AI and Behavioral Analytics: The Stealth Strengths of Gartner’s MQ on Endpoints
In today’s rapidly evolving cybersecurity landscape, AI and behavioral analytics have emerged as the silent strengths of endpoint providers. These innovative technologies are the core DNA of leading players in the industry, including Cisco, CrowdStrike, ESET, Fortinet, Microsoft, and Palo Alto Networks. Understanding the critical role of data in cybersecurity, each of these providers has invested heavily in AI and behavioral analytics for years, placing them ahead of the curve.
The decision to prioritize AI and behavioral analytics has proved prescient, granting these endpoint providers the ability to drive a fast consolidation strategy on behalf of their customers. With the growing demand from Chief Information Security Officers (CISOs) to consolidate their cybersecurity tech stacks and reduce spending while increasing visibility, AI and behavioral analytics have become indispensable tools. As early as 2022, endpoint providers began witnessing signs of consolidation, with CrowdStrike leading the charge. Subsequently, Palo Alto Networks and other major players followed suit.
Gartner, a leading research and advisory firm, acknowledges the importance of AI and behavioral analytics in the recently released Magic Quadrant (MQ) for Endpoint Protection Platforms. Rather than being limited to offering Endpoint Protection Platform (EPP) and Endpoint Detection and Response (EDR) capabilities, vendors are now being sought after to deliver a wider array of capabilities, including email security, identity threat detection and response, and extended detection and response (XDR). In this year’s MQ, Gartner categorizes six endpoint platform providers as leaders – CrowdStrike, Microsoft, SentinelOne, TrendMicro, Palo Alto Networks, and Sophos.
For these leading endpoint providers, excelling at AI and behavioral analytics is a top priority. Their expertise in these areas enables them to deliver on key metrics, which in turn helps them maintain their rankings as determined by Gartner. While this year’s MQ did not explicitly include AI and behavioral analytics, each of the leaders has a proven track record of integrating these technologies into their platforms to drive sales growth and increase upsells to existing customers.
Furthermore, all sixteen endpoint providers mentioned in the MQ have either announced or are currently shipping AI-based cybersecurity solutions. This includes industry giants such as Bitdefender, Check Point Software Technologies, Cisco, Cybereason, and many others. The AI arms race is intensifying, with generative AI and AI-guided investigation capabilities increasingly being adopted across the board.
At the RSA Conference (RSAC) 2023, AI-powered solutions dominated the event, with an array of vendors launching ChatGPT-based co-pilots. Notable mentions include Google Security AI Workbench, Microsoft Security Co-pilot, and SentinelOne. Additionally, leading endpoint providers are developing new AI applications and tools, as well as behavioral analytics apps and suites, to be released in the near future. The common goal among these providers is to close the identity-endpoint gaps that attackers exploit. These gaps result from the proliferation of endpoints and the increasing number of identities assigned to them.
To better detect and prevent attacks, endpoint providers emphasize the importance of Indicators of Attack (IOA) and Indicators of Compromise (IOC). The former focuses on identifying an attacker’s intent and goals, regardless of the specific malware or exploit used. Conversely, the latter provides the necessary forensic evidence of a breach occurring on a network. Automating IOAs enables the delivery of real-time data on attack attempts, effectively thwarting intrusion attempts.
Endpoint providers such as CrowdStrike, Cyberreason, and Fortinet are leaders in utilizing AI and machine learning (ML) to streamline IOCs. CrowdStrike, in particular, has made significant strides in this area, identifying over 20 adversary patterns that had never been seen before. These patterns were integrated into the Falcon platform for automated detection and prevention.
AI-based behavioral analytics plays a pivotal role in providing real-time data on potentially malicious activities by identifying and responding to anomalies. Training behavioral machine learning models on vast amounts of behavioral and contextual data allows endpoint providers to fine-tune their threat detection and prevention models. Behavioral analytics is commonly integrated into Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) platforms.
In conclusion, AI and behavioral analytics have become stealth strengths within Gartner’s MQ on endpoints. Endpoint providers that excel in these areas have a competitive edge, allowing them to consolidate their customers’ cybersecurity tech stacks, reduce spending, and increase visibility. With a quickening pace in the AI arms race, adopting generative AI and advanced behavioral analytics becomes imperative. This not only helps detect and prevent attacks but also closes the widening identity-endpoint gaps that attackers seek to exploit. As the cybersecurity landscape continues to evolve, AI and behavioral analytics will remain vital in the fight against cyber threats.
Source: Gartner, Magic Quadrant for Endpoint Protection Platforms, 31 December 2023, Evgeny Mirolyubov, Max Taggett, Franz Hinner, Nikul Patel
