Attackers are increasingly using generative AI combined with social engineering to breach endpoints and steal admin identities, bypassing network security measures. It is crucial to prioritize endpoint protection with the help of AI and machine learning (ML) to identify vulnerabilities, update patches, and enhance detection and response capabilities. Forrester’s Endpoint Security Wave for Q4, 2023 evaluates the offerings, strategies, and market presence of thirteen endpoint providers, including Bitdefender, BlackBerry, Cisco, CrowdStrike, and Microsoft. According to Forrester, endpoint security solutions now go beyond malware prevention, incorporating behavioral analysis, prevention, vulnerability and patch remediation, and advanced threat prevention.
AI and ML are essential in providing endpoint security solutions with the necessary advancements. Each provider in Forrester’s Wave is focusing on integrating AI and ML technologies into their platforms, aiming to drive more sales through consolidation. These technologies will enable behavioral analytics, real-time authentication, improved tools for closing identity-endpoint gaps, and AI-based indicators of attack (IOAs) and indicators of compromise (IOCs). IOAs play a crucial role in detecting attackers’ intent and goals, while IOCs provide the necessary evidence of a breach. Automating and delivering accurate, real-time data on attack attempts is vital to understanding the intent of the attackers and preventing intrusion.
Consolidation and Extending Protection
CrowdStrike is the first provider to deliver AI-based IOAs, but ThreatConnect, Deep Instinct, and Orca Security also leverage AI and ML to streamline IOCs. Microsoft processes a staggering 24 trillion signals daily, showcasing the effectiveness of AI in processing vast amounts of data. Endpoint security providers face increasing pressure to consolidate platforms, offer more functionalities at lower prices, and improve visibility and control. Extended detection and response (XDR) solutions show promise in meeting these requirements. They provide a consolidated approach to security operations, encompassing endpoint detection and response (EDR) and better incident investigation capabilities.
A Strong Endpoint Protection Platform
Paddy Harrington, a senior analyst at Forrester, highlights three dominant trends driving the endpoint security market. First, security analysts need more effective tools for preventing attacks, reducing the endless cycle of responding to and recovering from incidents. Endpoint security solutions play a vital role in making prevention more efficient, allowing analysts to allocate time for investigation and recovery. Second, the year 2023 marked a period of consolidation, prompted by rising interest rates and inflation. CrowdStrike and Palo Alto Networks were early adopters of consolidation strategies to drive growth. Lastly, including vulnerability and patch remediation in endpoint security solutions reduces the number of tools required, achieving consolidation and cost-reduction goals.
EDR platforms that support data independence and portability are critical for the long-term success of endpoint strategies. Migrating from EDR to XDR platforms should not require reconfiguring endpoints, ensuring a seamless transition. Better incident correlation, shorter mean time to resolution, and broader coverage across different attack vectors simplify incident management. CrowdStrike, Trend Micro, Bitdefender, and Microsoft emerged as leaders in Forrester’s Wave evaluation, each with their strengths and weaknesses.
“CrowdStrike is a good fit for customers who are interested in evolving to EDR or XDR, based off of a full set of prevention functions using a single endpoint agent.”
Trend Micro is commended for its reputation as an endpoint security solution that consistently performs. Their transition from on-premises to cloud-native solutions supports features across both environments. Additionally, Trend Micro invests significantly in R&D, particularly for their XDR platform. Bitdefender sets itself apart with its expertise in prevention engines and a comprehensive range of functions, including mobile threat defense, integrated patching, and vulnerability management. Microsoft’s roadmap for endpoint security includes expanding Defender functionality to operational tech (OT) and IoT devices, while also building a robust partner community.