FEATURE
To protect endpoints more effectively CISOs must complement traditional preventive controls with the ability to detect and respond to inevitable breaches as quickly as possible. How quickly you detect the breach – and what actions you take to contain the damage – can make the difference between an inconvenience and a disaster. The news is full of examples where attackers were able to spend weeks, or even months, moving throughout a network undetected. In order to truly secure endpoints CISOs must ensure that they can detect and respond to a breach coming from one.
Vincent Bieri, Co-Founder of Nexthink
For CISOs this means that they must truly understand what is happening on each and every endpoint at any given time. The best way to obtain this critical information is through an end-user analytics platform that enables CISOs and their teams to detect unusual system and application behavior across all endpoints. Behaviours such as a spike in network traffic, connection with suspicious websites or unknown files executing are red flags and indicators of potential danger, and security teams can recognise them before even the enduser themselves.
Additionally, an end-user experience platform can validate that protective measures are enforced, including employee awareness and supporting the business without degrading performance and usability. With this transparent end-user behaviour and endpoint performance information,
CISOs and their teams can retrain users or strengthen technical controls before a breach occurs. For CISOs, a balance between preventative controls and breach detection and response through end-user management is the key to a strong endpoint security posture.
How is AI and Machine Learning revolutionising endpoint security?
Dr DR Anton ANTON Grashion GRASHION, Manager, – Security MANAGER Practice – SECURITY at Cylance
PRACTICE AT CYLANCE
It’ s an easy question to answer. One of the key difficulties associated with endpoint security and, in fact, cybersecurity in general, is the presence and effect of‘ unknown unknowns’. When assessing risks to an organisation, it is these unknown unknowns that can lead to the underestimation of risk.
As an example, we can’ t be sure what the next malware threat will look like, which is why signatures have to be propped up with all manner of other, mostly reactive, technologies. For the same reason, organisations require skilled operatives to sift through the large volumes of alerts that their EDR systems generate. What we have created is a huge number of barking dogs and not all alerts are worthy of exploration.
How AI and ML reverse this situation is made possible by the progress that researchers have made in algorithmic science, as well as the rise of Big Data analytic processing capabilities.
With the centralised analysis of hundreds of millions of file binaries( both known‘ good’ and‘ bad’ samples) collected from public and private malware repositories, the solution then extracts millions of features from each of these files and applies Artificial Intelligence and Machine Learning techniques to build highly accurate mathematical models. The models identify what are statistically good and bad features or combinations of features and are deployed to the endpoint in an extremely lightweight client.
When placed at the heart of a solution – as opposed to being an afterthought bolted on to legacy technology – AI and Machine Learning deliver predictive prevention and allow us to get ahead of the threat curve, especially for zero-day attacks, for the first time. This is a true revolution in endpoint security.
No longer do we need a first victim in order to craft, all too slowly, a signature. No longer do we need to allow the threat to detonate and then track indicators of compromise, chasing complexity into the network. Instead we can assess the threat in milliseconds, pre-execution and stop it before it creates cascading and correlated issues to the security teams.
This not only revolutionises endpoint security but also completely re-maps the economics of cybersecurity by liberating expensive and scarce human resources from their detect and respond duties to those problems that are best solved by human expertise.
Deploying an advanced ML / AI endpoint solution also reduces the number of help
Dr Anton Grashion, Manager – Security Practice at Cylance
desk tickets and improves productivity by being extremely lightweight in terms of resource usage( 1 % to 2 % CPU 40 to 40MB of memory).
Add to this the benefit of not requiring a cloud connection, enabling work in airgapped environments and not needing time-wasting daily updates, it is clear that AI and ML can truly revolutionise endpoint security. u www. intelligentciso. com | Issue 05
39