“The endpoint protection market is undergoing its biggest transformation in the last 20 years.”
  —  Gartner, the leading research and advisory company worldwide

In a recent report titled, “Prepare for Endpoint Protection Shifting to the Cloud” Gartner advises security and risk management leaders responsible for endpoint protection to re-evaluate their endpoint protection solutions and make plans to address the changing market landscape. As a pioneer and innovator in cloud-based endpoint protection, CrowdStrike^® believes it is uniquely positioned to meet all the market requirements Gartner lays out in this report.

Disruptive Trends

The report discusses the evolution of how endpoint protection platforms (EPPs) should be delivered, managed and adapted. The main premise of Gartner’s analysis is that organizations should plan a path to more adaptive, cloud-delivered solutions. The Gartner report calls out three disruptive trends that are at play in this transformation:

• “There has been a shift from client/server architecture to more agile, cloud-delivered solutions and services.”
• “The failure of traditional approaches to address the volume of portable executable file-based attacks, and the shift to fileless attacks, has opened up the market to new approaches.”
• “The security mindset has shifted to acknowledge that prevention alone is not enough; security and risk management leaders must be able to detect and respond.”

The Advantages of Cloud-Driven Security

Gartner points out that cloud-driven security services have significant advantages over on-premises versions that go beyond typical SaaS value propositions. Effective cloud solutions shift the administration burden from product maintenance to more productive risk-reduction activities. More critically, the value of data to defend against new attacks increases with the speed and granularity of telemetry to provide immediate global visibility. SaaS vendors can mine centralized data for new patterns and anomalies, and to build and test new machine learning capabilities.

Cloud-delivered security solutions can centralize the process intelligence and implement new detection methods and new services in a more agile way. Cloud-based detection techniques are also more difficult for attackers to test against without divulging new evasion techniques.

Greater Extensibility

Gartner outlines how cloud-native solutions are becoming more extensible, opposed to their on-premises counterparts. Cloud vendors are adding products that utilize the same agent and data as on-premises EPP solutions; for example, vulnerability detection, user and entity behavioral analytics (UEDB), and file integrity monitoring (FIM). Gartner cites the CrowdStrike Store as an example of this trend, referencing the fact that we recently launched the app store facility to allow partners to build their own apps, adding on top of the data already collected.

CrowdStrike Was Born in the Cloud

CrowdStrike has believed in the benefits of the cloud since the company’s inception, valuing  cloud-delivery and developing architecture built from the ground up to take full advantage of the cloud. Our founders realized early on that modern-day adversaries were continuously changing and improving their attack techniques in order to evade legacy security solutions. From the beginning, CrowdStrike understood that organizations needed fast and unobstructed visibility across all their endpoints to continuously detect and prevent sophisticated attacks in real time, and block persistent adversaries from compromising their environments.

Profoundly Surpasses On-Premises

Building the CrowdStrike Falcon®^® platform in the cloud — from the beginning — provided CrowdStrike with a number of distinct advantages over conventional on-premises solutions. Our cloud-native endpoint security not only ensures rapid deployment and scalability, it improves security posture by enabling real-time advanced threat protection across even the largest, distributed enterprises.

CrowdStrike has harnessed the cloud to deliver superior protection via an intelligent lightweight agent at the endpoint, working in concert with a potent and scalable cloud-based backend. As a result, organizations have the ability to get ahead of adversary activity, and stay ahead.

Graph Technology Is Key

CrowdStrike Threat Graph™, leveraging the power of the cloud, is the brains behind the Falcon endpoint protection platform. We firmly believe that security effectiveness is directly related to the quantity and quality of data you’re able to collect and your ability to analyze it. Threat Graph predicts and prevents modern threats in real time through comprehensive sets of endpoint telemetry, threat intelligence and AI-powered analytics.

Over One Trillion Events Per Week

Threat Graph now processes over one trillion security events per week. This massively scalable, cloud-based technology is custom-built on a graph database to identify previously undetectable attacks with sophisticated artificial intelligence (AI), machine learning and behavioral analytics, while also enabling CrowdStrike customers to have visibility into endpoint activity across their entire organization. This milestone further augments and expedites CrowdStrike’s ability to detect and respond to all threat types, known and unknown.

Gartner’s Advice to End Users

Gartner recommends that organizations take the following steps when evaluating EPP solutions:

• Make a critical review of purchasing policy as it relates to cloud-delivered services to ensure that supposed barriers to adoption are material and factual.
• Force all purchasing decision-makers to justify any new on-premises endpoint security solutions, and ensure that at least one “cloud first” solution has been considered.
• Favor vendors that offer a true elastic and agile cloud architecture supported by a range of service options, such as augmentation, replacement of internal effort and retainer services.
• Seek fully integrated EPP solutions with endpoint detection and response (EDR) capabilities that use the same management console and agent.
• Ensure that EPP detection capabilities include more modern behavioral approaches that are immediately adaptive to detect or block new attack techniques.
• Favor EPP/EDR vendors that can identify system and application vulnerabilities and common misconfigurations. Outline and prioritize remediation action, or invest in dedicated solutions for this capability.

Additional Resources

• Download the Gartner Report: “Prepare for Endpoint Protection Shifting to the Cloud.”
• Learn more about the Falcon endpoint protection platform by visiting the webpage.
• Test CrowdStrike next-gen AV for yourself: Start your free trial of Falcon Prevent™ today.

Necessary attribution/disclaimers:  [Prepare for Endpoint Protection Shifting to the Cloud], [Peter Firstbrook], [28 February 2019]. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.