FEATURE
To protect endpoints more effectively CISOs must complement traditional preventive controls with the ability to detect and respond to inevitable breaches as quickly as possible . How quickly you detect the breach – and what actions you take to contain the damage – can make the difference between an inconvenience and a disaster . The news is full of examples where attackers were able to spend weeks , or even months , moving throughout a network undetected . In order to truly secure endpoints CISOs must ensure that they can detect and respond to a breach coming from one .
Vincent Bieri , Co-Founder of Nexthink
For CISOs this means that they must truly understand what is happening on each and every endpoint at any given time . The best way to obtain this critical information is through an end-user analytics platform that enables CISOs and their teams to detect unusual system and application behavior across all endpoints . Behaviours such as a spike in network traffic , connection with suspicious websites or unknown files executing are red flags and indicators of potential danger , and security teams can recognise them before even the enduser themselves .
Additionally , an end-user experience platform can validate that protective measures are enforced , including employee awareness and supporting the business without degrading performance and usability . With this transparent end-user behaviour and endpoint performance information ,
CISOs and their teams can retrain users or strengthen technical controls before a breach occurs . For CISOs , a balance between preventative controls and breach detection and response through end-user management is the key to a strong endpoint security posture .
How is AI and Machine Learning revolutionising endpoint security ?
Dr DR Anton ANTON Grashion GRASHION , Manager , – Security MANAGER Practice – SECURITY at Cylance
PRACTICE AT CYLANCE
It ’ s an easy question to answer . One of the key difficulties associated with endpoint security and , in fact , cybersecurity in general , is the presence and effect of ‘ unknown unknowns ’. When assessing risks to an organisation , it is these unknown unknowns that can lead to the underestimation of risk .
As an example , we can ’ t be sure what the next malware threat will look like , which is why signatures have to be propped up with all manner of other , mostly reactive , technologies . For the same reason , organisations require skilled operatives to sift through the large volumes of alerts that their EDR systems generate . What we have created is a huge number of barking dogs and not all alerts are worthy of exploration .
How AI and ML reverse this situation is made possible by the progress that researchers have made in algorithmic science , as well as the rise of Big Data analytic processing capabilities .
With the centralised analysis of hundreds of millions of file binaries ( both known ‘ good ’ and ‘ bad ’ samples ) collected from public and private malware repositories , the solution then extracts millions of features from each of these files and applies Artificial Intelligence and Machine Learning techniques to build highly accurate mathematical models . The models identify what are statistically good and bad features or combinations of features and are deployed to the endpoint in an extremely lightweight client .
When placed at the heart of a solution – as opposed to being an afterthought bolted on to legacy technology – AI and Machine Learning deliver predictive prevention and allow us to get ahead of the threat curve , especially for zero-day attacks , for the first time . This is a true revolution in endpoint security .
No longer do we need a first victim in order to craft , all too slowly , a signature . No longer do we need to allow the threat to detonate and then track indicators of compromise , chasing complexity into the network . Instead we can assess the threat in milliseconds , pre-execution and stop it before it creates cascading and correlated issues to the security teams .
This not only revolutionises endpoint security but also completely re-maps the economics of cybersecurity by liberating expensive and scarce human resources from their detect and respond duties to those problems that are best solved by human expertise .
Deploying an advanced ML / AI endpoint solution also reduces the number of help
Dr Anton Grashion , Manager – Security Practice at Cylance
desk tickets and improves productivity by being extremely lightweight in terms of resource usage ( 1 % to 2 % CPU 40 to 40MB of memory ).
Add to this the benefit of not requiring a cloud connection , enabling work in airgapped environments and not needing time-wasting daily updates , it is clear that AI and ML can truly revolutionise endpoint security . u www . intelligentciso . com | Issue 05
39