Join today’s leading leaders online at Data Summit on March 9th. to register here.
Endpoint vulnerabilities are the fuel fueling an ever-intensifying arms race between bad actors and cybercriminal gangs against cybersecurity vendors and the organizations that protect them. The arms race in endpoint security is accelerating thanks to the increasingly aggressive use of AI and ML by bad actors, cybercriminal gangs and APT criminals aiming to wreak havoc or shut down organizations for financial gain.
Deploy services and endpoints quickly
Research unit Unit 42 of the Palo Alto Network deployed 320 honeypots in North America (NA), Asia Pacific (APAC) and Europe (EU) in the past year. The research analyzed the timing, frequency and origin of the observed attacks. Using a honeypot infrastructure with 320 nodes deployed worldwide, the researchers wanted to better understand attacks on exposed services in public clouds. Unit 42 researchers found that 80% of the 320 honeypots were compromised within 24 hours and all within a week. For example, the most frequently attacked SSH honeypot was compromised 169 times in a single day, and a threat actor compromised 96% of the 80 Postgres honeypots worldwide within 30 seconds.
What is troubling about the Unit 42 results for endpoints is this 40% of organizations still use spreadsheets to manually track digital certificates, and 57% of organizations do not have an accurate inventory of SSH keys. Both of these factors contribute to widening the gap endpoint security that bad actors are very adept at exploiting them. According to a recent interview with , it’s common to find organizations not tracking up to 40% of their endpoints Jim Wachhaus, attack surface protection evangelist at CyCognito. Jim told VentureBeat that it’s common to find organizations generating thousands of unknown endpoints annually. Jim’s findings are supported by CISOs, who tell VentureBeat that tracking all endpoints goes against what’s possible through manually-based processes today, as their IT staff is already stretched. Add to this, as CIOs and CISOs battle a chronic labor shortage as their top employees are offered 40% or more of their base salary and up to $10,000 in signing bonuses to move to a new company, and the seriousness of the situation becomes clear. Additionally, 56% of executives say their cybersecurity analysts are overwhelmed. according to BCG.
CISOs are turning to AI for insight and scale
rely on AI, machine learning, and analytics to improve endpoint visibility and control are no longer optional. Criminals and cybercriminals who automate their attacks using AI and machine learning can generate thousands of attempts per second—far more than the best cybersecurity analyst teams can handle. Staying on par in the arms race requires a robust data-driven approach using AI, machine learning, and predictive analytics.
Below are examples of how cybersecurity vendors are integrating these technologies into the platforms and defining the future of AI and predictive analytics for endpoint security:
- Using machine learning and NLP to detect and map all endpoints. Organizations often don’t know how many endpoints they have, where they are located, and whether or not they’re protected. This is a great use case for combining machine learning algorithms and natural language processing (NLP) techniques to discover and map endpoints in an organization. One of the leading Attack Surface Management (ASM) providers is CyCognito, which relies on a scalable process to detect, classify and assess the security of an organization’s IT ecosystem. CyCognito’s Jim Wachhaus created the following maturity model based on anonymized, aggregated customer data:
- The rapid adoption of AI-based real-time authentication and behavioral analysis. Using predictive artificial intelligence (AI) and machine learning to tailor security policies and roles to each user in real-time based on patterns of where and when they attempt to log in, their device type, device configuration, and several other classes of variables they identify as prove effective. Among the leading providers Blackberry persona, Broadcom, CrowdStrike, CyberArk, Cybereason, Ivanti, Kaspersky SentinelOne, Microsoft, McAfee, Sophos, VMWare Carbon Black and other. Organizations say this approach to using AI-based endpoint management reduces risk stemming from lost or stolen devices and also protects against device and app cloning and user impersonation.
- AI and machine learning will continue to improve patch management to reduce ransomware. The most notorious ransomware attacks of the past year started in part because endpoints were not up to date with patches. the Colonial Pipeline, Kaseyaand JBS Meat Packing Ransomware attacks show how bad actors are after large-scale infrastructures to obtain lucrative cash and bitcoin payouts. AI-based bot management platforms also help improve IT service management (ITSM) and IT asset management (ITAM) by providing real-time visibility and control over each endpoint. Inventory-based and fleet-based approaches to patch management often rely on incomplete data and cannot respond quickly enough to keep pace with growing threat complexity. Added to this is the fact that Enterprises now have an average of 96 unique applications per device, including 13 mission-critical applications based on a current Absolutely survey, and the scope of the challenge of keeping endpoints up-to-date becomes clear. Improving the accuracy of predictive analytics is the cornerstone to moving patch management out of the inventory-intensive era it’s stuck in today, and into a more adaptable, context-aware system capable of thwarting ransomware threats.
The future of ransomware detection and remediation is data-driven. The sooner bot management vendors get there, the greater the chance of slowing the pace of attacks that are dominating the global cybersecurity landscape. Microsoft’s acquisition of RiskIQ last year to strengthen its cloud-native products and Acquisition of RiskSense by Ivanti in 2021 reflect the high priority organizations are giving to fighting ransomware with data-driven patch management. Ivanti’s acquisition of RiskSense enabled them to obtain the largest and most diverse dataset of ransomware attacks available Vulnerability Intelligence and Vulnerability Risk Rating by RiskSense. RiskSense’s risk assessment reflects the future of data-driven patch management as it prioritizes and quantifies adversary risk based on factors such as threat intelligence, exploit trends in the wild, and validation by security analysts. Ivantis Neurons for patch management and Neurons for patch intelligence Improve patch reliability while improving endpoint visibility and control.
What else is needed in AI and analytics
The future of AI and analytics in endpoint security must quantify risk whenever possible, followed by faster Service Level Agreements (SLAs) with patch reliability. Add to this the need for improved insights into how to further automate patching while identifying non-compliant systems with AI-powered compliance reports, and the cybersecurity industry has a solid roadmap to build on. EPP platform providers are struggling to gain greater visibility and control over endpoints, and expect more acquisitions in 2022. Private equity investors are always looking for ways to bring best-in-class cybersecurity providers together on new platforms. Greater consolidation in this market is being driven by the need for CISOs to manage fewer apps and platforms and make greater contributions to business outcomes and risk management.
VentureBeat’s mission is intended to be a digital marketplace for technical decision makers to acquire knowledge about transformative enterprise technology and to conduct transactions. Learn more
https://venturebeat.com/2022/03/03/predicting-the-future-of-ai-and-analytics-in-endpoint-security/ Predicting the future of AI and analytics in endpoint security