To learn how to successfully innovate and achieve efficiency by scaling citizen developers, check out the on-demand sessions from the Low-Code/No-Code Summit. Now watch.
CISOs are confronted with a threatscape where bad actors innovate faster than security and IT teams can keep up with the onslaught of attacks. Artificial intelligence and machine learning are proving to be effective in increasing response speeds and securing projects under construction.
Artificial intelligence is incredibly effective in determining what is good and what is bad from large amounts of data. At Microsoft, we process 24 trillion signals every single day, and that is across identities and endpoints and devices and collaboration tools. Vasu Jakkal, corporate vice president for Microsoft security, compliance, identity, and privacy, spoke at the RSA Conference earlier this year.
AI helps close skills gaps, growing the market
Artificial intelligence and machine learning are expected to have a big year in cybersecurity. Smaller teams can achieve economies of scale with the help of both technologies. IT executives are using or considering using Artificial Intelligence and Machine Learning to strengthen their cybersecurity tech stacks. More than 70% of IT executives have implemented artificial intelligence for security in at least one of their life cycle processes, and 29% are evaluating vendors.
CISOs tell VentureBeat that the need to get more revenue related projects done with fewer people is one of the main factors driving adoption. The cybersecurity skills shortages that put organizations at a higher risk of breaches are being solved by the use of artificial intelligence and machine learning. 3.4 million more cybersecurity workers are needed to secure assets effectively according to a study.
There is a security summit.
On December 8th, learn the critical role of Artificial Intelligence and Machine Learning in cybersecurity and industry case studies. Register for a pass today.
CISOs need real-time data insights from artificial intelligence and machine learning systems to fine- tune their models, gain aholistic view of their networks, and continue implementing their zero-trust security framework. Spending on artificial intelligence and machine learning-based cybersecurity solutions is projected to reach a market value of $46 billion in the next ten years.
AI’s leading use cases in cybersecurity
IT teams aren’t sure how many endpoints their internal processes are creating in a given year, making it more challenging to track up to 40% of their endpoints. Endpoint discovery and asset management is the leading use case for enterprises using artificial intelligence. In three years, enterprises plan to increase their use of endpoint discovery and asset management by 15%, eventually installed in half of all enterprises.
Endpoint recovery and asset management are highly prioritized due to how poorly managed their certificates are. According to Keyfactor, 40% of enterprises use spreadsheets to track digital certificates manually, and more than 50% don’t have an accurate inventory ofSSH keys.
The use cases include vulnerability and patch management, access management and identity access management. 34% of enterprises are using artificial intelligence-based vulnerability and patch management systems today, which is expected to jump to 40% in three years.
Who CISOs trust to get it right
Artificial intelligence and machine learning are core tech stacks and products and service strategies for over 1,200 companies. Over a thousand cybersecurity vendors can use any of the above to solve security problems.
CISOs look at vendors who can help consolidate their tech stacks first. Given their limited resources, they are looking for systems and platforms that deliver measurable business value and are easy to implement. CISOs are getting quick wins.
Transactions-fraud detection, file-based malware detection, process behavior analysis, and web domain and reputation assessment are some of the common use cases. CISOs want systems that distinguish between attackers and admins. They meet the requirement of securing threat vectors while delivering operational efficiency and being technically doable.
Despite budget pressures being felt across IT and security teams, several core areas where artificial intelligence and machine learning are being funded continue to get funding. Behavioral analytics, bot-based patch management, compliance, identity access management, identifying and securing machine identities, and privileged access management are some of the areas where artificial intelligence is being used.
The following are areas where machine learning and artificial intelligence are delivering value.
Improving authentication accuracy is one of the things that is being improved with the use of AL and ML. Endpoint protection platform (EPP), endpoint detection and response (EDR) unified endpoint management (UEM), and a few public cloud providers are combining artificial intelligence and machine learning models to improve security personalization while enforcing least-privileged access Leading cybersecurity providers are integrating artificial intelligence and machine learning to adapt security policies and roles to each user in real time based on the patterns of where and when they attempt to log in, their device type, device configuration and many other variables.
Leading providers include CyberArk, Cybereason, Ivanti, and others. This approach to endpoint management reduces the risk of lost or stolen devices, as well as protects against device and app cloning and user impersonation.
Combining natural language processing and machine learning will discover and secure endpoints. Attack surface management consists of external attack surface management, cyberasset attack surface management, and digital risk protection services according to a report by Palo Alto Networks. By the year 2026, 20% of companies will have more than 85% visibility of all their assets, which will be prioritized by risk and control coverage, up from less than 1% today.
Leading vendors in this area are combining machine learning and natural language processing techniques to find, map and define endpoint security plans. Leading vendors include Cyberpion, Noetic Cyber, Palo Alto Networks and others.
Artificial intelligence and machine learning are being used to automate indicators of attack (IOAs) and fortify existing defenses. The data from the IOAs is correlated with local events and file data to assess maliciousness. CrowdStrike says that existing IOAs operate alongside existing layers of sensor defense. The company invented a platform more than a decade ago that combines cloud-native ML and human expertise on it’s IOAs. Since their introduction, IOAs have proven to be effective in identifying and foiling intrusion and breach attempts while defeating them in real time based on actual adversary behavior.
IOAs rely on cloud-native models trained using data from CrowdStrike Security Cloud and expertise from the company’s threat hunting teams. IOAs are analyzed using artificial intelligence and machine learning to provide the accuracy, speed and scale enterprises need to keep their businesses safe.
Amol Kulkarni, chief product and engineering officer at CrowdStrike, said that CrowdStrike leads the way in stopping the most sophisticated attacks with our industry-leading indicators of attack capability.
CrowdStrike is changing the game again with the addition of indicators of ttack which allow organizations to harness the power of the CrowdStrike Security Cloud to examine adversary behavior at machine speed and scale to stop breeches in the most effective way possible. IOAs using artificial intelligence have identified over 20 never-before-seen adversary patterns, which have been verified and enforced on the Falcon platform for automated detection and prevention.
Artificial intelligence and machine learning help patch management. The leading cybersecurity providers use a combination of artificial intelligence and machine learning techniques to locate, inventory and patch endpoints that need updates. Vendors aim to improve bot accuracy and ability to identify which machines need patching when evaluating the need to take an inventory-based approach to patch management
According to a recent survey by Ivanti, 70% of IT and security professionals think patching is too complex and time-Consuming, and 53% think organizing and prioritizing critical vulnerabilities takes up most of their time.
If it is going to be an effective deterrent, patch management needs to be automated. The data-driven approach helps. The president and chief product officer at Ivanti, Nayaki Nayyar, is a thought leader in this area and has presented how the most common software errors can lead to cyberattacks. During RSA, her presentation on how Ivanti Neurons for Risk-Based Patch Management provides contextual intelligence that includes visibility into all endpoints, including those that are cloud- and on-premises based, all from a unified interface, reflects how advanced bot-based match management is coming using artificial intelligence
UEM platforms vary in how advanced they are when protecting machines with least-privileged access. The most advanced UEM platforms can help enable enterprise-wide microsegmentation. The adoption of artificial intelligence and machine learning is fastest with these technologies embedded in platforms and in the firmware of the endpoints.
For machine identities, the same holds true for UEM. By using a direct, firmware-based approach to managing machine-based endpoints to enable real-time OS, patch and application updates that are needed to keep each endpoint secure, CISOs gain visibility and control of endpoints they need.
Ivanti Neurons uses artificial intelligence to find machine identities and endpoints and automatically update them. Ivanti’s approach to self-healing endpoints is also worth noting for how well it combines artificial intelligence, machine learning, and bot technologies to deliver unified endpoint and patch management at scale across a global enterprise customer base.
CrowdStrike Falcon is rated highly by G2 Crowd.
AI and ML are core to zero trust
Every enterprise will have a different approach to security. A zero-trust network access framework needs to be flexible as the business it supports changes direction. Tech stacks that sought security using interdomain controllers and implicit trust were too slow to react to changing business requirements.
It was an open invitation to a breach to rely on implicit trust.
Cloud-based security platforms that can act on network data in real time are needed. CrowdStrike’s Falcon platform, Ivanti’s approach to integrating artificial intelligence and machine learning across their product lines, and Microsoft’s approach on Defender365 are examples of what the future of cybersecurity looks like. Gaining artificial intelligence and machine learning-based insights at machine speed is what enterprises need to stay secure as they look to new business opportunities in the future.
The mission of VentureBeat is to be a digital town square for technical decision-makers to gain knowledge about technology and transact. You can learn about our briefings.