CRA Survey: Endpoint Security Goals Hinge on AI, XDR

Published on
September 14, 2023

Survey respondents believe advanced AI, XDR and other tools can help them reduce human error, and are planning 2024 budgets accordingly

New York, NY, September 14, 2023 – The biggest endpoint security headaches have long involved end users’ inability to manage their access from an ever-expanding array of devices, but an August 2023 Cybersecurity Buyer Intelligence survey of 200 security and IT leaders and executives, practitioners, administrators, and compliance professionals points to a growing hope that advanced tools like AI and XDR can help minimize endpoint compromises going forward.

Respondents prioritize securing what they see as a defining feature common to most endpoints: email access and communication. At least 3 in 4 use a secure email gateway server to monitor and manage all emails being sent and received from devices connected to the corporate network, which in theory should reduce the likelihood of email compromise from malware and phishing attacks. But respondents have concluded that more advanced tools are needed for things like multifactor authentication and strong password enforcement.

“As we move toward more and more data being stored in cloud platforms, it becomes increasingly important to restrict access by unmanaged (BYOD) devices,” said one respondent.

Key takeaways from the report:

  • AI/ML is the most-planned-for 2024 endpoint security investment (at 35%), followed by XDR (at 31%). Respondents are moving beyond basic EDR and reactionary tools, trying to get ahead of threats by using technology that raises contextual awareness (with XDR) and anticipates threats at lightning speed (with AI).
  • Many respondents employ EDR, XDR and MDR, but more than a third plan to incorporate an AI-based approach in their 2024 strategy.
  • Three out of five respondents admitted to one or more compromised endpoints in the last year. That’s a lot of compromise, considering 63% reported having 1,000 or more endpoints on their network. Desktops, mobile devices (like laptops and tablets), and servers were the most common targets of these attacks.
  • Not all endpoints are observed equally. Just 59% of respondents are confident that at least 75% of their endpoints receive monitoring around the clock. That means a huge proportion of devices are essentially being their own devices – either operating off the grid or receiving only periodic attention.

For more detailed findings and analysis, download the full report.

About CyberRisk Alliance 
CyberRisk Alliance (CRA) is a business intelligence company serving the high growth, rapidly evolving cybersecurity community with a diversified portfolio of services that inform, educate, build community, and inspire an efficient marketplace. Our trusted information leverages a unique network of journalists, analysts and influencers, policymakers, and practitioners. CRA’s brands include SC Media, Security Weekly, ChannelE2E, MSSP Alert, InfoSec World, Identiverse, Cybersecurity Collaboration Forum, its research unit CRA Business Intelligence, the peer-to-peer CISO membership network, Cybersecurity Collaborative, the Official Cyber Security Summit, TECHEXPO Top Secret, and LaunchTech Communications. Click here to learn more.

We're Here to Help

From news, analysis, and insight, to events, communities, custom content and marketing solutions, the CyberRisk Alliance portfolio provides support to the entire cybersecurity ecosystem. We'd love to help support your goals.