This article is part of a VB special issue. Read the full series here: Intelligent Security

CISOs’ time and teams are stretched too thin, keeping remote and hybrid workforces as well as the fast-growing number of machine-based endpoints secure from new, unpredictable attack patterns. Cybersecurity professionals, including CISOs, are doubtful their existing endpoint security systems can thwart an advanced attack. Fifty-five percent of cybersecurity professionals estimate that more than 75% of endpoint attacks can’t be stopped with their current systems, based on a survey by Tanium.

Security teams admit they’re behind on patches and often don’t know if a patch will create a collision at the endpoint, leaving it less secure than before. Only 29% of security teams are very confident that the patches they’re installing with stop a breach. The hardest hit by cyberattacks and ransomware last year are also among the slowest to complete endpoint patching. Absolute’s 2021 Endpoint Risk Report found that retailers are on average 101 days out of date on patching endpoints, followed by healthcare at 78 days and financial services at 69 days. Self-healing endpoints are a growth catalyst for the endpoint protection platform (EPP) market, which is predicted to grow from $16 billion in 2022 to $26.4 billion in 2025, attaining an 18.1% Compound Annual Growth Rate (CAGR) in just three years. This makes it one of the fastest-growing markets in the cybersecurity industry.

Enterprises that procrastinate about patch management give cybercriminals the time to weaponize new endpoint attack strategies. Most IT and security professionals say patching takes a backseat to other tasks. Ivanti’s recent survey found that 71% of IT and security leaders say it’s overly complex, cumbersome, and time-consuming. Fifty-seven percent say remote work and decentralized workspaces make a challenging task even more difficult.

6 ways AI brings greater resilience to endpoints  

Self-healing endpoints differ by their self-diagnostics, combined with their ability to regenerate their operating system and apps, while using AI and ML to identify suspected or actual breach attempts and thwart them. They’re regenerative by design to achieve greater resilience. Self-healing endpoints shut themselves off, re-check all OS and application versioning, and then reset themselves to their specific configuration. All these activities happen autonomously while providing real-time tracking of events.

Event

MetaBeat 2022

MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Register Here

CISOs tell VentureBeat that building a business case for self-healing endpoints often involves factoring in ITSM cost and time savings, reduced security operation workloads, asset losses, and improved audit and compliance. VentureBeat sees the urgent need for endpoint security vendors to deliver greater visibility and control, more efficient workflows for rolling back malicious changes and more flexibility in re-configuring endpoints automatically back to correct configurations. A core part of CISOs’ zero trust security strategies center on endpoint security, which are pivotal to current and planned digital business initiatives.  

AI and ML techniques are proving to be effective core technologies for self-healing endpoints due to the following factors:

  • AI-based endpoints can flex faster to stop complex attacks and self-heal after. CISOs tell VentureBeat that AI and ML-based endpoints can be trained to identify when attackers attempt to poison their algorithms with deliberately misleading attack data. They’re also able to identify when misleading data attempts to redefine classifications across models – all meant to throw the endpoint off a potential breach. Endpoint algorithms know the sequences of a rebuild to the operating system level, enabling autonomous self-healing – and averting a time drain on ITSM service desks. They’re also able to scale patch management across the entire fleet of devices more efficiently than any manual or previously automated approach could. 
  • Three key questions CISOs need to ask potential endpoint vendors. Over 70 cybersecurity vendors are promoting their AI and ML-based self-healing endpoint systems and platforms today. Unfortunately, finding the endpoint vendors who can deliver is difficult. In all fairness, there’s a wide spectrum of AI and Ml use cases for self-healing endpoints today. The challenge is to find the approach that works best for your organization. The three questions to ask are:
    • Specifics on data sets used for model training. Ask the vendor to provide an overview of the volume and variety of data sets they’re training their models with. Ask how these data sets are helping to reduce false positives and identify actual breach attempts. What are their track record training models? 
    • Is the data from only a given industry or cross-industry global or just from your country? The more diverse the industry coverage in the data set, the greater the chance breach attempts will be caught. 
    • How can I retrain classifiers and algorithms at scale? Cloud platforms’ scalability is an advantage on this requirement – and it’s good to check and see if the vendors you’re considering for endpoint security have that capability.  
  • They’re harder to evade versus rules-based endpoints. IT and cybersecurity teams find that the latest generation of AI-based endpoints is easy to deploy. However, they’re a challenge to fine-tune as synthetic data is a work in progress. Despite their limitations, AI-based endpoints are more resilient than their rules-based counterparts because they’re designed to identify and act on anomalies faster.  
  • It helps set a high bar for vendor innovation. Table stakes are for self-healing endpoints that can regenerate themselves after an attack either purely through software or from being embedded in the BIOS. Arguably being embedded into the firmware of an endpoint is the most reliable approach there is to achieving greater resilience. Absolute resilience is factory-embedded in firmware by 28 device manufacturers today, making it the world’s only firmware-embedded endpoint visibility and control platform. Keeping up with the many changes to firmware across their manufacturing partners while providing predictive analytics of endpoint health is innovative. Today, AI and ML future releases are on the roadmaps of the more than 70 different software-based self-healing endpoint providers. 2022 will be a pivotal year for innovation in the self-healing endpoint security market. 
  • Cloud platforms are proving to be a faster, more secure onramp for self-healing endpoints. Microsoft, McAfee, Broadcom, and CrowdStrike dominate the endpoint security market, and each of them has been delivering self-healing endpoint security systems on the cloud for years. When it comes to Endpoint Detection and Response (EDR), CrowdStrike is the market leader. Microsoft leads the broader endpoint protection platform market. Microsoft rebranded ATP to Microsoft Defender for Identity earlier this month, and together with CrowdStrike Falcon, Ivanti Neurons, Symantec Endpoint Protection, Sophos Intercept X, Trend Micro Apex One, ESET Endpoint Security, Kaspersky Endpoint Security, McAfee Endpoint Security, and several others, these vendors all are emphasizing cloud-first deployment strategies today. Each of them relies on AI and ML to differentiate themselves from each other by finding new approaches to reduce attackers’ attempts at misdirecting models with adversarial inputs, using generative adversarial networks and developing new approaches to stop attackers from poisoning data. 
  • Reduce ITSM costs and improve compliance at the same time. Self-healing endpoints that include AI and ML eliminate IT Help Desk backlogs by keeping endpoints up-to-date. Reducing the call volume on IT Help Desks can save over $45K a year, assuming a typical call takes 10 minutes and the cumulative time savings in 1,260 hours saved by the IT help desk annually. The more AI-enabled an endpoint is, the more automated audit and compliance reporting become. The Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and the Payment Card Industry Data Security Standard (PCI DSS) all require periodic IT audits. The time and cost savings of automating audits by organizations vary significantly. It’s a reasonable assumption to budget at least a $67K savings per year in audit preparation costs alone. 

The future of self-healing endpoints

With IT and security teams stretched thin already, CISOs and CIOs need to add thousands of new endpoints to secure their growing remote and hybrid workforces. According to Forrester, their workloads are compounded with new machine identities growing twice as fast as the human ones. CISOs tell VentureBeat that the most valuable aspect of AI and ML in endpoint security is how reliable and resilient self-healing endpoints are becoming. CISOs want greater visibility and control, more efficient workflows for rolling back malicious changes and more flexibility in re-configuring endpoints automatically back to correct configurations. Add to that the need for more detailed, real-time asset management data and the future of self-healing endpoints is moving in an AI-driven direction.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.