They are the crucial strengths that endpoint providers leverage to enhance their defenses against the relentless tide of cyberattacks. AI and behavioral analytics are integral to the leading endpoint providers, including Cisco, CrowdStrike, ESET, Fortinet, Microsoft, and Palo Alto Networks.
These providers understand cybersecurity as primarily a data challenge and have invested heavily in AI and behavioral analytics for years. This foresight has enabled them to implement rapid consolidation strategies that benefit their customers.
As of late 2023 and into 2024, Chief Information Security Officers (CISOs) face pressure to consolidate cybersecurity technology stacks, cut costs, and enhance visibility—challenges that all endpoint providers are navigating. With cybersecurity budgets being trimmed, IT and cybersecurity leaders are meticulously reviewing their expenditures. Signs of consolidation began to emerge in 2022, as CrowdStrike positioned its consolidation strategy as a growth initiative, prompting similar actions from other companies like Palo Alto Networks.
According to Gartner’s latest Magic Quadrant (MQ) for endpoint protection platforms (EPP), “the EPP market is no longer confined to vendors offering only EPP and endpoint detection and response (EDR). Buyers are increasingly seeking fewer vendors with broader capabilities.” The report notes that email security, identity threat detection, and extended detection and response (XDR) are now essential factors in purchasing decisions.
Top endpoint providers emphasize excelling in AI and behavioral analytics. The insights gained from these technologies allow them to achieve superior performance across critical metrics, including those used by Gartner for vendor rankings. As of the most recent MQ, CrowdStrike, Microsoft, SentinelOne, Trend Micro, Palo Alto Networks, and Sophos are categorized as leaders, reflecting their strong research and development, engineering, and professional services.
While AI and behavioral analytics were not specifically included in this year's MQ, these leaders have established a track record of successfully integrating these technologies into their platforms, resulting in increased sales and upselling opportunities.
Every endpoint provider mentioned in the MQ has announced or is currently deploying AI-based cybersecurity solutions, including companies like Bitdefender, Broadcom, Cisco, CrowdStrike, ESET, Fortinet, Microsoft, Palo Alto Networks, SentinelOne, Sophos, Trend Micro, and others.
The AI arms race is accelerating, with this year's MQ highlighting that all listed providers are planning to incorporate advanced AI and behavioral analytics, including generative AI. Many vendors are exploring generative-AI-driven investigative capabilities for 2024. At RSAC 2023, ChatGPT-based solutions took center stage, with various companies introducing innovative AI applications.
Reports indicate that endpoint providers are actively developing new AI applications alongside behavioral analytics tools aimed at closing the growing gaps that attackers exploit due to endpoint sprawl and increasing identities linked to these endpoints.
Key focuses for 2024 include Indicators of Attack (IOA) and Indicators of Compromise (IOC). IOAs concentrate on uncovering an attacker’s intent and objectives, while IOCs provide forensic evidence of breaches. Automating IOAs is essential for delivering accurate, real-time data on attack attempts, thereby enhancing understanding of attackers’ motives and thwarting intrusion attempts.
Leaders like CrowdStrike, Cybereason, DarkTrace, Fortinet, and others are advancing the use of AI and machine learning for streamlining IOCs. "CrowdStrike leads in intercepting sophisticated attacks with our industry-leading IOA capabilities, which fundamentally transform how security teams prevent threats based on adversary behavior," stated Elia Zaitsev, CTO of CrowdStrike.
CrowdStrike's pioneering AI-powered IOAs have successfully identified over 20 unique adversary patterns that had previously gone undetected. These patterns were incorporated into the Falcon platform to enhance automated detection and prevention capabilities.
Further advancements in behavioral analytics are on the horizon. AI-driven behavioral analytics provide real-time insights into potentially malicious activities by spotting and responding to anomalies. Each endpoint provider adopts a unique approach, but all aim to harness vast amounts of behavioral and contextual data to refine their threat detection and prevention models.
The primary objective is to conduct real-time evaluations of behavior, identifying subtle behavioral patterns, detecting threats, and facilitating post-incident analyses. Behavioral analytics are commonly integrated into EDR and XDR platforms, with providers including Broadcom, CrowdStrike, CyberArk, and others leading the charge.
Note: Elia Zaitsev has recently taken over as CTO at CrowdStrike. This update reflects the latest information.