How AI and bots strengthen endpoint security

Fast-growing ransomware, malware and endpoint-directed breach attempts are reordering the threat landscape in 2022. It’s appropriate that RSA Conference 2022’s theme is ‘transform, ‘as new threats continue to call for rapid changes in endpoint security.

CISOs and CIOs are transforming their cloud infrastructure and hybrid cloud strategies, accelerating devops internally to produce new apps and platforms, and relying more on software-as-a-service (SaaS) apps than ever before to meet time-to-market goals. Vendors promoting cloud security, extended detection, and response (XDR) and zero trust dominated RSAC 2022.

The Cloud Security Alliance (CSA) released its latest survey results during RSA 2022, which further underscores zero trust’s continued growth. The research is Based on interviews with 823 IT and security professionals, including 219 C-level executives. As a result, 80% of C-suite executives have prioritized zero trust in their organizations and 94% are implementing them. In addition, 77% are increasing their spending on zero trust over the next 12 months.

Cybersecurity is a data problem

Analyzing real-time and historic data to uncover, detect and thwart breach attempts underscores why cybersecurity is a data problem first. CISOs, CIOs and their teams need access to more historical data. Bot-based approaches to endpoint security need more data to fine-tune AI and machine learning (ML) models. Just how essential data is to improving cybersecurity defenses was made clear in the keynotes and breakout sessions at RSA 2022. CrowdStrikes’ launch of Asset Graph and successful integration of its Humio acquisition in Humio for Falcon reflects the high priority their customers and prospects place on real-time telemetry data and long-term data archiving.

Microsoft’s Vasu Jakkal, corporate vice president for Microsoft Security, Compliance, Identity and Privacy, emphasized the importance of data in cybersecurity and the potential AI and ML have for securing every business. Her insightful keynote, Innovation, Ingenuity and Inclusivity: The Future of Security is Now, is worth watching. She told the audience that Microsoft protects 785,000 customers globally, including their digital estate, which gives them a close view of the rapid pace and sophistication of attacks are coming. “And what we’re seeing is this rapid acceleration in attacks; there are 921 attacks a second that’s two times what we saw last year, that’s billions and billions of attacks a year,”

Microsoft is one of the leaders in the endpoint protection platform (EPP) market and Microsoft 365 Defender is one of the most advanced AI-based self-healing endpoint systems available. All Microsoft 365 Defender products shared a common cloud-hosted console, support for an underlying data lake and API, allowing unified threat hunting.

“AI is incredibly, incredibly effective in processing large amounts of data and classifying this data to determine what is good and what’s bad. At Microsoft, we process 24 trillion signals every single day and that’s across identities and endpoints and devices and collaboration tools and much more,” said Vasu Jakkal, corporate vice president for Microsoft Security, Compliance, Identity and Privacy “Without AI, we could not tackle this.”

Improving endpoint security with AI and bots

Of the more than 30 endpoint security vendors exhibiting at RSA this year, most concentrate on three core areas of risk management. Reducing attack surfaces, improving identity threat detection and response, and reducing digital supply chain risk dominate endpoint security vendors’ roadmaps today.

The main ways endpoint security is being improved with AI and bots today, include:

  • Stepwise gains in AI-based behavioral analytics and real-time authentication. Blackberry Cylance Persona, Broadcom, CrowdStrike, CyberArk, Cybereason, Ivanti, Kaspersky Sentinel One, Microsoft, McAfee, Sophos, VMWare Carbon Black and other leading endpoint security vendors have invested more in R&D and are exploring acquisitions to strengthen these two areas of their product strategy. For example, during her keynote, the goal is to use AI and machine learning to identify patterns and spot anomalies in real-time, then take pre-emptive action against a threat. Microsoft 365 Defender does this in real-time by correlating threat data from emails, endpoints, identities, and applications. In addition, Redware Bot Manager combines behavioural modelling, intent analysis, collective bot intelligence and fingerprinting, further reflecting the stepwise gains in this area of endpoint security.
  • Bot-based patch management is getting more intelligent, improving bots’ predictive accuracy and capability to differentiate which endpoints, machines and systems need which patches are accelerating, as seen from the RSA presentations. Achieving greater predictive accuracy is the cornerstone of progressing patch management out of its inventory-intensive era. The future of ransomware detection and eradication is data driven. Nayaki Nayyar, president and chief productofficer at Ivanti, provided a detailed presentation on the most common software errors that lead to ransomware attacks, vulnerability chaining and an update on the Ivanti Neurons platform. In addition, she provided insights into how Ivanti Neurons for Risk-Based Patch Management is becoming more contextually intelligent and has visibility into all endpoints, including those cloud and on-premises based, all in a single interface.

Ivanti has also been designed with custom patch configurations that define the characteristics of patch deployment and are pushed to the Ivanti Neurons Agent on the device to run independently on the set schedule. how Ivanti Neurons Patch for Microsoft Endpoint Manager (MEM) extends existing Microsoft Intune implementations to include third-party application updates. Nayaki says Its threat and patch intelligence help organizations properly prioritize remediation of third-party software vulnerabilities.

  • Discovering, securing, and managing new machine identity-based endpoints with AI. According to Forrester, machine identities are proliferating faster than human ones by a factor of 2X or more. A recent survey by Venafi of 1,000 CIOs found a 42% annual growth in the number of machine identities, with the average enterprise having over 250,000 of them at the end of 2021. Combined, these factors drive an economic loss of between $51.5 to $71.9 billion attributable to poor machine identity protection. CyCognito, Cisco, Delinea, Ivanti, KeyFactor, Microsoft Security, Venafi, ZScaler and other leading endpoint security, EPP and XDR providers are accelerating machine identity management on their roadmaps based on customers’ and prospects’ requirements. Examples of how advanced this area is becoming can be seen in the way Cisco AI Endpoint Analytics uses a machine-learning component that helps build endpoint fingerprints to reduce the unknown net endpoints in a mixed network environment. Ivanti Neurons for Discovery is also proving effective in providing IT and security teams with accurate, actionable asset information they can use to discover and map the linkages between key assets with the services and applications that depend on those assets.
Growing cybersecurity spending and investment

The accelerating pace of cybercrime is transforming the endpoint security market. So, it’s prescient that RSA chose ‘transform’ as the main theme. Transformation speaks to exactly what’s going on with more intricate, orchestrated ransomware, malware, and endpoint attacks.

Cybersecurity startups continue gaining funding from venture capitalists and private equity firms have clear roadmaps of vendors they want to consolidate into new organizations. Of the over 880 cybersecurity startups in Crunchbase, 25% received additional funding rounds in the last twelve months and 47 define themselves as an AI-first platform designed to protect mobile device and machine identities and endpoints.

Infinipoint is one of the most interesting startups, given its approach to device-identity-as-a-service and machine identity management. That’s one of the most challenging areas of endpoint security today, given how quickly every organization creates machine identities during daily operations. Infinipoint provides single sign-on authorization integrated with risk-based policies and one-click remediation for non-compliant and vulnerable devices.
Gartner predicts end-user spending for the information security and risk management market will grow at a compound annual growth rate of 10.4% from 2021 through 2026, reaching $254.1 billion. It’s also predicted that by the end of 2023, 95% of EPP platforms will be cloud-based. Based on the EPP providers participating at RSA 2022, the second prediction is close to being a reality today.