Bad actors know all they need to do is find one unprotected machine identity, and they're into a company's network. Analyzing their breaches shows they move laterally across systems, departments, and servers, looking for the most valuable data to exfiltrate while often embedding ransomware. By scanning enterprise networks, bad actors often find unprotected machine identities to exploit. These factors are why machine identities are a favorite attack surface today.

Why machine identities need zero trust 

Organizations quickly realize they're competing in a zero-trust world today, and every endpoint, whether human or machine-based, is their new security perimeter. Virtual workforces are here to stay, creating thousands of new mobility, device, and IoT endpoints. Enterprises are also augmenting tech stacks to gain insights from real-time monitoring data captured using edge computing and IoT devices. 

Forrester estimates that machine identities (including bots, robots, and IoT) grow twice as fast as human identities on organizational networks. These factors combine to drive an economic loss of between $51.5 to $71.9 billion attributable to poor machine identity protection. Exposed APIs lead to machine identities also being compromised, contributing to machine identity attacks growing 400% between 2018 and 2019, increasing by over 700% between 2014 and 2019

Defining machine identities 

Getting zero trust strategies to scale for machine identities is challenging given how versatile their configurations are, combined with how certificate and key management needs to be consistent across each devices' lifecycle to be effective.

CISOs tell VentureBeat they are selectively applying AI and machine learning to the areas of their endpoint, certificate, and key lifecycle management strategies today that need greater automation and scale. An example is how one financial services organization pursuing a zero trust strategy uses AI-based Unified Endpoint Management (UEM) that keeps machine-based endpoints current on patches using AI to analyze each and deliver the appropriate patch to each. 

How AI is protecting machine identities 

It's common for an organization not to know how many machine identities it has at any given moment, according to a recent conversation VentureBeat had with the CISO of a Fortune 100 company. It's understandable, given that 25% of security leaders say the number of identities they're managing has increased by a factor of ten or more in the last year. Eighty-four percent of security leaders say the number of identities they manage has doubled in the last year. All of this translates into a growing workload for already overloaded IT and security teams, 40% of which are still using spreadsheets to manually track digital certificates, combined with 57% of enterprises not having an accurate inventory of SSH keys. Certificate outages, key misuse or theft, including granting too much privilege to employees who don't need it, and audit failures are symptoms of a bigger problem with machine identities and endpoint security.

Most CISOs VentureBeat speaks with are pursuing a zero trust strategy long-term and have their boards of directors supporting them. Boards want to see new digital-first initiatives drive revenue while reducing the risks of cyberattacks. CISOs are struggling with the massive workloads of protecting machine identities while pursuing zero trust. The answer is automating key areas of endpoint lifecycle management with AI and machine learning. 

The following are five key areas AI and machine learning (ML) show the potential to protect machine identities in an increasingly zero-trust world.

    Embedded 3rd party image

    Ericom’s AI-based Automatic Policy Builder automatically creates policies for each user based on their observed behavior based on applications and machines typically accessed.  Policies can be manually adjusted and updated to create a personalized policy, enabling least-privilege access without burdening IT staff.

        Cisco's AI Endpoint Analytics platform aggregates data from various sources in the network, collates and analyzes it to build a detailed endpoint profile, and groups similar endpoints by applying artificial intelligence and machine learning (AI/ML) techniques.

            A secure future for machine identity

            Machine identities' complexity makes them a challenge to secure at scale and over their lifecycles, further complicating CISOs' efforts to secure them as part of their zero-trust security strategies. It's the most urgent problem many enterprises need to address, however, as just one compromised machine identity can bring an entire enterprise network down. AI and machine learning's innate strengths are paying off in five key areas, according to CISOs. First, business cases to spend more on endpoint security need data to substantiate them, especially when reducing risk and assuring uninterrupted operations. AI and ML provide the data techniques and foundation delivering results in five key areas ranging from automating machine governance and policies to implementing UEM. The worst ransomware attacks and breaches of 2021 started because machine identities and digital certificates were compromised. The bottom line is that every organization is competing in a zero-trust world, complete with complex threats aimed at any available, unprotected machine.