How AI and bots amplify endpoint security
We’re excited to bring Transform 2022 back in person on July 19 and pretty much July 20-28. Join AI and data leaders for insightful conversations and exciting networking opportunities. Register today!
Rapidly growing ransomware, malware and endpoint-targeted intrusion attempts are recasting the threat landscape in 2022. It is fitting that the theme of RSA Conference 2022 is ‘transform’, as emerging threats continue to demand rapid changes in endpoint security.
CISOs and CIOs are transforming their cloud infrastructure and hybrid cloud strategies, accelerating internal devops to produce new apps and platforms, and relying more than ever on software-as-a-service (SaaS) apps to meet time-to-market goals . Vendors promoting cloud security, comprehensive detection and response (XDR), and zero trust will dominate RSAC 2022.
The Cloud Security Alliance (CSA) published its latest research results during RSA 2022, underlining the continued growth of zero trust. The survey is based on interviews with 823 IT and security professionals, including 219 C-level executives. As a result, 80% of C-suite executives have prioritized zero trust in their organizations and 94% are implementing them. In addition, 77% will increase their spending on zero trust over the next 12 months.
Improving endpoint and device security is where most organizations say their approach to implementing a zero-trust framework is the most mature.
Cybersecurity is a data problem
Analyzing real-time and historical data to discover, detect, and thwart attempted breaches underscores why cybersecurity is a data problem in the first place. CISOs, CIOs and their teams need access to more historical data. Bot-based approaches to endpoint security need more data to refine AI and machine learning (ML) models. The keynotes and breakout sessions at RSA 2022 made clear how vital data is to enhance cybersecurity defenses. CrowdStrikes’ Asset Graph Launch and successful integration of the Humio acquisition in Humio for Falcon reflects the high priority their customers and prospects place on real-time telemetry data and long-term data archiving.
Microsoft’s Vasu Jakkal, Corporate Vice President for Microsoft Security, Compliance, Identity and Privacy, highlighted the importance of data in cybersecurity and the potential AI and ML have for securing any business. Her insightful keynote, Innovation, ingenuity and inclusiveness: the future of security is now, is worth a look. She told the public that Microsoft protects 785,000 customers worldwide, including their digital assets, giving them a real sense of the rapid pace and sophistication of attacks to come. “And what we’re seeing is this rapid acceleration of attacks; there are 921 attacks per second, which is twice what we saw last year, which is billions and billions of attacks per year,” she said.
Microsoft’s Vasu Jakkal, corporate vice president for Microsoft Security, Compliance, Identity and Privacy, gave examples of why AI and machine learning are essential to securing enterprises.
Microsoft is one of the leaders in the endpoint protection platform (EPP) market and Microsoft 365 Defender is one of the most advanced AI-based self-healing endpoint systems available. All Microsoft 365 Defender products shared a common cloud-hosted console, underlying data lake support, and API, enabling unified threat hunting.
“AI is incredibly, incredibly effective at processing large amounts of data and classifying this data to determine what is good and what is bad. At Microsoft, we process 24 trillion signals every day, across identities and endpoints and devices and collaboration tools and much more,” said Vasu Jakkal, corporate vice president for Microsoft Security, Compliance, Identity and Privacy. “We wouldn’t be able to tackle this without AI.”
Improving endpoint security with AI and bots
Of the more than 30 endpoint security vendors exhibiting at RSA this year, most focus on three core areas of risk management. Reducing attack surfaces, improving detection and response to identity threats, and mitigating digital supply chain risks dominate the roadmaps of endpoint security vendors.
The main ways endpoint security is being improved with AI and bots today are:
Step-by-step gains in AI-based behavioral analytics and real-time authentication. Blackberry CylancePERSONA, Broadcom, CrowdStrike, CyberArk, Cybereason, Ivanti, Kaspersky SentinelOne, Microsoft, McAfee, Sophos, VMWare Carbon Black and other leading endpoint security vendors have increased their investments in R&D and are exploring acquisitions to strengthen these two areas of their product strategy. For example, during her keynote address, Jakkal said the goal is to use AI and machine learning to identify patterns and identify anomalies in real time, then take preventive action against a threat. Microsoft 365 Defender does this in real time by correlating threat data from emails, endpoints, identities, and applications. In addition, Radware Bot Manager combines behavioral modeling, intent analysis, collective bone intelligence and fingerprinting, further reflecting incremental gains in this area of endpoint security. Bot-based patch management becomes more intelligent, improving bots’ predictive accuracy and ability to differentiate which endpoints, machines, and systems need which patches accelerate, as evidenced by the RSA presentations. Achieving greater predictive accuracy is the cornerstone of advancing patch management from the inventory-intensive era. The future of ransomware detection and eradication is data-driven. Nayaki Nayyar, President and Chief Product Officer at Ivantic, gave a detailed presentation on the most common software flaws leading to ransomware attacks, vulnerability chains, and an update to the Ivanti Neurons platform. In addition, she provided insight into how Ivanti Neurons for risk-based patch management becomes more contextually intelligent and has visibility into all endpoints, including those in the cloud and on-premises, all in a single interface.
Ivanti is also designed with custom patch configurations that define the characteristics of patch deployment and are pushed to the Ivanti Neurons Agent on the device to work independently on the set schedule. Nayaki also explained how Ivanti Neurons Patch for Microsoft Endpoint Manager (MEM) extends existing Microsoft Intune deployments with third-party application updates. Nayaki says the threat and patch intelligence helps organizations prioritize vulnerabilities in third-party software.
Bot-based patch management becomes more contextually intelligent and is able to quantify endpoint vulnerabilities, as Ivanti demonstrated with his latest update on RSA. Discovering, securing and managing new machine identity-based endpoints with AI. According to Forrester, machine identities multiply faster than human ones by a factor of 2X or more. A recent Venafi survey of 1,000 CIOs found a: 42% annual growth in the number of machine identities, of which the average company had more than 250,000 at the end of 2021. Together, these factors create a economic loss between $51.5 and $71.9 billion due to poor machine identity protection. CyCognito† Cisco† delinea† ivanti, key factor† Microsoft Security† venafic† ZScaler and other leading endpoint security, EPP and XDR providers are accelerating machine identity management on their roadmaps based on customer and prospect requirements. Examples of how advanced this area is becoming can be seen in the way Cisco AI Endpoint Analytics uses a machine learning component that helps build endpoint fingerprints to reduce the unknown net endpoints in a mixed network environment. Ivanti neurons for discovery It also proves effective in providing IT and security teams with accurate, actionable information about assets that they can use to discover and map the connections between key assets and the services and applications that depend on those assets.
Growing Cybersecurity Spending and Investment
The accelerating pace of cybercrime is transforming the endpoint security market. It is therefore prescient that RSA has chosen ‘transforming’ as its main theme. Transformation spells out exactly what’s going on with more intricate, orchestrated ransomware, malware, and endpoint attacks.
Cybersecurity startups continue to get funding from venture capitalists, and private equity firms have clear roadmaps of suppliers they want to consolidate into new organizations. Of the more than 880 cybersecurity startups in Crunchbase25% received additional funding rounds in the last 12 months and 47 define themselves as an AI-first platform designed to protect the identities and endpoints of mobile devices and machines.
infinite point is one of the most interesting startups, given its approach to device-identity-as-a-service and machine identity management. That’s one of the most challenging areas of endpoint security today, given how quickly any organization creates machine identities during day-to-day operations. Infinipoint provides single sign-on authorization, integrated with risk-based policies and one-click remediation for non-compliant and vulnerable devices.
Gartner predicts end-user spending on the information security and risk management market will grow at a compound annual growth rate of 10.4% to $254.1 billion from 2021 through 2026. It is also predicted that by the end of 2023, 95% of EPP platforms will be cloud-based. Based on the EPP providers participating in RSA 2022, the second prediction has almost become a reality.
VentureBeat’s mission is to be a digital city square for tech decision makers to learn about transformative business technology and transactions. Learn more about membership.