How AI and bots strengthen endpoint security

We’re excited to bring Transform 2022 back to life on July 19th and virtually July 20-28. Join AI and data leaders for sensible conversations and exciting networking opportunities. Register today!


Rapidly growing ransomware, malware, and endpoint-directed breach attempts are reshaping the threat landscape in 2022. It is fitting that the theme of RSA Conference 2022 ‘Transform,, Because new threats continue to call for rapid changes in endpoint security.

CISOs and CIOs are transforming their cloud infrastructure and hybrid cloud strategies, internally accelerating Devops to produce new apps and platforms, and more software-a-service than ever before to meet time-to-market goals. ) Relies more on apps. RSAC 2022 is dominated by vendors promoting Cloud Security, Extended Detection and Response (XDR) and Zero Trust.

The Cloud Security Alliance (CSA) released its latest survey results during RSA 2022, which further outlines the steady growth of zero trust. The research is based on interviews with 823 IT and security professionals, including 219 C-level executives. As a result, 80% of C-Suite executives prioritize zero trust in their organizations and 94% are implementing it. In addition, 77% are increasing their spending on zero trust over the next 12 months.

    The final point and improvement in device security is where most organizations say their approach to implementing a zero-trust framework is the most mature.
The final point and improvement in device security is where most organizations say their approach to implementing a zero-trust framework is the most mature.

Cyber ​​security is a data problem

Analysis of real-time and historical data underscores why cybersecurity is the first data problem to uncover, detect and thwart breach attempts. CISOs, CIOs and their teams need access to more historical data. Bot-based approaches to endpoint security require more data to fine-tune AI and machine learning (ML) models. The key recommendations of RSA 2022 and the breakout sessions highlighted how much data is needed to improve cyber security defenses. The launch of Asset Graph by Crowdstrikes and the successful integration of its Humio acquisition into Humio for Falcon demonstrates the high priority of their customers and their potential place in reality. -Time telemetry data and long term data archiving.

Microsoft’s Vasu Jakkal, corporate vice president for Microsoft Security, Compliance, Identity and Privacy, emphasized the importance of data in cybersecurity and the potential AI and ML to secure every business. Her insightful keynote, innovation, ingenuity and inclusiveness: the future of security is now, worth seeing. She told the audience that Microsoft protects 785,000 customers globally, including their digital assets, which gives them a closer look at the rapid pace and sophistication of attacks. “And what we’re seeing is this rapid acceleration in attacks; there are 921 attacks per second, twice as many as we saw last year, billions and billions of attacks that year,” she said.

Microsoft's Vasu Jakkal, corporate vice president for Microsoft Security, Compliance, Identity and Privacy, gave examples of why AI and machine learning are needed to secure an enterprise.
Microsoft’s Vasu Jakkal, corporate vice president for Microsoft Security, Compliance, Identity and Privacy, gave examples of why AI and machine learning are needed to secure an enterprise.

Microsoft is one of the leaders in the Endpoint Protection Platform (EPP) market, and the Microsoft 365 Defender is one of the most advanced AI-based self-healing endpoint systems available. All Microsoft 365 Defender products share a common cloud-hosted console, support for built-in data leaks and APIs, allowing unified threat hunting.

“AI is an incredible, incredibly effective way to process and classify large amounts of data to determine what is good and what is bad. At Microsoft, we process 24 trillion signals every day and that is identification and endpoints and devices and collaboration tools and much more, “said Vasu Jakkal, corporate vice president for security, compliance, identity and privacy at Microsoft.” Without AI, we can’t. Face it. ”

Improve endpoint security with AI and bots

Of the more than 30 endpoint security vendors featured on the RSA this year, most focus on the three main areas of risk management. Reducing attack surfaces, improving identity risk detection and response, and reducing digital supply chain risk dominate the roadmap of endpoint security vendors today.

Key ways to improve endpoint security with AI and bots today include:

  • Step-by-step benefits in AI-based behavior analysis and real-time authentication. Blackberry CylancePERSONA, Broadcom, CrowdStrike, CyberArk, Cybereason, Ivanti, Kaspersky SentinelOne, Microsoft, McAfee, Sophos, VMWare, Carbon Black and other leading endpoint security vendors have invested heavily in R&D and have expanded their manufacturing strategies. Is. For example, during her keynote, Jacqueline stated that the goal is to use AI and machine learning to identify patterns and identify discrepancies in real-time, then take precautionary measures against threats. Microsoft 365 Defender does this in real-time by correlating threatening data from email, endpoints, identity and applications. In addition, Radware Bot Manager combines behavioral modeling, objective analysis, mass bot intelligence, and fingerprinting, further reflecting the step-by-step benefits in this area of ​​endpoint security.
  • Boat-based patch management is becoming more intelligent, Improving the prediction accuracy of bots and the ability to distinguish which endpoints, machines and systems need to speed up which patches, as seen from the RSA presentations. Achieving greater predictive accuracy is the basis of patch management moving beyond its inventory-intensive era. The future of ransomware discovery and elimination is data based. Nyaki Nayyar, President and Chief Product Officer of Ivanti, provided a detailed presentation on the most common software bugs that lead to ransomware attacks, vulnerability chaining and updates on the Ivanti Neurons platform. In addition, she provided insights into how even neurons for risk-based patch management are becoming more contextually intelligent and have visibility across all endpoints, including cloud and on-premise-based, all in a single interface.

Ivanti is also designed with custom patch configurations that define the characteristics of patch deployment and forces the Ivanti neurons agent on the device to run independently on a set schedule. Nike also explained how the Neurons patch for Microsoft Endpoint Manager (MEM) extends existing Microsoft Intune implementation to include third-party application updates. Nike says its threats and patches help intelligence agencies properly prioritize the prevention of third-party software vulnerabilities.

    Bot-based patch management is becoming more context-wise and able to measure endpoint vulnerabilities, as Evanti has shown with its latest update on the RSA.
Bot-based patch management is becoming more context-wise and able to measure endpoint vulnerabilities, as Evanti has shown with its latest update on the RSA.
  • Discover, secure and operate new machine identification-based endpoints with AI. According to Forrester, the identity of a machine is being spread faster than a human by a factor of 2X or more. A recent survey by Wenafi of 1,000 CIOs found an average enterprise of 42% annual growth by the end of 2021 with over 250,000 machine identities. Collectively, these factors cause economic losses of between $ 51.5 billion and $ 71.9 billion. Thanks to weak machine identity protection. CyCognito, Cisco, Delinea, Ivanti, KeyFactor, Microsoft Security, Venafi, ZScaler and other leading endpoint security, EPP and XDR providers are accelerating machine identification management on their roadmap based on customer and prospect needs. Examples of how advanced this area is can be seen in the way Cisco AI Endpoint Analytics uses a machine-learning component that helps create endpoint fingerprints to reduce unfamiliar net endpoints in mixed network environments. Ivanti Neurons for Discovery is also proving effective in providing IT and security teams with accurate, actionable asset information that they can use to detect and map connections between key assets with services and applications based on those assets.

Increase in cyber security costs and investments

The rapid pace of cybercrime is changing the endpoint security market. Therefore, RSA has chosen ‘Transform’ as its main theme. Transformation speaks volumes about what’s going on with more complex, orchestrated ransomware, malware, and endpoint attacks.

Cybersecurity startups continue to receive funding from venture capitalists and private equity firms have a clear roadmap for vendors that they want to integrate into new entities. Of the more than 880 cybersecurity startups at Crunchbase, 25% have received additional funding rounds in the last 12 months and 47 define themselves as an AI-first platform designed to secure mobile device and machine identification and endpoints.

Infinipoint is one of the most interesting startups in terms of device-identification-a-service and its approach to machine identification management. This is one of the most challenging areas of endpoint security today, given how quickly each organization creates machine identities during day-to-day operations. Infinipoint offers single sign-on authentication integrated with risk-based policies and a one-click solution for non-compatible and vulnerable devices.
Gartner predicts that end-user spending for the information security and risk management market will grow at a compounded rate of 10.4% from 2021 to 2026, reaching 4 254.1 billion. It is also estimated that by the end of 2023, 95% of EPP platforms will be cloud-based. Based on EPP providers participating in RSA 2022, the second forecast is close to becoming a reality today.

Venturebeat’s mission Digital Town Square is set to become a place for technical decision makers to gain knowledge about the changing enterprise technology and practices. Learn more about membership.

Similar Posts

Leave a Reply

Your email address will not be published.