We here at Solutions Review have said it before and we’ll say it again: legacy solutions in the endpoint security field are inadequate.
This oft-repeated but oft-forgotten maxim applies equally to antivirus solutions—which do not have the capabilities of a fully-fledged endpoint protection platform—and to legacy endpoint protection platform solutions which have not updated to enforce modern digital security effectively.
One of the chief capabilities of next-gen endpoint protection platforms is the utilization of artificial intelligence, usually in the form of machine learning. But why is this so important? How can artificial intelligence improve your endpoint protection platforms?
The answer embodies both the present requirements of endpoint protection platforms…and what may lay in its future.
Artificial Intelligence Bolsters Modern Protection Capabilities
Since the earliest days of cybersecurity, endpoint protection has focused on malware protection. On the one hand, this preventative focus—still seen in legacy antivirus and legacy endpoint security solutions—is both understandable and necessary. We still need prevention to keep out traditional threats and to deter inexperienced hackers from targeting your network.
However, this preventative focus may in fact be missing the forest for the trees, if you’ll forgive the low-tech idiom. Newer threats are emerging in tandem with new digital threat actors, designed with evasion technology built in to avoid traditional prevention protocols. These new threats include fileless malware which takes advantage of normal endpoint processes as well as phishing attacks which take advantage of human error to slip past the perimeter.
The truth is that no preventative endpoint protection software is 100% effective against all digital threats. However, you can bring your endpoint protection platform as close to 100% effective as possible, and artificial intelligence can help with that. Artificial intelligence and machine learning can strengthen your early detection capabilities by using threat intelligence to recognize digital threats as they enter the perimeter. AI can also keep a close eye on potential attack vectors remotely connecting to the network like mobile devices.
But perhaps more importantly, artificial intelligence can help protect your network after the threat has already penetrated your network.
Detection, Data Aggregation, and Endpoint Protection
A recent focus of endpoint protection platforms and customers alike has been endpoint detection and response (EDR)—a new detection capability designed to find threats that have already penetrated your network. Artificial intelligence and machine learning facilitate EDR by using aggregated cybersecurity event data to more efficiently identify threats and create priority alerts for enterprise security teams.
Cybersecurity teams using artificial intelligence can orchestrate and automate the appropriate levels of response to each potential threat, easing the burdens your IT security team faces on a daily basis. In other words, it makes finding potential threats and categorizing them for future investigation far easier.
Artificial Intelligence: The Robot IT Security Team Member?
Let’s begin this section with a caveat: humans are, and will likely always be, an essential part of your endpoint protection platform’s performance. Artificial intelligence cannot replace your IT security team.
However, artificial intelligence and machine learning can be an augmentation to your existent IT human intelligence; it can help your team cope with the increasing volume and sophistication of modern digital attacks. Artificial intelligence can automate rote tasks that would consume your IT security team’s time and energy and can be used to bolster situational awareness and intra-enterprise security communication. In other words, AI could be implemented to handle the grunt work as your human teams investigate potential threats or working on expanding your endpoint protection perimeter.
Getting in on the Ground Floor of Security AI
During his keynote speech at Identiverse this year, privacy expert Jonathan Zittrain spoke of the potential for machines to supplant humans in rational decision-making. He used the artificial intelligence that won against the world Go champion as an example of a machine beating a human in a game that humans have been perfecting for thousands of years. It made decisions that seemed irrational but in fact outwitted the human player.
The real question for the future of endpoint protection platforms is whether that evolution will hold true here: will artificial intelligence one day protect us better than human expertise? With nearly half of all data breaches resulting from human error, could artificial intelligence reach a state of advancement to prevent human error before it happened, creating a security perimeter currently unimaginable?
At the moment it seems unlikely—machine learning still has to be taught to recognize patterns and needs constant reexamination to ensure optimal performance. Hackers and other digital bad actors are destructively creative which can only be matched by the defensive creativity of security professionals.
Yet the question of the future remains. Artificial intelligence will be a part of endpoint protection’s future, in one form or another. As long as it does, you and your enterprise need to ask: if artificial intelligence is the way of the future, shouldn’t we be on the ground floor?
Latest posts by Ben Canner (see all)
- What is Grayware and How Can You Defend Against It? - November 13, 2018
- IoT: Why it Matters to Endpoint Security - November 8, 2018
- Sorry, Your Legacy Antivirus Solution is Inadequate - November 8, 2018