Slogans, like the marketing strategies that can launch them into the stratosphere, do work. In the case of innovations in endpoint security, perhaps too well. Claims about Next-Gen, AI and Machine Learning had considerable impact on the way endpoint security has been framed over the last two to three years; at least from marketing perspective, which has unnecessarily distracted buyers from key decisions when selecting a new endpoint security product.
Is the buzz around Next-Gen and AI still in the air?
In many ways, the half-life around the buzz that Next-Gen’s were graced with, actually did help. The interest shown ultimately did force the wider industry to demonstrate the limits of Machine Learning (ML) and make clear the difference between it and Artificial Intelligence (AI). The interest in, and success of products wearing these labels also brought an increased understanding among vendors and enterprises themselves, that true protection of endpoints requires a much more holistic approach, one which extends far beyond technical solutions built ‘for safety’s sake’, and that regardless of the solution, a diverse body of knowledge is needed to understand how to protect & ensure business continuity.
The how can be represented by widely accepted security frameworks such as Gartner’s CARTA or Forrester’s Zero Trust Architecture putting focus on continuous visibility into and verification of all assets of any business.
This shift was picked up on and intimated by some analysts online prior my visit to the first of 2018’s two Gartner Security & Risk Management Summits, the one in National Harbor, Maryland, in the US. Even before that, at the start of the new year, I’d read with great interest a blog by a Gartner analyst leading Endpoint Protection Platforms research, who’d declared that “My favourite part of the whole damn thing this year, is that we did not use the terms “Next-gen” or “NGAV” anywhere.”
Almost a year on…
So, I am now tuned-in to this theme for the UK edition of Gartner’s Security & Risk Management Summit to see where the discussion around Next-Gen, AI and machine learning turns next, especially since the topic still sits on the agenda and among the jargon displayed at many booths. While presentations now aim to deliver perspectives through a much tighter focus on what Next-Gen and Machine Learning can really deliver, with and without regular and rigorous revamping of security processes, somehow, part of the bombast survives.
After attending Gartner Research VP, Peter Firstbrook’s presentation Forget Next-Gen: Let’s Talk About Endpoint Protection, I was glad to hear that the talk about EPP has moved beyond a simple EPP vs. “Next-gen” dichotomy. This has proved to be rather redundant talk, unnecessarily shifting attention of buyers from more urgent needs in this industry, namely how respective vendors address their buyer’s concrete needs and their specific use cases. As Peter noted, any vendor in this space should be able to show how they can reduce attack surface, and what pre- and post-execution techniques they apply in order to protect their customers. Because only application of multi-layered technology & diverse techniques including the human (expertise) component, are an effective response to today’s threat landscape.
Refocusing on what’s important
Reason dictates that vendors stay engaged in continued learning on various adversary tactics’ frameworks that examine cyberattacks & techniques, or security architecture like CARTA. However, enterprises and those responsible for both selecting vendors and maintaining a critical understanding of their products, services and communication flows, would best be served to track these developments too. With so much at stake, and the rapid shifts in attack surfaces, methods, as well as targets and technology, CISOs and other decision makers have a huge burden to bear.
Furthermore, with GDPR hanging in the air, business approach must also be reexamined as the costs of implementation of endpoint security and data security have at best shifted, and most certainly risen.
Case and point, ESET as a technology driven company has also had to work to contextualize its 20 plus years of work with Machine Learning. The task for ESET was to explain how our research driven organization uses machine learning, where human expertise is applied and how the technology is actually leveraged across our enterprise suite.
In large part, the outcomes of this internal dialog closely echo 5 questions that Gartner analyst posed to potential buyers in the blogpost #NoMoreNextGen.
So, the implication to me is - “let the buyer beware”, or better yet… stay educated in order to understand how their system’s work, in which ways it expresses resiliency and the need to pursue due diligence regularly, to ensure that their endpoint security partner is keeping up with change.
Most certainly, machine learning offers new approaches and definitely brings new benefits to endpoint protection, detection & response stack. But at the same time, different AI/Machine Learning marketing claims should be taken with a pinch of salt. Testing, assessing & most importantly measuring impact of machine learning is still uncharted territory, with many vendors trying to grasp what it actually means to them.
This puts both the focus and responsibility back on vendors and the decision makers amongst their clientele to pursue an educated and responsible approach to security at all times. Curious to see how this discourse develops over the course of 2019.