451 Research: Expanding Machine Learning Applications on the Endpoint
The constant evolution in technology has given rise to several industry trends that, taken together, point to increased importance for endpoint security considerations. These include dissolution of traditional perimeters, increased adoption of SaaS-based applications, and stronger network encryption technologies.
Considering these and other changes, the endpoint becomes a key element of security strategy.
Endpoint security has so far been focused primarily on prevention/protection technologies.
While a prevention/protection-first approach is highly recommended and can help alleviate security teams from dealing with preventable incidents, ignoring capabilities around detection and response to security incidents can have a detrimental impact on security.
By contrast, there is significant potential upside in deploying technology that can integrate detection and response with existing protection/prevention capabilities.
Endpoint detection and response (EDR) has emerged as a key component of endpoint security strategy. Initial EDR functionality was targeted at larger organizations, but there is broader interest in deploying this tooling.
Compared to existing prevention and protection tools, customers believe there is still opportunity for improvements in EDR.
One possible avenue for improving EDR is the broader adoption of machine learning techniques. While the term is often overused in security, machine learning methods have been effectively used in numerous areas, including spam detection, data loss prevention and malware detection within endpoint security.
About the Report’s Author:
FERNANDO MONTENEGRO, SENIOR ANALYST, INFORMATION SECURITY. Fernando is a Senior Analyst on the Information Security team, based in Toronto. He has broad experience in security architecture, particularly network security for enterprise environments. He currently focuses on covering vendors and industry events in the endpoint security and cloud security spaces.