How AI, Machine Learning Will Impact Endpoint Security
MSSPs need to provide clean data and ongoing training to personnel.
January 14, 2019
By Derek Handova
AI and machine learning (ML) seem to be inundating more and more of the cloud computing space every day.
Intelligent security as a service, once thought to be an impossibility, has gone mainstream. Endpoint security, however, still seems to be at the endpoint. And while that assumption seems legitimate on the face of it, the whole truth is more nuanced and multifaceted. Before machine learning will impact endpoint security, it must first learn about the potential threats. So even as the industry builds in these intelligent capabilities, they are only as good as what they know.
Darktrace’s Justin Fier
“We’ve seen a ton of vendors rush to sprinkle machine learning into their systems and try to catch up to where the industry was five years ago,” says Justin Fier, director of cyber intelligence and analysis, Darktrace, a provider of artificial-intelligence (AI)-based cybersecurity solutions. “The problem with what the public often thinks of as AI is that it’s trained on data. It’s really hard and expensive to get the data sets – especially in security when companies are apprehensive to share threat intel – clean the data sets, and then train the model to a certain degree of accuracy.”
This complicates the concept of how machine learning (ML) will impact endpoint security, because AI and ML cloud solutions are best suited working with known quantities, whereas endpoint security involves the bad guys trying to come up with attack vectors that the good guys have not thought to defend against — in other words, an unknown.
Fidelis’ Tom Clare
“AI applies to structured environments – and security is not one of them – so we will see true AI applied to other areas in our lives before security solutions,” says Tom Clare, senior product manager, Fidelis Cybersecurity, a provider of threat detection, hunting, and response solutions. “While marketing hype promotes AI for security, [the] reality is [that] machine learning models specific use cases using attributes with reliable variances to detect outliers or anomalies. Machine learning helps both endpoint preventive and detection, and response defenses find anomalies; however, machine learning can produce false positives even with training baselines and feedback loops.”
While there is a place for how AI and machine learning will impact security, it will not happen by itself. So how will AI and ML impact endpoint security? Some AI and endpoint security experts were asked to weigh in on the topic with their informed opinions.
The 4 P’s of Security
As knowledgeable endpoint-security experts will relate, endpoint security is only one part of a multilayered defense against malicious threats and exploits of an enterprise computer system — whether in the cloud or on premises. And weaknesses or blind spots in network security can occur at any level when it comes to the fundamental four P’s: ports, privileges, passwords, and patches.
Cavirin’s Bashyam Anant
“While endpoints and users have been the traditional first mile for attackers, in our analysis, most successful breaches exploit the four P’s of open ports, loose privileges, weak passwords and missing patches in unforeseen ways,” says Bashyam Anant, head of product management, Cavirin, a cybersecurity startup.”The four P’s span the entire enterprise stack including the network, storage, databases, virtual and physical servers, containers, cloud services and applications.
So as Anant and other experts see it, for AI and machine learning to impact endpoint security, risk signals must be incorporated from across the enterprise — not just the endpoint. Fortunately, one of the most value-added propositions that MSSPs can offer their customers is …
… the ability to work through all layers of the network stack and bring them together into a protective scheme with breadth and depth, according to leading security providers.
McAfee’s Nate Jenniges
“One of the most valuable things MSSPs can offer their customers is a layered defense that aligns to a broad defensive framework,” says Nate Jenniges, senior director, corporate device security, McAfee. “This spans foundational hygiene and hardening on devices, all the way through to the most advanced behavioral analytics. Developing and implementing a complete security practice that is rationalized against adversarial techniques is where service providers can really make a difference for their clients.”
How MSSPs Will Use AI, Machine Learning to Impact Endpoint Security
Even as a supermajority of cybersecurity marketplace participants say that they are already using AI and machine learning to impact endpoint security, according to nearly three in four (73 percent) respondents in a recent report on the state of AI in security from Osterman Research, there is still work to do, as report sponsor ProtectWise concludes.
ProtectWise’s Gene Stevens
“In its current state, AI is a tool for driving efficiencies and addressing staffing, but it is not going to replace human intelligence any time soon,” says Gene Stevens, CTO, ProtectWise, provider of cloud-based network detection and response. “AI is well positioned to create machine-accelerated humans: an army of hunters and responders who use a wide array of expert systems to help unearth and prioritize critical threats. In the future, AI will become more valuable as the industry develops products that improve ease of use and capitalize on AI’s efficiency differentiators.”
This will go a long way toward addressing the weak link in the cybersecurity chain: people. Not only will AI and machine learning impact endpoint security by uncovering otherwise undetected threats, they will also improve security workers’ knowledge of these threats. But MSSPs need to train their workers to properly exploit this gain in know-how.
“Even though security pros advocate broader use of AI and ML, MSPs and MSSPs should ensure that their user communities are well trained in how to recognize and avoid cybersecurity threats,” says Hal Lonas, CTO, Webroot, the cybersecurity provider. “Training should be specific and repeated frequently to ensure that users are aware of their responsibilities. Threats evolve quickly, so too should knowledge of them.”
Read more about:
MSPsYou May Also Like