The future of AI and endpoint security

by Nick Evans | Jan 18, 2018 | Articles

Ensuring endpoint security has always been a key challenge for enterprises.

But whereas it was once enough to install antivirus (AV) software across a network and expect a reasonable level of endpoint protection, this is no longer the case.

With the proliferation of bring your own device policies in the workplace and the wide variety of smart devices available to end users, not to mention the growth of IoT, there are more endpoints than ever, and endpoint security has never been more under threat.

Various studies put the number of security breaches originating at endpoints between 70 and 95 per cent.

This does not necessarily imply insider threat, even though this is a big issue, it could also suggest phishing attacks are still successful.

Indeed, the 2017 Verizon Data Breach Investigations Report said that despite many warnings about the dangers of opening unknown emails and efforts to increase awareness through employee training, phishing scams continue to thrive.

According to the DBIR, 95 percent of phishing attacks that resulted in a breach were followed by a software installation, depositing malware on a system.

AV and anti-malware software is still a basic necessity, but even the best software can only react to already known threats – human intervention is needed to ensure new threats are covered.

Regular software updates aren’t enough to deal with the multiple threats facing enterprises today – cyberattacks are evolving quickly and enterprises have to play catch up to protect their end users and their valuable data.

Even teams of human security analysts could not hope to sift through all the data provided by an enterprise’s AV and anti-malware software, and most enterprises will only have a small number of individuals devoted to cybersecurity anyway.

There have also been a number of trust issues around AV, with the recent controversy over software made by Russia-based Kaspersky Labs a prominent example.

Despite being one of the largest antivirus providers in the world, Kaspersky’s software was banned for use in U.S. Government departments last September after the Department of Homeland Security alleged it could enable Russian espionage and threaten national security.

Although no solution is going to entirely protect all endpoints against all cyber threats, one option is to use artificial intelligence (AI) algorithms and machine learning.

Machine learning, which enables systems to learn from data without specific programming, could be used to gather and analyze data and identify threats that could point to enterprise level cyberattacks.

These threats could then be stopped at the endpoint before they cause any damage.

AI is many times faster than any human security analyst could ever hope to be, calculating literally millions of possibilities every second.

The best recent example was when machine learning technology was able to detect and protect many systems from last year’s WannaCry ransomware outbreak, which bypassed almost all traditional AV software and other systems.

The WannaCry attack hit over 200 thousand computers in 150 countries, including NHS computer systems in the U.K., and perfectly illustrates the need for increased and enhanced endpoint security.

The key to machine learning success currently lies in the cloud. Traditional servers are not large or fast enough to process the data and create the models needed to detect and combat attacks, but by using cloud servers the process is quicker, easier and much more affordable than ever before, bringing it into the reach of more enterprises.

Hackers are already using automated systems, machine learning and AI to create new cyber threats. Security experts think the next 12 months will see an acceleration in the adoption of machine learning by hackers as they try to carry out increasingly sophisticated phishing attacks.

However, AI antivirus solutions are still relatively thin on the ground. Although a small number of companies do offer machine learning and AI cyber threat solutions for endpoints, such as Cylance, Darktrace and Symantec, this really should become the industry standard.

Microsoft at least seems to have learned from its experience of WannaCry and is apparently turning to AI to create the next generation of anti-virus software. A recent security update incorporated machine learning from millions of computers running Windows 10, which the corporation says will create an artificial intelligence antivirus that can detect malware.

While this is a good start, the wider cybersecurity industry must wake up to the AI imbalance and address it quickly if we are to stay one step ahead of the hackers and avoid more incidents like WannaCry.


Contribution by Dr Debbie Garside, CEO of GeoLang Limited, as originally published in CSO Online: