How AI can close gaps in cybersecurity tech stacks

How AI can close gaps in cybersecurity tech stacks

news image

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

Gaps in cybersecurity tech stacks, especially in endpoint security and patch management, are increasingly leaving enterprises vulnerable to attacks. CISOs are focusing on how to drive new digital revenue strategies while reducing risk and protecting virtual workforces amidst the various threats. 

From cybercriminal gangs trying to recruit AI engineers, to state-funded Advanced Persistent Threat (APT) networks capable of simultaneously launching attacks across multiple attack vectors, cybercriminals are getting smarter all the time. Studies of job ads on the dark web show that those who know how to breach web services, have AI-based hacking skills and can capture privileged access credentials are the most in-demand. 

Keeping the balance of power in check with AI 

Machine endpoints are proliferating at twice the pace of human ones and new digital revenue strategies enterprises have are expected to deliver double-digit growth in 18 months. Virtual workforces to support new digital revenue growth need new security tools that are intuitive and easy to use. CISOs are balancing these demands with the need for real-time risk management insights and improving user experiences on their applications. Solving these challenges and maintaining a balance of power against threats and risks requires data-driven AI and machine learning technologies that deliver at scale.  

AI and machine learning effectively automate tasks IT and cybersecurity departments don’t have time to get to. A few are automated endpoint security, patch management and improving supply chain security, visibility and control with the industrial internet of things (IIoT). Enterprises proactively employ and prioritize zero-trust security, starting with identity access management (IAM), privileged access management (PAM), microsegmentation and endpoint security, then struggle to keep up with endpoints and patch management. 

Using AI and machine learning brings greater intelligence to endpoint and patch management and improves risk-based vulnerability assessments. Cybersecurity providers’ sales partners are also helping to close gaps in tech stacks by providing their expertise and insights.  

Closing tech stack gaps

There are five strategies cybersecurity vendors should rely on to help their enterprise customers close widening gaps in their security tech stacks. Based on conversations with endpoint security, IAM, PAM, patch management and remote browser isolation (RBI) providers and their partners, these strategies are beginning to emerge in a dominate way among the cybersecurity landscape.  

Fast-tracking endpoint, ransomware and risk management roadmaps

Cybersecurity vendors are accelerating their launch plans in three core areas today. Endpoint security is still one of the most elusive problems for a security team to fix and it’s typical for organizations not to know where up to 40% of their endpoints are. Broadcom, CrowdStrike, McAfee and Microsoft lead the endpoint security market and each has implied in earnings and briefings that they are accelerating their roadmaps. 

An analysis of Ivanti’s roadmap reflects how vendors are moving applications up and creating larger releases faster. Ivanti released five modules on its Neurons platform, a significant accomplishment for its DevOps, engineering and product management teams. Ivanti told VentureBeat that  Ivanti Neurons Patch for MEM (Microsoft Endpoint Manager) is highly demanded by enterprises who want to automate patch management and extend Intune implementations to include third-party application update capabilities. 

Cybersecurity vendors are fast-tracking their roadmaps to improve endpoint management including IIoT sensors, Risk-Based Vulnerability Management (RBVM) and customer experiences to help enterprises close the growing gaps in their tech stacks today

Land & expand selling of zero trust with partners is a high priority. 

Cybersecurity vendors tell VentureBeat that one of the primary factors accelerating their roadmaps is reseller and partners’ demand for new cloud services to support high margin sales. On the last earnings call, George Kurtz, president, CEO and cofounder of CrowdStrike said that channel sales are core to the company.  

Further validating its high priority to rely on partners to land, expand and provide zero trust solutions through the channel, Ivanti announced Dennis Kozak had joined them today as Chief Operating Officer (COO). Dennis will oversee Ivanti marketing, global sales, customer experience and operations as COO. Mr. Kozak is a long-time channel veteran, having spent 23 years with CA Technologies, where he led organizations such as global sales, global channel sales and strategy, sales operations and global transformation to deliver a next-generation portfolio strategy. He was most recently head of global channels at Avaya, which drove approximately 70% of their total revenue.  

Mr. Kozak told VentureBeat during an interview that his goals include turning channel sales into a force multiplier of growth for Ivanti by capitalizing on the five acquisitions made over the past 16 months. Additionally, Mr. Kozak explained in an interview with VentureBeat that bringing together all acquisitions into a unified go-to-market and channel strategy is the goal. 

Quantifying risk is table stakes

Enterprises need better tools to assess risks and vulnerabilities to identify and close gaps in tech stacks. As a result, there’s a growing interest in using Risk-Based Vulnerability Management (RBVM) that can scale across cloud, mobile IoT and IIoT devices today. Endpoint Detection & Response (EDR) vendors are moving into RBVM with vulnerability assessment tools. Leading vendors include CODA Footprint, CyCognito, Recorded Future, Qualys and others. Ivanti’s acquisition of RiskSense delivered its first product this month, Ivanti Neurons for Risk-Based Vulnerability Management (RBVM). What’s noteworthy about Ivanti’s release is that it is the first RBVM system that relies on a state engine to measure, prioritize and control cybersecurity risks to protect enterprises against ransomware and advanced cyber threats. Ivanti also developed proprietary Vulnerability Risk Ratings (VRR) that quantify adversarial risk so enterprises can identify and thwart risks before breaches occur.  

Ivanti’s approach to Risk-Based Vulnerability Management combines machine learning models from RiskSense and the Ivanti Neurons platform to create a single, unified view of known vulnerabilities. 

Doubling down on endpoint security as a core product strategy

Fast-tracking endpoint security applications and platforms are also helping to close the gaps in tech stacks today. All leading cybersecurity vendors either have announced or will shortly announce self-healing endpoints. A recent Tanium survey found that only 29% of security teams are confident the patches they’re installing will stop a breach. Absolute’s 2021 Endpoint Risk Report found 12.9 mission-critical applications per enterprise device, 11.7 of which are security controls. Absolute’s report found that the greater the endpoint complexity, the greater the risk of applications conflicting, colliding and canceling, leaving endpoints less secure. 

Ivanti’s recent survey on patch management found that 71% of IT and security professionals found patching to be overly complex and time-consuming and 53% said that organizing and prioritizing critical vulnerabilities takes up most of their time. Ivanti’s launch last week of their Neurons Patch for MEM reflects the future of AI-based patch intelligence for endpoint security by relying on AI-based bots to identify which patches most need updating. Additional vendors providing AI-based endpoint protection include Broadcom, CrowdStrike, SentinelOne, McAfee, Sophos,  Trend Micro, VMWare Carbon Black,  Cybereason, etc. 

Digital experiences need to drive greater productivity

Improving how intuitive any security application is to use increases productivity and reduces risks. Enterprise applications are known for being a challenge to use, however. Apple, known for its intuitive designs, relies on metrics and analytics combined with design principles to streamline each new application and system. No standard comes close to Apple’s success in this area in enterprise software. 

It’s encouraging to see cybersecurity vendors take on the challenge of using AI to improve user experience. Ivanti launched their Digital Experience Score within Ivanti Neurons Workspace last week. CIOs’ most common request from users is to improve application usability to drive greater security productivity and operational agility. Ivanti’s Digital Experience Score provides a 360-degree view and real-time insights into the devices, operating systems, networks and applications employees rely on in their virtual workspace. 

Ivanti claims it gets organizations out of using ticket counts as a proxy for employee experience, as closing tickets alone is not the service-level agreement (SLA) that needs to be measured; rather, organizations need to quantify how effective IT and digital experiences (XLAs) are and seek new ways to improve them. Machine Learning algorithms to produce a combined metric of holistic the users’ digital experience. 

Calculating and using AI to identify ways to improve Digital Experience Scores is the future of enterprise software and cybersecurity applications specifically. 

Quantifying risks 

The severity, speed and sophistication of cyberattacks are increasing quickly. CIOs and CISOs know they need to rely on more advanced technologies, including AI and machine learning, to keep on top of split-second attacks that can take down their networks. With cybercrime gangs recruiting AI engineers out of school and state-sponsored cyberattacks becoming more common, AI and machine learning’s potential to thwart breach attempts and sophisticated attacks is becoming more proven.

Cybersecurity vendors accelerate their product roadmaps with hardened, more data-driven applications, while AI platform players are looking to land and expand in partner strategies. Quantifying risks is now table stakes and every cybersecurity vendor in the endpoint security or adjacent markets is introducing self-healing endpoints. Cybersecurity tech stacks need AI to identify how best to thwart advanced attacks today and in the future.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.

Read More