How do artificial intelligence and endpoint security equal the latest way to stop the nastiest threats out there – ransomware, identity theft and DDoS? It all started with our liberation…
Oh, how our work lives have changed over the space of the last few decades. You came to work, you logged onto the company PC that was chained to your desk, one that was ported to the on-premises company network, overseen by the diligent and friendly company IT administrator. You went home, went on a trip and forgot to bring a document or a spreadsheet? Tough luck; you’re not connected to your office network probably and if you were, it was a nightmare to work with. But on a security level it was certainly rosier: nothing bad went in, nothing bad went out.
Then people got a life. They wanted to be mobile. They wanted to work remotely, be on the road, work from home, check emails on a beach. They wanted to be on mobiles, laptops and tablets. We are the BYOD (Bring Your Own Device) Generation and it’s created not only great productivity, but incredible worker satisfaction as well. A full 95% of companies allow for employees to use their tablets, laptops and phones outside of work with 76% of managers stating that BYOD boosts productivity according to research by BMC.
While all that liberation from the office [group cheer] was great for workers, it was terrible for security, every device a point of entry for malware to the network and an infected network making all devices connected to it vulnerable. Of those 300 million smartphones and tablets connected to work networks, only 36% of that traffic is secure. The traditional firewall model where the internal network was secure from outside threats using signatures, antivirus and other security solutions had to cope with a sobering reality: BYOD was the vector of threat, literally tunnels of vulnerabilities in both directions.
Enter the new paradigm. Endpoint security – looking at those BYODs as they travel across time and space, over unsecured WiFi networks and the like –has become the new battleground for networks to stay secure. It’s a massively growing space, set to top USD17bln by 2020, as BYOD and remote login become the standard way of working. “Of course it would be great if everyone stayed safely behind a firewall… but that’s not the reality of how we work and live. But with ransomware and malware exploding, it’s not an option to ignore that our devices are a high point of vulnerability,” says Andreas Åsander, product marketing manager at Clavister as the company goes live with its endpoint client.
One of the critical differences between the traditional paradigm of fireballing and the new one of endpoint is the difference between signatures, infected files and comparative threats – using information you have gathered to determine the threat at hand – and one of sandboxing, behaviour and the emergence of artificial intelligence (AI) to create a far quicker reacting and advanced protection. “It is as much about prevention as it is tracking and the impact of machine learning and AI on this such as the recent example of a hackers using ransomware and locking hotel guests put of their hotel rooms remotely demanding a Bitcoin payment to release the system. How do we company executives need to respond to this?” queries Prof. Mark Skilton, Professor of Practice in Information Systems Management & Innovation, Warwick Business School UK, Author and Digital Expert nervously. The answer is to shift the paradigm from a inside/outside threat landscape to a outside/inside/outside model that works on endless doors as analogy, not simply large drawbridges. “Customers will get the best of the endpoint client’s capabilities to detect – not simply corrupted files – but actual behaviours that are more of the marker of the new malware, fighting them with AI technology and not simply signatures,” Åsander explains of the new endpoint’s evolution over sandboxing which was the market buzz only a few year’s ago.
With AI as a backbone, company’s like Bitdefender (the OEM partner for Clavister’s endpoint solution and acknowledged as the market leader with over 500 million endpoints secured) are using AI to be far more reactive to threats, using machine learning as well as traditional cyber intelligence. With 220 million malwares a day floating on the web, such a high speed approach is the only way to keep abreast of the changing threat landscape. “Artificial intelligence algorithms have already replaced a great deal of human analysts, as they’re able to go through large amounts of data a lot faster than their human counterpart. Automating repetitive tasks that were previously handled by security researchers allowed specialists to focus on either developing new security tools or create more accurate and reliable machine learning algorithms,” explains Andrei Taflan, Global PR Manager at Bitdefender.
Still, while AI and Cognitive Security Operation Centres (SOC) are being more and more incorporated into the battle, human oversight and instincts are assets that won’t disappear anytime soon. “Combining the unique abilities of man and machine intelligence will be critical to the next stage in the fight against advanced cybercrime,” IBM Security vice president of development and technology Denis Kennelly has said, making the case for a heavy AI approach with human oversight. “Although currently man and algorithms work together in identifying threats, one goal has been to create a truly self-teaching and security-centric artificial intelligence that’s able secure endpoints and infrastructures unsupervised. However, until that happens – if ever – the future of endpoint security will always include more than just relying on a single technology, but actually several other security and technology layers that mitigate a wide range of possible attack vectors. AI will definitely continue to play a vital role in the future of endpoint security, but the human component is unlikely to ever go away,” says Taflan optimistically.