Join online with today’s leading executives at the Data Summit on March 9th. Register here.
The bad guys know they just need to find an insecure machine identity and they’re in the company’s network. Their breach analysis shows that they often move sideways on systems, partitions, and servers in search of the most valuable data to extract when embedding ransomware. By scanning enterprise networks, bad artists often detect insecure machine identities. These factors are why the identity of the machine is the surface of the favorite attack today.
Why machine identification requires zero trust
Organizations are quickly realizing that they are competing in today’s world of zero-confidence, and every final point, whether human or machine-based, is their new security perimeter. The virtual workforce is here to stay, creating thousands of new mobility, device and IoT endpoints. Enterprise Edge is also expanding tech stacks to gain insights from real-time monitoring data captured using computing and IoT devices.
Forrester estimates that machine identity (including bots, robots and IoT) grows twice as fast as human identity on organizational networks. These factors add up to economic losses of between $ 51.5 billion and $ 71.9 billion due to poor machine identity security. Between 2018 and 2019 a 400% increase contributes to machine identification attacks, with between 2014 and 2019 more than 700% contributing to machine identification attacks.
Define the identity of the machine
CISOs tell VentureBeat that today they are selectively implementing AI and machine learning in areas of their endpoint, certification and key lifecycle management strategy that require more automation and scale. One example is how a financial services organization pursues a zero-trust strategy using AI-based Unified Endpoint Management (UEM) which uses AI to patch machine-based endpoints to analyze each and deliver the right patches to everyone. Keeps current.
How AI protects machine identity
According to a recent conversation with VentureBeat, the Fortune 100 company’s CISO, it’s not uncommon for an organization to know how many machine identities it has at any given time. It is understandable, however, that 25% of security leaders say the number of identities they are managing has increased by a factor of ten or more in the last year. Eighty-four percent of security leaders say the number of identities they operate has doubled in the past year. All of this translates into an increasing workload for already overloaded IT and security teams, 40% of whom are still using spreadsheets to manually track digital certificates, and 57% of enterprises do not have a specific inventory of SSH keys. Certificate outage, major misuse or theft, including over-privileges of employees who do not need it and audit failure are symptoms of major problems with machine identification and end point security.
Most CISOs with whom VentureBit speaks have a long-term zero-confidence strategy and are supported by their board of directors. The board seeks to increase new digital-first revenue by reducing the risks of cyber-attacks. CISOs are struggling with a huge workload of securing machine identities following zero trust. The answer is to automate key areas of endpoint lifecycle management with AI and machine learning.
The following five main areas are AI and Machine Learning (ML) which demonstrates the ability to secure machine identity in a growing world of zero-confidence.
- Automated machine governance and policies. Securing machine-to-machine communication begins successfully by consistently enforcing rules and policies at each endpoint. Unfortunately, this is not easy as machine identification in many organizations relies on sealed systems that provide less if any visibility and control for CISOs and their teams. A CISO recently told VentureBeat that it was disappointing to see so much innovation going on in cyber security. Today, there is not a single glass panel that identifies all machines and their operation, user policies and end point health. Vendors to look at in this area include Ericom with their ZTEdge SASE platform and their automated policy builder, which uses machine learning to create and maintain user or machine-level policies. Their clients say the policy builder is proving to be more effective at automating repetitive tasks and providing higher accuracy in policies than can be achieved otherwise. Additional vendors to watch include Delinea Microsoft Security, Ivanti, SailPoint, Venafi, ZScaler and others.
- Automatic patch management while improving visibility and control. Cyber security vendors prioritize patch management, better visibility and machine identification control as their results lead to funded business cases. Patch management, in particular, is an exciting area of AI-based innovation for machine-driven innovation today. CISOs tell VentureBeat that when there is a huge gap in asset inventories, including errors in key management databases, it is a sure sign that IT and cross-functional teams across the organization do not communicate with each other. Weakness scans need to be defined by the risk tolerance of a given organization, compliance requirements, types and classifications of asset classes and available resources. It is a perfect use case for AI and algorithms to solve complex obstacle-based problems, including the path of thousands of machines in a short time. Adopting a data-driven approach to patch management helps the enterprise defeat ransomware attacks. The leaders in this field include BeyondTrust, Delinea, Ivanti, KeyFactor, Microsoft Security, Venafi, ZScaler and others.
- Using AI and ML to find new machine identities. It is common for cybersecurity and IT teams to not know where their 40% machine endpoints are at any given time. Given the variety of devices and workloads created by IT infrastructure, many machine identities are unfamiliar due to the importance of adhering to a zero-confidence security strategy for all machine identities. Cisco’s approach is unique, relying on machine learning analytics to analyze endpoint data with over 250 features. Cisco branded the AI Endpoint Analytics service. The System Rule Library is a combination of various IT and IoT devices in the market space of an enterprise. In addition to the System Rule Library, Cisco AI Endpoint Analytics has a machine-learning component that helps you create endpoint fingerprints to reduce the number of unfamiliar endpoints in your environment when they are not available. Ivanti Neurons for Discovery is also proving to be effective in providing IT and security teams with accurate, actionable asset information that they can use to track and map the connection between key assets with services and applications that rely on those assets. Can. Additional AI ML leaders for new machine identification include CyCognito, Delinea, Ivanti, KeyFactor, Microsoft Security, Venafi, ZScaler and others.
- Key and digital certificate configuration. Arguably one of the weakest links in machine identification and machine lifecycle management, key and digital certificate configurations are often stored in spreadsheets and rarely updated in their current configurations. CISOs tell VentureBeat that the area suffers from a lack of resources in their organizations and the chronic cyber security and IT shortages they face. Each machine requires unique identification to manage and secure machine-to-machine connections and communications across the network. Their digital identity is often assigned by SSL, TLS, or authentication tokens, SSH keys, or code-signing certificates. Bad artists frequently target this area, looking for opportunities to tamper with SSH keys, bypass code-signed certificates, or compromise with SSL and TLS certificates. Helps to properly assign AI and machine learning keys and digital certificates for each machine identification on the organization’s network and address the challenges of keeping up to date. The goal is to rely on algorithms to ensure the accuracy and integrity of each machine’s identification with their respective keys and digital certificates. Leading figures in the field include Checkpoint, Delina, Fortinet, IBM Security, Ivanti, Keefactor, Microsoft Security, Wenafi, ZScaler and others.
- UEM for machine identification. The process of adopting AI and ML becomes faster when these core technologies are embedded in the endpoint security platforms already used in the enterprise. The same goes for UEM for machine identification. Adopting an AI-based approach to managing machine-based endpoints enables real-time OS, patch and application updates that are most needed to secure each endpoint. Leading vendors in the field include the flexibility of Absolute Software, the industry’s first self-healing Zero Trust platform; It is notable for its asset management, device and application control, endpoint intelligence, incident reporting and compliance with the G2 Crowds’ Crowdsourced Rating. Even neurons for UEM rely on AI-enabled bots to detect machine identification and endpoints and update them automatically, without hint. Their approach to self-healing endpoints is notable for constructively integrating AI, ML and BAT technologies to deliver UEM and patch management on a scale based on their customer base. Additional vendors rated higher by G2 Crowd include CrowdStrike Falcon, VMWare Workspace One and others.
Secure future for machine identification
The complexity of machine identification makes it a challenge to keep them at their life cycle level and more secure, further complicating CISO’s efforts to protect them as part of their zero-confidence security strategy. This is the most urgent problem that many enterprises need to address, however, only a compromised machine identity can bring down the entire enterprise network. According to CISOs, the innate powers of AI and machine learning are paying off in five key areas. First, business cases that spend more on endpoint security need data to confirm them, especially when it comes to reducing risk and ensuring uninterrupted operation. AI and ML provide data technologies and foundation results in five key areas ranging from machine governance and policies to UEM implementation. The worst ransomware attacks and breaches of 2021 began as machine identification and digital credentials were compromised. The bottom line is that every organization is competing in a world of zero-confidence, complete with complex threats to any available, insecure machine.
Venturebeat’s mission Digital Town Square is set to become a place for technical decision makers to gain knowledge about the changing enterprise technology and practices. Learn more