AI Brings Greater Resilience to Self-Healing Endpoints

Join today’s top leaders online at the Data Summit on March 9. Register here.


CISOs’ time and teams are overstretched, protecting remote and hybrid workforces and the growing number of machine-based endpoints from new, unpredictable attack patterns. Cybersecurity professionals, including CISOs, doubt that their existing endpoint security systems can thwart an advanced attack. Fifty-five percent of cybersecurity professionals believe that more than 75% of endpoint attacks cannot be stopped with their current systems, according to a Tanium survey.

Security teams admit they’re behind on patches and often don’t know if a patch will create a collision at the endpoint, leaving it less secure than before. Only 29% of security teams are completely confident that the patches they install stop a breach. Those hardest hit by cyberattacks and ransomware last year are also among the slowest to complete endpoint updates. Absolute’s 2021 Endpoint Risk Report found that retailers are on average 101 days outdated on endpoints, followed by healthcare at 78 days and financial services at 69 days. Self-healing endpoints are a growth catalyst for the Endpoint Protection Platform (EPP) market, which is expected to grow from USD 16 billion in 2022 to USD 26.4 billion in 2025, reaching a growth rate annual compound (CAGR) of 18.1% in just three years. This makes it one of the fastest growing markets in the cybersecurity industry.

Organizations that procrastinate on patch management give cybercriminals time to weaponize new endpoint attack strategies. Most IT and security professionals say that patching takes precedence over other tasks. Ivanti’s recent survey found that 71% of IT and security leaders say it’s too complex, tedious, and time-consuming. Fifty-seven percent say remote work and decentralized workspaces make a tough job even harder.

6 Ways AI Brings Greater Endpoint Resilience

Self-healing endpoints differ in their self-diagnosis, combined with their ability to regenerate their operating system and applications, while using AI and ML to identify suspected or actual breach attempts and thwart them . They are regenerative by design to achieve greater resilience. Self-healing endpoints shut down, recheck all OS and application versions, and then reset to their specific configuration. All these activities take place autonomously while ensuring real-time monitoring of events.

CISOs tell VentureBeat that crafting a business case for self-healing endpoints often involves considering ITSM time and cost savings, reduced security operations workloads, lost data, and more. assets and improving audit and compliance. VentureBeat sees the urgent need for endpoint security vendors to provide greater visibility and control, more efficient workflows for undoing malicious changes, and more flexibility in automatically reconfiguring endpoints to the correct configurations. A core element of CISO zero-trust security strategies centers around endpoint security, which is critical to current and planned digital business initiatives.

AI and ML techniques prove to be effective core technologies for self-healing endpoints due to the following factors:

  • AI-powered endpoints can adapt faster to stop complex attacks and self-repair afterwards. CISOs tell VentureBeat that AI and ML-based endpoints can be trained to identify when attackers attempt to poison their algorithms with deliberately misleading attack data. They are also able to identify when misleading data attempts to redefine classifications between models, all in an effort to steer the device away from a potential breach. Endpoint algorithms know the sequences of an OS-level rebuild, enabling autonomous self-healing and avoiding wasted time on ITSM service desks. They are also able to scale patch management across the entire device fleet more efficiently than any manual or previously automated approach.
  • Three key questions CISOs should ask potential device vendors. Today, more than 70 cybersecurity vendors are promoting their AI and ML-based self-healing systems and platforms. Unfortunately, it is difficult to find terminal suppliers capable of delivering. In fairness, there is a wide range of AI and ML use cases for self-healing endpoints today. The challenge is to find the approach that works best for your organization. The three questions to ask are:
    • Details of the datasets used for training the model. Ask the vendor to provide an overview of the volume and variety of datasets with which they train their models. Ask how these datasets help reduce false positives and identify actual breach attempts. What are their antecedent formation patterns?
    • Is the data for a given industry or cross-industry globally or only from your country? The more diverse the industry coverage in the dataset, the more breach attempts will be detected.
    • How can I recycle classifiers and algorithms at scale? The scalability of cloud platforms is an advantage for this requirement – and it’s good to check and see if the vendors you are considering for endpoint security have this capability.
  • They are harder to avoid than rule-based terminals. IT and cybersecurity teams are finding that the latest generation of AI-powered endpoints are easy to deploy. However, refining them is difficult because synthetic data is a work in progress. Despite their limitations, AI-based endpoints are more resilient than their rule-based counterparts because they are designed to identify and act on anomalies faster.
  • This helps set the bar high for supplier innovation. The table stakes are for self-healing endpoints that can regenerate after an attack, either through software alone or by being built into the BIOS. Embedding an endpoint in firmware is arguably the most reliable approach to achieving greater resiliency. Absolute resiliency is factory-built in firmware by 28 device manufacturers today, making it the only firmware-built endpoint visibility and control platform in the world. Tracking numerous firmware changes at their manufacturing partners while providing predictive analytics of endpoint health is innovative. Today, future releases of AI and ML are on the roadmaps of more than 70 vendors of software-based self-healing terminals. 2022 will be a pivotal year for innovation in the self-healing endpoint security market.
  • Cloud platforms are proving to be a faster and more secure on-ramp for self-healing endpoints. Microsoft, McAfee, Broadcom, and CrowdStrike dominate the endpoint security market, and each of them has offered cloud-based, self-healing endpoint security systems for years. When it comes to endpoint detection and response (EDR), CrowdStrike is the market leader. Microsoft leads the broader endpoint protection platform market. Microsoft renamed ATP to Microsoft Defender for Identity earlier this month, and along with CrowdStrike Falcon, Ivanti Neurons, Symantec Endpoint Protection, Sophos Intercept X, Trend Micro Apex One, ESET Endpoint Security, Kaspersky Endpoint Security, McAfee Endpoint Security and more others, these vendors are all emphasizing cloud-first deployment strategies today. Each of them relies on AI and ML to differentiate themselves from each other by finding new approaches to reduce attackers’ attempts to hijack models with conflicting inputs, using generative adversarial networks and developing new approaches to prevent attackers from poisoning data.
  • Reduce ITSM costs and improve compliance at the same time. Self-healing endpoints that include AI and ML eliminate IT help desk backlogs by keeping endpoints up to date. Reducing call volume on IT help desks can save over $45,000 per year, assuming a typical call takes 10 minutes and the cumulative time savings of 1,260 hours are saved by the IT help desk every year. The more AI-enabled a device is, the more automated audit and compliance reporting becomes. Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and Payment Card Industry Data Security Standard (PCI DSS) all require periodic IT audits. The time and cost savings associated with automating audits by organizations vary widely. It is a reasonable assumption to budget at least $67,000 in savings per year in audit preparation costs alone.

The future of self-healing endpoints

With IT and security teams already stretched thin, CISOs and CIOs need to add thousands of new endpoints to secure their growing remote and hybrid workforce. According to Forrester, their workloads are compounded by new machine identities that grow twice as fast as human identities. CISOs tell VentureBeat that the most valuable aspect of AI and ML in endpoint security is the reliability and resilience of self-healing endpoints. CISOs want increased visibility and control, more efficient workflows to roll back malicious changes, and more flexibility to automatically reconfigure endpoints to the correct configurations. Add to that the need for more detailed, real-time asset management data, and the future of self-healing endpoints is moving in an AI-driven direction.

VentureBeat’s mission is to be a digital public square for technical decision makers to learn about transformative enterprise technology and conduct transactions. Learn more

About Yvonne Lozier

Check Also

US Marshals case sheds light on police cellphone tracking

The cellphone tracking tool a federal agent allegedly used to track a former girlfriend may …