The top 3 use cases for AI endpoint security tools
By Jessica Groopman
The rise of mobile ushered in a new era of cybersecurity threats and altered the nature of endpoint security. Whereas enterprises typically managed traditional endpoints, such as laptops, today’s system admin of mobile is the end user. But even this shift in user and technical composition pales in comparison to the rise of connected devices, networked infrastructure and IoT.
As the volume and variety of endpoints grow, traditional signature-based and preprogrammed methods for security and antimalware struggle to keep up. Not only are devices proliferating, but threat types and false positives are too — not to mention the diverse ways attacks can manifest. As organizations scramble to keep pace with both the value and risks of IoT, they are looking for new tools to mitigate threats. Enter AI and machine learning investment, which soared to $7.1 billion in 2018 in cybersecurity alone, according to Zion Market Research.
Consider this analysis on three ways companies apply machine learning and other AI endpoint security techniques to see if they would fit into your enterprise infosec program.
1. Machine learning for endpoint risk scoring
The lifecycle of any given endpoint, whether a person or device, accrues large amounts of unique data about its interactions. For example, a person has specific behavioral patterns around login times, physical interactions, device behaviors, geolocations, transactions, biometrics and beyond. Not only that, these patterns can be mined and compared against population-level data of billions of points to increase decision accuracy.
A growing number of security companies use machine and deep learning to develop scores based on these parameters in order to authenticate the right user and detect anomalous behaviors, flag deviations, prevent attacks and ensure smooth UX.
2. Machine learning for attack surface flexibility
One of the most challenging dynamics of IoT security is that endpoints are distributed across physical environments. The IoT attack surface — the topology of what can be attacked — grows much wider than when fixed within the four walls of an enterprise. Depending on the application, IoT attack surfaces can include numerous chips, sensors, software, apps, devices, routers, networks, data transits, data centers, users and jurisdictions.
AI endpoint security technology can be applied to detect at-risk information or suspicious activity across surfaces and take immediate action. Given that many companies use multiple security agents on any given endpoint, machine learning can be used to scan across these agents, including antimalware and detection and response. This capability enables companies to consolidate visibility, automate encryption and deploy targeted patches and protections.
3. Machine learning for endpoint compliance
As IoT pervades every industry, devices must maintain compliance in order to achieve scale. With the ever-expanding use of biometrics and mobile health applications, compliance with HIPAA is a critical enabler to healthcare applications. Here, machine learning is used to automate the detection, classification and protection of sensitive health data. Specifically, machine learning is able to detect personally identifiable information or information specific to a hospital or medical procedure and then signal when and how data is moved or accessed.
Instead of relying on human analysts to monitor these massive, moving and intimate data sets, machine learning algorithms are trained on and exposed to sensitive data. This AI endpoint security use case can also apply to internal standards for provisioning, compliance reporting — such as anti-money laundering or know your customer in financial contexts — or other industry regulations relevant to security, risk and fraud prevention.
While these AI endpoint security use cases offer novel approaches — and maybe even some hope — in a climate of evermore pervasive cyberthreats, companies also point to their limitations. Today’s AI techniques and outputs are only as good as the data used to train them. Also, nefarious actors use AI to adapt to and counter against new mitigation techniques. Perhaps most important to the future of endpoint — and all cyber — security is the combination of both humans and AI to best counter evolving threats within an ever-evolving security landscape.