How AI can close gaps in cybersecurity tech stacks
We’re excited to bring Transform 2022 back in person on July 19 and pretty much July 20-28. Join AI and data leaders for insightful conversations and exciting networking opportunities. Register today!
Gaps in cybersecurity tech stacks, especially in endpoint security and patch management, are making enterprises increasingly vulnerable to attacks. CISOs are focused on driving new digital revenue strategies while mitigating risks and protecting virtual workforces from the various threats.
From cybercriminal gangs trying to recruit AI engineers to state-funded Advanced Persistent Threat (APT) networks that can simultaneously launch attacks across multiple attack vectors, cybercriminals are getting smarter. Researching vacancies on the dark web show that those who know how to breach web services, have AI-based hacking skills, and capture privileged access credentials are the most in demand.
Controlling the balance of power with AI
Machine endpoints are growing twice as fast as human and new digital revenue strategies developed by enterprises are expected to deliver double-digit growth within 18 months. Virtual workforces to support new digital revenue growth require new security tools that are intuitive and easy to use. CISOs are balancing these demands with the need for real-time insights into risk management and improving user experiences on their applications. Solving these challenges and maintaining a balance of power against threats and risk requires data-driven AI and machine learning technologies that deliver results at scale.
AI and machine learning effectively automate tasks that IT and cybersecurity departments don’t have time for. Some of these include automated endpoint security, patch management, and enhancing supply chain security, visibility, and control with the Industrial Internet of Things (IIoT). Enterprises proactively adopt and prioritize zero-trust security, starting with identity access management (IAM), privileged access management (PAM), micro-segmentation, and endpoint security, then grappling with endpoint tracking and patch management.
Using AI and machine learning increases intelligence for endpoint and patch management and improves risk-based vulnerability assessments. Cybersecurity provider sales partners also help close gaps in technical stacks by providing their expertise and insights.
Closing gaps in the technical stack
There are five strategies cybersecurity vendors should rely on to help their enterprise customers close the widening gaps in their technical security stacks. Based on conversations with endpoint security, IAM, PAM, patch management and remote browser isolation (RBI) providers and their partners, these strategies are starting to emerge dominantly in the cybersecurity landscape.
Fast-tracking roadmaps for endpoint, ransomware and risk management
Cybersecurity vendors are today accelerating their launch plans in three key areas. Endpoint security is still one of the most elusive issues for a security team to solve, and organizations often don’t know where up to 40% of their endpoints are located. Broadcom, CrowdStrike, McAfee and Microsoft are leaders in the endpoint security market, and each has indicated in revenues and briefings that they are accelerating their roadmaps.
An analysis of Ivanti’s roadmap shows how vendors are taking applications to the next level and making larger releases faster. Ivanti has released five modules on its Neurons platform, a significant achievement for its DevOps, engineering and product management teams. Ivanti told VentureBeat that Ivanti Neurons Patch for MEM (Microsoft Endpoint Manager) is in high demand by enterprises looking to automate patch management and extend Intune deployments with update capabilities for third-party applications.
Cybersecurity vendors are accelerating their roadmaps to improve endpoint management, including IIoT sensors, Risk-Based Vulnerability Management (RBVM), and customer experiences to help companies close growing gaps in their tech stacks.
Land & expand selling zero trust with partners has a high priority.
Cybersecurity vendors tell VentureBeat that one of the key factors accelerating their roadmaps is demand from resellers and partners for new cloud services to support high-margin sales. During the latest earnings call, George Kurtz, president, CEO and co-founder of CrowdStrike said: channel sales is the core of the business†
Reaffirming its high priority to rely on partners to land, expand and deliver zero trust solutions through the channel, Ivanti announced that Dennis Kozak has joined them today as Chief Operating Officer (COO). Dennis will oversee Ivanti marketing, global sales, customer experience and operations as COO. A longtime channel veteran, Mr. Kozak spent 23 years at CA Technologies leading organizations such as global sales, global channel sales and strategy, sales operations and global transformation to deliver next-generation portfolio strategy. Most recently, he was head of global broadcasting at Avaya, which accounted for approximately 70% of their total revenue.
mr. Kozak told VentureBeat in an interview that his goals include turning channel sales into a growth driver for Ivanti by capitalizing on the five acquisitions made in the past 16 months. Additionally, in an interview with VentureBeat, Mr. Kozak explained that the goal is to bring all acquisitions together into a unified go-to-market and channel strategy.
Quantifying risk is table stakes
Enterprises need better tools to assess risks and vulnerabilities and identify and close gaps in tech stacks. As a result, there is growing interest in using Risk-Based Vulnerability Management (RBVM) that can be scaled across cloud, mobile IoT and IIoT devices today. Endpoint Detection & Response (EDR) vendors are moving to RBVM with vulnerability assessment tools. Leading suppliers include CODA Footprint, CyCognito, Recorded Future, Qualys, and others. Ivanti’s acquisition of RiskSense delivered its first product this month, Ivanti Neurons for Risk-Based Vulnerability Management (RBVM). What is noteworthy about the release of Ivanti is that it is the first RBVM system to rely on a state engine to measure, prioritize and manage cybersecurity risks to protect businesses from ransomware and advanced cyberthreats. Ivanti has also developed proprietary Vulnerability Risk Ratings (VRR) that quantify hostile risk so that enterprises can identify and prevent risks before breaches occur.
Ivanti’s approach to Risk-Based Vulnerability Management combines machine learning models from RiskSense and the Ivanti Neurons platform to create a single, unified view of known vulnerabilities.
Doubling Endpoint Security as a Core Product Strategy
Fast-tracking endpoint security applications and platforms are also helping to close the gaps in today’s tech stacks. All leading cybersecurity vendors have announced or will soon announce self-healing endpoints. A recent Tanium study found that: only 29% of security teams are confident that the patches they install will stop a breach. Absolute’s 2021 Endpoint Risk Report found 12.9 mission-critical applications per business device, of which 11.7 were security checks. Absolute’s report found that the greater the complexity of the endpoint, the greater the risk of applications conflicting, colliding, and canceling, making endpoints less secure.
Ivanti’s recent research on patch management, 71% of IT and security professionals found patching too complex and time-consuming, and 53% said organizing and prioritizing critical vulnerabilities took up most of their time. Ivanti’s launch last week of their Neuron Patch for MEM reflects the future of AI-based patch intelligence for endpoint security by relying on AI-based bots to identify which patches need updating the most. Other vendors offering AI-based endpoint protection include: broadcomCrowdStrike, SentinelOne, McAfee, Sophos, Trend Micro, VMWare Carbon Black, Cybereason, etc.
Digital experiences should lead to higher productivity
Improving the intuitive use of a security application increases productivity and reduces risk. However, enterprise applications are known to be challenging to use. Known for intuitive designs, Apple relies on statistics and analytics combined with design principles to streamline every new application and system. No standard comes close to Apple’s success in this area of business software.
It’s encouraging to see cybersecurity vendors taking on the challenge of using AI to improve user experience. Ivanti launched their Digital experience score inside Ivanti Neurons Workspace last week. The most common demand from CIO users is to improve application usability to drive greater security productivity and operational agility. Ivanti’s Digital Experience Score provides a 360-degree view and real-time insight into the devices, operating systems, networks and applications employees rely on in their virtual workspace.
Ivanti claims it prevents organizations from using ticket count as a proxy for the employee experience because closing tickets alone is not the Service Level Agreement (SLA) to be measured; instead, organizations need to quantify how effective IT and digital experiences (XLAs) are and look for new ways to improve them. Machine Learning algorithms to produce a combined metric of the users’ holistic digital experience.
Computing and using AI to identify ways to improve Digital Experience Scores is specifically the future of enterprise software and cybersecurity applications.
The severity, speed and sophistication of cyber attacks are increasing rapidly. CIOs and CISOs know they must rely on more advanced technologies, including AI and machine learning, to deal with split-second attacks that can disable their networks. With cybercrime gangs recruiting AI engineers from school and state-sponsored cyber-attacks becoming more common, the potential of AI and machine learning to thwart breach attempts and sophisticated attacks is increasingly being proven.
Cybersecurity vendors are accelerating their product roadmaps with hardened, more data-driven applications, as AI platform players try to land and expand into partner strategies. Quantifying risk is now the focus and every cybersecurity vendor in endpoint security or adjacent markets is introducing self-healing endpoints. Cybersecurity tech stacks need AI to determine how best to repel advanced attacks today and in the future.
VentureBeat’s mission is to be a digital city square for tech decision makers to learn about transformative business technology and transactions. Learn more about membership.