Editor’s Note: Elastic joined forces with Endgame in October 2019, and has migrated some of the Endgame blog content to elastic.co. See Elastic Security to learn more about our integrated security solutions.
I’m excited to share that Gartner has named Endgame a “Visionary” in the 2018 Magic Quadrant for Endpoint Protection Platforms. Gartner initially explored the entire market of endpoint vendors. Of the 21 top vendors included in the final evaluation, Endgame was ranked third on “completeness of vision,” which Gartner defines as the degree to which vendors understand current and future customer requirements, and have a timely roadmap to meet them. This is the first year we’ve been included in this evaluation. Given that Endgame has come further, faster, than most (or all) of the others, I’d like to share here what Endgame is doing, how we came so far so fast, and where we’re going next.
Legacy endpoint protection had a great run, but it’s over.
Throughout this past year, attackers have continued to execute operations aggressively, often adopting tradecraft and techniques that were once primarily used by nation-state actors. We see increasing use of fileless techniques, custom malware, and legitimate administrative tools in operations targeting companies large and small. This accelerating sophistication of attacks has overwhelmed legacy EPP. Tools that were once important for protecting your enterprise have become little more than check-the-box compliance requirements, offering little real protection. The problem is that security is dynamic – as much person-on-person as machine-on-machine. Legacy tools are built on an outdated vision of attacker behavior: they’re overweight; they’re hard to use; and they have become multi-agent behemoths laboring to stitch together AV, NGAV, exploit protection, IOC search, and IR. It doesn’t work anymore, and the proof is right there for all to see in the steady drumbeat of catastrophic breaches.
There. I’ve said it. Let’s move on.
Endgame has redefined endpoint security. We hired the best attackers from places like the NSA and the Air Force and – in collaboration with top defenders, data scientists, engineers, designers, and incident responders from across the industry – asked them to build the security product they never wanted to encounter when they were conducting missions on behalf of the United States. We listened to CISOs frustrated at juggling dozens of vendor relationships and demanding converged products integrating more functionality into a single agent. We watched operators struggling to use thoughtlessly complex products whose interface and workflow would never have made it off the white board in a consumer product. And we’ve delivered a converged endpoint protection platform that’s easy to use, and that actually works.
- Endgame is the only vendor to implement the most advanced model of attacker techniques and technology, MITRE’s ATT&CK matrix. Our commitment both to cover it with protections and to extend it with research is unique, and we’re the only vendor to be evaluated by MITRE itself.
- Endgame’s use of machine learning is the gold standard, with outstanding prevention efficacy in public testing with AV Comparatives and SE Labs. The excellence of our capability is available for the world to see in VirusTotal. Moreover, we’re honest about what ML can and cannot do.
- Our hardware-assisted control-flow integrity (HA-CFI™) feature is the only proven protection technology that inspects running hardware, offering extensive visibility and protections below the OS.
- Artemis, the industry’s first (and only) natural language user interface, enables quick, efficient operations and SOC response to sophisticated attacks.
- Endgame is the only single-agent autonomous solution delivering converged EPP and EDR functions across the Department of Defense. Within weeks of initial training, a junior operator armed with Endgame can be effective against nation-state attacks. And it’s not just for the most cutting-edge government agencies anymore. Endgame is ripping out legacy AV in commercial customers and protecting some of the most-attacked large enterprises in the Fortune 100.
Don’t just take our word for it. Read what analysts, testing organizations, and customers have to say. Endgame is the only single-agent endpoint security solution spanning the full range of MITRE ATT&CK techniques, achieving the highest efficacy ratings, and delivering true ease-of-use.
So, what’s next? We must never be complacent. Attackers are capable, committed, well-resourced and incentivized to improvise, adapt, and innovate. We know that what protects today may be circumvented tomorrow. With that in mind, we will continue to provide bleeding-edge protection against the most advanced tactics. In addition to our Windows protection and advancing our ML-based detections, we are now delivering best-in-industry Mac protection. We must continue to listen to our customers who are on the front lines, innovating in areas beyond detection, expanding our partner integration ecosystem and continuing to enhance the user workflow and experience.
We are thrilled to be among the few in Gartner’s visionary quadrant, and I’m gratified to lead a team that doesn’t view this as an excuse for self-congratulation, but rather as a call to action to look over the ridgeline and anticipate what is next for the attackers and our customers. This will never change as we grow and continue to redefine endpoint security. If you want the peace of mind that comes with having the best-possible protections deployed against the most sophisticated attackers, then contact us to give Endgame a try. We have a proven track record of delivering on our vision to protect some of the most-attacked institutions in the world, from the Pentagon to Wall Street.
The 2018 copy of the full Gartner Magic Quadrant for Endpoint Protection Platforms is no longer available but stay tuned for the 2019 report later this year.