VentureBeat presents: AI Unleashed – An exclusive executive event for enterprise data leaders. Network and learn with industry peers. Learn More
Attackers are turning to generative AI to hunt for the easiest endpoints to breach, combining their attacks with social engineering to steal admin identities so they don’t have to hack into networks — they walk right in.
Endpoints overloaded with too many agents are just as unsecure as those that don’t have any. AI and machine learning (ML) are urgently needed in endpoint protection to identify the weakest endpoints, update their patches and harden detection and response beyond what’s available today.
With endpoints becoming the focal point of more lethal, sophisticated attacks, it’s timely that Forrester published their Endpoint Security Wave for Q4, 2023. The research firm evaluated thirteen endpoint providers’ current offerings, strategy and market presence. Bitdefender, BlackBerry, Broadcom, Cisco, CrowdStrike, ESET, Microsoft, Palo Alto Networks, SentinelOne, Sophos, Trend Micro, Trellix and VMware are included in the Wave.
Forrester notes in the report that “endpoint security vendors have evolved beyond simple malware prevention or “next-generation antivirus” to incorporate behavioral analysis and prevention, vulnerability and patch remediation and advanced threat preventions for data, identity and network, all of which have benefitted the customers using these products.”
An exclusive invite-only evening of insights and networking, designed for senior enterprise executives overseeing data stacks and strategies.
How AI and ML are boosting endpoint security
AI and ML provide a much-needed boost to endpoint security. Every provider in Forrester’s Wave is fast-tracking the technologies on their platform roadmaps to drive more sales through consolidation.
VentureBeat has learned that these roadmaps include new applications and tools that will deliver step-wise gains in behavioral analytics, real-time authentication, improved tools for closing the identity-endpoint gaps and AI-based indicators of attack (IOA) and indicators of compromise (IOAs).
IOAs are designed to detect an attacker’s intent and to identify their goals regardless of the malware or exploit used in an attack. An IOC provides the forensics needed for evidence of a breach. IOAs must be automated to deliver accurate, real-time data on attack attempts to understand attackers’ intent and kill any intrusion attempt.
Of the providers profiled by Forrester, CrowdStrike is the first to deliver AI-based IOAs. While not mentioned in the Wave, ThreatConnect, Deep Instinct and Orca Security also use AI and ML to streamline IOCs.
“AI is incredibly, incredibly effective in processing large amounts of data and classifying this data to determine what is good and what’s bad,” Vasu Jakkal, corporate VP for Microsoft Security, Compliance, Identity and Privacy, said during an insightful keynote at RSA Conference. “At Microsoft, we process 24 trillion signals every single day and that’s across identities and endpoints and devices and collaboration tools and much more.”
Trends driving the endpoint security market
Endpoint security providers are under pressure from customers to consolidate platforms while providing more functionality at a lower price and deliver step-change improvements in visibility and control.
A CISO responsible for protecting one of the nation’s largest insurance and financial services firms told VentureBeat that her teams’ first place to look for consolidation wins is endpoint security. Extended detection and response (XDR) shows the potential to deliver the consolidation CISOs have been asking for.
Forrester senior analyst Paddy Harrington writes that, “while many organizations are now looking to enhance their security operations with endpoint detection and response (EDR) or XDR solutions to allow for better threat and incident investigation, securing the endpoint starts with a strong endpoint protection platform, and that was the focus of this Forrester Wave evaluation.”
Harrington points to three dominant trends driving the endpoint security market:
A stronger focus on prevention to protect threat analysts’ time
Security analysts need more effective tools for preventing attacks to protect their time and break out of the endless cycle of responding to and recovering from attacks. Harrington points out that in previous years, the focus had been on detection and response — deprioritizing prevention — due to the belief that it was the best way to respond to incidents. He said that endpoint security solutions can help provide analysts with the opportunity to split time between investigation and recovery by making prevention more efficient.
Toolkits already play an important role in consolidation
CISOs tell VentureBeat that 2023 became the year of consolidation, coincident with rising interest rates and spiraling inflation. CrowdStrike and Palo Alto Networks were ahead of the curve, using their user events in 2022 to sell consolidation as a growth strategy. Forrester has written about today’s cybersecurity staffing challenges and the resulting consolidation security products protecting the endpoint. He points out that including vulnerability and patch remediation or secure configuration management in endpoint security reduces the number of tools needed to maintain a proper endpoint security posture, helping CISOs achieve their consolidation and cost-reduction goals.
Endpoint protection helps accelerate the transition from EDR or XDR
EDR platforms that support data independence and portability are critical for the long-term success of an endpoint strategy and the long-term success of any XDR platform. Harrington cautions that migrating from an EDR to an XDR platform should not require reconfiguring endpoints. The greater the coverage across different attack vectors, the simpler and more scalable incident correlation becomes, with the mean time to resolution shortened.
Forrester’s take on the market leaders
Wave leaders include CrowdStrike, Trend Micro, Bitdefender and Microsoft. Forrester broke down their strengths and weaknesses.
CrowdStrike is a strong fit for enterprises migrating from EDR to XDR
Forrester writes in the report that “CrowdStrike is a good fit for customers who are interested in evolving to EDR or XDR, based off of a full set of prevention functions using a single endpoint agent.” CrowdStrike is well-known as an enterprise-ready endpoint security solution, and Forrester found that the company’s inclusion of functions like secure configuration management and reporting and extensive attack remediation capabilities has made this an attractive endpoint security solution even for small and medium-sized business (SMB) customers.
CrowdStrikes’ additional module pricing could make their solution higher-priced, and customers are concerned that their recent acquisitions may not integrate with the core platforms. CrowdStrike customers praised the core endpoint security capabilities and their ability to stop attacks quickly.
Trend Micro: A Veteran in endpoint security with a strong focus on innovation and XDR
Forrester gives high marks to Trend Micro for their reputation with customers as an endpoint security solution “that just works.” Forrester found that Trend Micro’s move from the on-premises Apex One solution to the cloud-native Trend Vision One — Endpoint Security continues to support features across both environments.
Trend Micro also invests heavily in R&D, including for its XDR platform. Trend Micro customers rated the company as the best vendor to work with among all their security solution providers. Forrester found that “Trend Micro is a good fit for customers who want a consistently strong endpoint protection platform that can support evolving to XDR.”
Bitdefender: A prevention-first endpoint security tool with flexible pricing
Bitdefender’s expertise with prevention engines sets the company apart from other leaders, further strengthening their prevention-first mindset from product development to services. Forrester found that Bitdefender further differentiates itself in its expertise in mobile threat defense, integrated patching, vulnerability management and reliance on a single agent for all functions. Forrester notes that Bitdefender’s vision “is on par with most of the field on moving to XDR, but the roadmap doesn’t have the depth of others.”
Microsoft a strong fit with less experienced security staff
E3 and E5 are Microsoft licensing frameworks with which Defender for Endpoint is priced. The E5 license is designed for large organizations that require advanced security features and compliance capabilities. Forrester gives Microsoft credit for a strong roadmap for endpoint security that includes expanding Defender functionality to operational tech (OT) and IoT devices and continuing its strategy of building an extensive partner community. Microsoft’s vision for Defender is both simple for SMBs and detailed for global enterprises. Still, its licensing models are the most challenging in the industry, with advanced features requiring enterprise agreements.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.