AI increases resilience for self-healing endpoints

A photo of different medicinal drugs, tablets and pills on blue background.

Join today’s leading executives at the Data Summit on March 9. Register here.

CISOs’ time and teams are too tight, protecting remote and hybrid workforces and the rapidly growing number of machine-based endpoints from new, unpredictable attack patterns. Cybersecurity professionals, including CISOs, question whether their existing endpoint security systems can thwart a sophisticated attack. Fifty-five percent of cybersecurity professionals estimate that more than 75% of endpoint attacks cannot be stopped with their current systems, based on a study by Tanium.

Security teams admit that they are behind on patches and often don’t know if a patch will cause a collision at the endpoint, making it less secure than before. Only 29% of security teams are confident that the patches they install will stop a breach. The hardest hit by cyberattacks and ransomware last year are also among the slowest to complete endpoint patching. Absolute’s 2021 Endpoint Risk Report found that retailers are on average 101 days behind in patching endpoints, followed by healthcare at 78 days and financial services at 69 days. Self-healing endpoints are a growth catalyst for the Endpoint Protection Platform (EPP) market, which is projected to grow from $16 billion in 2022 to $26.4 billion in 2025, and achieve a Compound Annual Growth Rate (CAGR) of just three years. reached 18.1%. This makes it one of the fastest growing markets in the cybersecurity industry.

Companies that delay patch management give cybercriminals time to adopt new endpoint attack strategies. Most IT and security professionals say patching takes a backseat to other tasks. Ivanti’s recent survey found that 71% of IT and security leaders say it’s too complex, cumbersome and time-consuming. Fifty-seven percent say remote working and decentralized workspaces make a challenging task even more difficult.

6 ways AI makes endpoints more resilient

Self-healing endpoints differ in their self-diagnosis, combined with their ability to regenerate their operating system and apps, while using AI and ML to identify and thwart suspected or actual breach attempts. They are regenerative in design to achieve greater resilience. Self-healing endpoints disable themselves, recheck all versions of operating systems and applications, and then reset themselves to their specific configuration. All of these activities are autonomous and provide real-time event tracking.

CISOs tell VentureBeat that building a business case for self-healing endpoints often comes with ITSM cost and time savings, reduced workload for security operations, asset loss, and improved audit and compliance. VentureBeat sees the urgent need for endpoint security vendors to provide greater visibility and control, more efficient workflows for reverting malicious changes, and greater flexibility in automatically reconfiguring endpoints to the correct configurations. A core component of CISOs’ zero trust security strategies revolves around endpoint security, which is critical to current and planned digital business initiatives.

AI and ML techniques prove to be effective core technologies for self-healing endpoints due to the following factors:

AI-based endpoints can bend faster to stop complex attacks and then self-heal. CISOs tell VentureBeat AI and ML-based endpoints can be trained to identify when attackers try to poison their algorithms with deliberately misleading attack data. They can also identify when misleading data tries to redefine classifications across models – all intended to throw off the endpoint of a potential breach. Endpoint algorithms know the rebuild order to the operating system level, enabling autonomous self-healing and avoiding a time-consuming job on ITSM service desks. They are also able to scale patch management across the entire fleet of devices more efficiently than any manual or previously automated approach could. Three key questions CISOs should ask potential endpoint vendors. More than 70 cybersecurity vendors are promoting their AI and ML-based self-healing endpoint systems and platforms today. Unfortunately, it’s hard to find the endpoint vendors that can deliver. Frankly, today there is a broad spectrum of AI and Ml use cases for self-healing endpoints. The challenge is to find the approach that best suits your organisation. The three questions to ask are: Specific data about datasets used for model training. Ask the vendor to provide an overview of the volume and variety of datasets they train their models with. Ask how these datasets help reduce false positives and identify actual breach attempts. What are their track record training models? Is the data from only a certain industry or industry-wide world or only from your country? The more diverse the sector coverage in the dataset, the more likely breach attempts are caught. How can I retrain classifiers and algorithms at scale? The scalability of cloud platforms is an advantage with this requirement – and it’s good to check whether the vendors you’re considering for endpoint security have that capability. They are more difficult to circumvent than rules-based endpoints. IT and cybersecurity teams find the latest generation of AI-based endpoints easy to deploy. However, they are challenging to refine as synthetic data is a work in progress. Despite their limitations, AI-based endpoints are more resilient than their rules-based counterparts because they are designed to identify and respond to anomalies more quickly. It helps set the bar high for supplier innovation. Table stakes are intended for self-healing endpoints that can self-heal after an attack, either purely through software or by being embedded in the BIOS. Arguably embedded in an endpoint’s firmware is the most reliable approach there is to achieve greater resiliency. Absolute resiliency is now factory-embedded in firmware by 28 device manufacturers, making it the world’s only firmware-embedded platform for endpoint visibility and control. It’s innovative to keep up with the many changes in firmware at their manufacturing partners while providing predictive analytics on the health of endpoints. Today, future releases of AI and ML are on the roadmaps of over 70 different software-based self-healing endpoint providers. 2022 will be a pivotal year for innovation in the self-healing endpoint security market. Cloud platforms are proving to be a faster, more secure ramp for self-healing endpoints. Microsoft, McAfee, Broadcom and CrowdStrike dominate the endpoint security market, each of which has provided self-healing endpoint security systems in the cloud for years. CrowdStrike is the industry leader when it comes to Endpoint Detection and Response (EDR). Microsoft leads the broader market for endpoint security platforms. Earlier this month, Microsoft rebranded ATP as Microsoft Defender for Identity, and along with CrowdStrike Falcon, Ivanti Neurons, Symantec Endpoint Protection, Sophos Intercept X, Trend Micro Apex One, ESET Endpoint Security, Kaspersky Endpoint Security, McAfee Endpoint Security, and several others, these vendors are all emphasizing cloud-first deployment strategies today. Each of them relies on AI and ML to differentiate themselves by finding new approaches to mitigate attackers’ attempts to deceive models with hostile input, by using generative hostile networks, and developing new approaches to prevent attackers from poison data. Reduce ITSM costs while improving compliance. Self-healing endpoints with AI and ML eliminate IT help desk backlogs by keeping endpoints up to date. Reducing the call volume on IT help desks can save more than $45,000 per year, assuming a normal call lasts 10 minutes and the cumulative time savings of 1,260 hours that the IT help desk saves annually. The more AI an endpoint supports, the more automated audit and compliance reporting becomes. The Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and the Payment Card Industry Data Security Standard (PCI DSS) all require periodic IT audits. The time and cost savings of automating audits by organizations vary widely. It is a reasonable assumption to estimate savings of at least $67K per year on audit preparation costs alone.

The future of self-healing endpoints

With IT and security teams already thin, CISOs and CIOs must add thousands of new endpoints to secure their growing remote and hybrid workforce. According to Forrester, their workload is exacerbated as new machine identities grow twice as fast as human ones. CISOs tell VentureBeat that the most valuable aspect of AI and ML in endpoint security is how reliable and resilient self-healing endpoints become. CISOs want greater visibility and control, more efficient workflows for reverting malicious changes, and more flexibility in automatically reconfiguring endpoints to the correct configurations. Add to that the need for more granular, real-time asset management data, and the future of self-healing endpoints is moving in an AI-driven direction.

VentureBeat’s mission is to be a digital city square for tech decision makers to learn about transformative business technology and transactions. Learn more

This post AI increases resilience for self-healing endpoints

was original published at “https://venturebeat.com/2022/03/03/ai-brings-greater-resilience-to-self-healing-endpoints/”