQ, each leader has a proven track record of integrating these new technologies into their platforms, driving new sales growth and increasing upsells to existing customers. 

Source:Gartner, Magic Quadrant for Endpoint Protection Platforms, 31 December 2023, Evgeny Mirolyubov, Max Taggett, Franz Hinner, Nikul Patel

Every one of the sixteen endpoint providers mentioned in the MQ has either announced or is currently shipping AI-based cybersecurity. These include Bitdefender, Broadcom​​, Broadcom (VMware)​​, Check Point Software Technologies​​, Cisco​​, CrowdStrike​​, Cybereason​​, ESET​​, Fortinet​​, Microsoft​​, Palo Alto Networks, SentinelOne​​, Sophos​​, Trellix​​, Trend Micro and WithSecure.​

A quickening pace in the AI arms race

Every endpoint provider on this year’s MQ has advanced AI and behavioral analytics on their roadmaps, including generative AI. Gartner mentioned that many vendors they track are also trialing or announcing generative-AI-guided investigation capabilities in 2024. 

At RSAC 2023  last year, ChatGPT-based co-pilots dominated the event.  Google Security AI Workbench, Microsoft Security Co-pilot (launched before the show), Recorded Future, Security Scorecard, and SentinelOne were among the many vendors launching ChatGPT solutions. Since then, there have been many more launched, with the most noteworthy ones being BigID’s CoPilot, CrowdStrike’s Charlotte AI, Fortinet Advisor, and ConductorOne’s Co-pilot for identity governance.     

VentureBeat has learned through a series of briefings with endpoint providers that their roadmaps include a series of new AI apps and tools, in addition to new behavioral analytics apps and suites due out later this year. Common design goals include finding new ways to close the widening identity–endpoint gaps that attackers look to capitalize on. The combination of endpoint sprawl and increasing numbers of identities assigned to endpoints create gaps that attackers continue to look for ways to exploit.   

Indicators of attack (IOA) and indicators of compromise are also a high priority across roadmaps for this year. An IOA focuses on detecting an attacker’s intent and trying to identify their goals, regardless of the malware or exploit used in an attack. Conversely, an indicator of compromise (IOC) provides the forensics needed as evidence of a breach occurring on a network. IOAs must be automated to deliver accurate, real-time data on attack attempts to understand attackers’ intent better and kill any intrusion attempt. 

CrowdStrike, Cyberreason, DarkTrace, Deep Instinct, Fortinet,  ThreatConnect and Orca Security are leaders in using AI and ML to streamline IOCs. “CrowdStrike leads the way in stopping the most sophisticated attacks with our industry-leading indicators of attack capability, which revolutionized how security teams prevent threats based on adversary behavior, not easily changed indicators,” said Amol Kulkarni, who at the time of the interview was the chief product and engineering officer at CrowdStrike. VentureBeat found out after publishing this story that Kulkarni has departed and longtime CrowdStrike employee Elia Zaitsev has taken over the role.

“CrowdStrike revolutionized threat detection with the Falcon Platform in 2013, using indicators of attack (IoAs) and AI for behavioral analysis. This approach detects emerging threats and predicts adversarial patterns. In 2022, we introduced AI-powered IOAs, enhancing detection speed and reducing false positives,” Zaitsev, CTO of CrowdStrike, said in an interview on Jan. 31.

One notable achievement of CrowdStrike’s AI-powered IOAs is their identification of more than 20 adversary patterns that had never been seen before. These patterns were discovered during testing and implemented into the Falcon platform for automated detection and prevention. 

More behavioral analytics support is on the way

By definition, AI-based behavioral analytics provides real-time data on potentially malicious activity by identifying and acting on anomalies. Getting behavioral analytics right starts with behavioral machine learning models. While each endpoint provider takes a different approach, all aim to have their models trained on the terabytes of high-resolution behavioral and contextual data, enabling their data scientists to fine-tune models for threat detection and prevention. 

The goal is to achieve a real-time evaluation of behavioral activities and, identify subtle patterns of behavior, detect threats, and aid in post-incident investigation. It’s common to find behavioral analytics integrated into EDR and XDR platforms. 

Endpoint providers tell VentureBeat the goal of an EDR and XDR when it comes to behavioral analytics is to record and store endpoint-system-level behaviors and then use data analytics techniques to identify anomalies in endpoint behavior. Taking those steps provides real-time visibility into all activities happening on the endpoints. Leading providers include Broadcom, CrowdStrike, CyberArk, Cybereason, Ivanti, SentinelOne, Microsoft, McAfee, Sophos and VMWare Carbon Black.

Note: VentureBeat found out after publishing this story that Amol Kulkarni has departed and longtime CrowdStrike employee Elia Zaitsev has taken over the role of CTO. The story has been updated to reflect this.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.

Source link

AI Eclipse TLDR:

Endpoint providers such as Cisco, CrowdStrike, ESET, Fortinet, Microsoft, and Palo Alto Networks rely on AI and behavioral analytics to enhance their cybersecurity capabilities. These leading providers have recognized that cybersecurity is primarily a data problem and have invested in AI and behavioral analytics for years. This strategic decision has allowed them to drive a consolidation strategy, meeting the demands of CISOs to consolidate cybersecurity tech stacks while increasing visibility. In late 2023 and going into 2024, cybersecurity budgets were being reduced, prompting IT and cybersecurity leaders to re-evaluate their budgets. Endpoint providers had already observed signs of consolidation in 2022, with CrowdStrike leading the way. Gartner’s magic quadrant for endpoint protection platforms recognizes these leaders and emphasizes the importance of email security, identity threat detection and response, and extended detection and response (XDR). Every endpoint provider mentioned in the report has either announced or is currently shipping AI-based cybersecurity solutions. Moreover, there is a growing focus on AI and behavioral analytics in the industry, with endpoint providers incorporating generative AI and trialing or announcing generative-AI-guided investigation capabilities. These providers are also developing new AI and behavioral analytics applications and tools to address the widening identity-endpoint gaps that attackers exploit. Additionally, indicators of attack (IOA) and indicators of compromise (IOC) are high priorities across the roadmaps of endpoint providers, with AI and machine learning being used to streamline IOCs. Overall, AI and behavioral analytics play a crucial role in enhancing the capabilities of endpoint providers and meeting the evolving needs of cybersecurity.