How AI and bots enhance endpoint security

Rapidly growing ransomware, malware and end-to-end hacking attempts are re-arranging the threat scene in 2022. The theme of the RSA Conference 2022 is “Transformation,‘ because new threats continue to require rapid changes in endpoint security.

CISOs and CIOs are changing their cloud infrastructure and hybrid cloud strategies, accelerating internal developments to produce new applications and platforms, and relying more on service (SaaS) applications than ever before to meet time targets for marketing. Vendors that promoted cloud security, enhanced detection and response (XDR), and zero confidence dominated RSAC 2022.

The Cloud Security Alliance (CSA) RSA announced the results of the latest survey during 2022, which further highlights the continued growth of zero confidence. The study is based on interviews with 823 IT and security professionals, including 219 C-level executives. As a result, 80% of C-suite managers prefer zero trust in their organizations, and 94% implement them. In addition, 77% increase their zero cost over the next 12 months.

Cybersecurity is a data problem

Analysis of real-time and historical data to detect, detect, and prevent breaches highlights why cybersecurity is primarily a data problem. CISOs, CIOs and their teams need more access to historical data. Bot-based approaches to endpoint security require more information to fine-tune AI and machine learning (ML) models. The importance of data in improving cybersecurity protections became clear in key notes and dismantling sessions at RSA 2022. Launch of Asset Graph by CrowdStrikes and successful integration of Humio acquisition Humio for Falcon reflects the high priority given by customers and prospects to real-time telemetry data and long-term data archiving.

Vasu Jakkal, Microsoft’s Corporate Vice President for Security, Compliance, Personality and Privacy, stressed the importance of data in cybersecurity and the potential AI and ML to ensure the security of every business. His wise words, Innovation, ingenuity and inclusion: the future of security is now, worth a look. He told the audience that Microsoft protects 785,000 customers globally, including their digital assets, which allows them to see the rapid pace and complexity of attacks. “This is a rapid acceleration in the attacks we see; There are 921 attacks per second, which is twice as many as we saw last year, which means billions and billions of attacks a year. ”

Microsoft is one of the leaders in the endpoint protection platform (EPP) market and Microsoft 365 Defender is one of the most advanced AI-based self-healing endpoint systems available. All Microsoft 365 Defender products share a shared cloud-based console, basic data pool, and API support, and allow for integrated threat hunting.

“AI is incredibly effective in processing large amounts of data and classifying that information to determine what is good and what is bad. At Microsoft, we process 24 trillion signals every day, and that includes identities, endpoints, devices and collaboration tools, and more, ”said Vasu Jakkal, Microsoft’s Vice President of Security, Compliance, Personality and Privacy. “Do it.”

Improving endpoint security with AI and bots

Most of the more than 30 endpoint security providers on display at RSA this year are focused on three key areas of risk management. Reducing offensive surfaces, improving identity threat detection and response, and reducing digital supply chain risk are now dominant in the roadmaps of end-point security providers.

Today, the main ways to improve endpoint security with AI and bots include:

• Step-by-step gains in behavioral analytics and real-time authentication based on artificial intelligence. Blackberry CylancePERSONA, Broadcom, CrowdStrike, CyberArk, Cybereason, İvanti, Kaspersky SentinelOne, Microsoft, McAfee, Sophos, VMWare Carbon Black and other leading end-point security suppliers have invested more in R&D and are exploring acquisitions to strengthen these two areas of product strategy. For example, in his keynote address, Jakkal said the goal was to use artificial intelligence and machine learning to identify patterns in real time and detect anomalies, and then take precautionary measures against the threat. Microsoft 365 Defender does this by linking real-time threat information from emails, endpoints, identifications, and applications. In addition to, Radware Bot Manager combines behavioral modeling, intention analysis, collective bot intelligence, and fingerprinting, and further reflects step-by-step gains in this area of ​​endpoint security.

• Bot-based patch management is smarter, Improving the predictive accuracy of bots and their ability to differentiate which endpoints, machines, and systems need to be accelerated, as seen in RSA presentations. Achieving higher forecasting accuracy is a cornerstone of patch management that goes back to a time when inventory was intensive. Ransomware detection and removal is the future based on data. Nayaki Nayyar, President and CEO of the company Ivanti, gave a detailed presentation on the most common software bugs that led to ransomware attacks, vulnerabilities, and updates on the Ivanti Neurons platform. In addition, he gave information about how it is Ivanti neurons for risk-based patch management becomes more intelligent in terms of context, and all endpoints, including cloud and local-based, all appear in one interface.

Ivanti has also been developed with special patch configurations that determine the characteristics of the patch placement and are transmitted to the Ivanti Neurons Agent on the device to work independently according to a defined schedule. Nayaki also explained how Ivanti Neurons Patch for Microsoft Endpoint Manager (MEM) expanded existing Microsoft Intune applications to include third-party software updates. Nayaki says its threat and patch intelligence helps organizations prioritize third-party software vulnerabilities.

• Discover, secure and manage endpoints based on new machine identity with artificial intelligence. According to Forrester, machine identification spreads by 2X or more factors than humans. In a recent survey of 1,000 CIOs by Venafi, a 42% Annual increase in the number of machine identifiers in the average enterprise by more than 250,000 by the end of 2021. These factors together Economic losses between $ 51.5-71.9 billion can be attributed to the poor protection of machine identity. CyCognito, Cisco, Delinea, Ivanti, Key Factor, Microsoft Security, venafi, ZScaler and other leading end-point security, EPP and XDR providers are accelerating machine identity management on road maps based on customer and perspective requirements. Examples of how far this field has come can be seen along the way Cisco AI Endpoint Analytics uses a machine learning component that helps create endpoint fingerprints to reduce unknown net endpoints in a mixed network environment. Ivanti Neurons for Discovery it also proves to be effective in providing IT and security teams with accurate, operational asset information that they can use to detect and map the relationship between services and applications and key assets that depend on these assets.

Increased cybersecurity costs and investment

The acceleration of cybercrime is changing the end point security market. Thus, it is clear that RSA has chosen ‘transformation’ as its main topic. Transformation explains exactly what happens with more complex, organized ransomware, malware, and endpoint attacks.

Cybersecurity startups continue to receive funding from venture capitalists, and private equity companies have clear roadmaps for vendors who want to join new organizations. More than 880 Cybersecurity startups at Crunchbase25% have received additional funding rounds in the last twelve months, and 47 have identified themselves as the first AI platform designed to protect mobile device and machine identities and endpoints.

Infinite point is one of the most interesting startups considering its approach to device identity and machine identification management as a service. Considering how quickly each organization generates machine identifications during day-to-day operations, endpoints are one of the most challenging areas of security today. Infinipoint provides single-entry access integrated with risk-based policies and one-click correction for incompatible and sensitive devices.
Gartner predicts End-user spending for the information security and risk management market will increase from 2021 to 2026 at a compound annual growth rate of 10.4% to $ 254.1 billion. It is also projected that by the end of 2023, 95% of EPP platforms will be cloud-based. Based on the EPP providers participating in RSA 2022, the second forecast is close to reality today.