Fast-growing ransomware, malware and endpoint-directed breach attempts are reordering the threat landscape in 2022. It’s appropriate that RSA Conference 2022’s theme is 'transform,' as new threats continue to call for rapid changes in endpoint security.
CISOs and CIOs are transforming their cloud infrastructure and hybrid cloud strategies, accelerating devops internally to produce new apps and platforms, and relying more on software-as-a-service (SaaS) apps than ever before to meet time-to-market goals. Vendors promoting cloud security, extended detection and response (XDR) and zero trust dominated RSAC 2022.
The Cloud Security Alliance (CSA) released its latest survey results during RSA 2022, which further underscores zero trust's continued growth. The research is Based on interviews with 823 IT and security professionals, including 219 C-level executives. As a result, 80% of C-suite executives have prioritized zero trust in their organizations and 94% are implementing them. In addition, 77% are increasing their spending on zero trust over the next 12 months.
Cybersecurity is a data problem
Analyzing real-time and historic data to uncover, detect and thwart breach attempts underscores why cybersecurity is a data problem first. CISOs, CIOs and their teams need access to more historical data. Bot-based approaches to endpoint security need more data to fine-tune AI and machine learning (ML) models. Just how essential data is to improving cybersecurity defenses was made clear in the keynotes and breakout sessions at RSA 2022. CrowdStrikes’ launch of Asset Graph and successful integration of its Humio acquisition in Humio for Falcon reflects the high priority their customers and prospects place on real-time telemetry data and long-term data archiving.
Microsoft’s Vasu Jakkal, corporate vice president for Microsoft Security, Compliance, Identity and Privacy, emphasized the importance of data in cybersecurity and the potential AI and ML have for securing every business. Her insightful keynote, Innovation, Ingenuity and Inclusivity: The Future of Security is Now, is worth watching. She told the audience that Microsoft protects 785,000 customers globally, including their digital estate, which gives them a close view of the rapid pace and sophistication of attacks are coming. “And what we're seeing is this rapid acceleration in attacks; there are 921 attacks a second that's two times what we saw last year, that's billions and billions of attacks a year,” she said.
Microsoft’s Vasu Jakkal, corporate vice president for Microsoft Security, Compliance, Identity and Privacy, provided examples of why AI and machine learning are essential for securing enterprises.
Microsoft is one of the leaders in the endpoint protection platform (EPP) market and Microsoft 365 Defender is one of the most advanced AI-based self-healing endpoint systems available. All Microsoft 365 Defender products shared a common cloud-hosted console, support for an underlying data lake and API, allowing unified threat hunting.
“AI is incredibly, incredibly effective in processing large amounts of data and classifying this data to determine what is good and what's bad. At Microsoft, we process 24 trillion signals every single day and that’s across identities and endpoints and devices and collaboration tools and much more," said Vasu Jakkal, corporate vice president for Microsoft Security, Compliance, Identity and Privacy "Without AI, we could not tackle this.”
Improving endpoint security with AI and bots
Of the more than 30 endpoint security vendors exhibiting at RSA this year, most concentrate on three core areas of risk management. Reducing attack surfaces, improving identity threat detection and response and reducing digital supply chain risk dominate endpoint security vendors’ roadmaps today.
The main ways endpoint security is being improved with AI and bots today, include:
Ivanti has also been designed with custom patch configurations that define the characteristics of patch deployment and are pushed to the Ivanti Neurons Agent on the device to run independently on the set schedule. Nayaki also explained how Ivanti Neurons Patch for Microsoft Endpoint Manager (MEM) extends existing Microsoft Intune implementations to include third-party application updates. Nayaki says Its threat and patch intelligence help organizations properly prioritize remediation of third-party software vulnerabilities.
Growing cybersecurity spending and investment
The accelerating pace of cybercrime is transforming the endpoint security market. So, it’s prescient that RSA chose 'transform' as the main theme. Transformation speaks to exactly what’s going on with more intricate, orchestrated ransomware, malware and endpoint attacks.
Cybersecurity startups continue gaining funding from venture capitalists and private equity firms have clear roadmaps of vendors they want to consolidate into new organizations. Of the over 880 cybersecurity startups in Crunchbase, 25% received additional funding rounds in the last twelve months and 47 define themselves as an AI-first platform designed to protect mobile device and machine identities and endpoints.
Infinipoint is one of the most interesting startups, given its approach to device-identity-as-a-service and machine identity management. That’s one of the most challenging areas of endpoint security today, given how quickly every organization creates machine identities during daily operations. Infinipoint provides single sign-on authorization integrated with risk-based policies and one-click remediation for non-compliant and vulnerable devices. Gartner predicts end-user spending for the information security and risk management market will grow at a compound annual growth rate of 10.4% from 2021 through 2026, reaching $254.1 billion. It’s also predicted that by the end of 2023, 95% of EPP platforms will be cloud-based. Based on the EPP providers participating at RSA 2022, the second prediction is close to being a reality today.