How AI, Machine Learning Will Impact Endpoint Security

Written by Derek Handova
January 14, 2019

MSSPs need to provide clean data and ongoing training to personnel.

AI and machine learning (ML) seem to be inundating more and more of the cloud computing space every day.

Intelligent security as a service, once thought to be an impossibility, has gone mainstream. Endpoint security, however, still seems to be at the endpoint. And while that assumption seems legitimate on the face of it, the whole truth is more nuanced and multifaceted. Before machine learning will impact endpoint security, it must first learn about the potential threats. So even as the industry builds in these intelligent capabilities, they are only as good as what they know.

Darktrace’s Justin Fier

“We’ve seen a ton of vendors rush to sprinkle machine learning into their systems and try to catch up to where the industry was five years ago,” says Justin Fier, director of cyber intelligence and analysis, Darktrace, a provider of artificial-intelligence (AI)-based cybersecurity solutions. “The problem with what the public often thinks of as AI is that it’s trained on data. It’s really hard and expensive to get the data sets – especially in security when companies are apprehensive to share threat intel – clean the data sets, and then train the model to a certain degree of accuracy.”

This complicates the concept of how machine learning (ML) will impact endpoint security, because AI and ML cloud solutions are best suited working with known quantities, whereas endpoint security involves the bad guys trying to come up with attack vectors that the good guys have not thought to defend against — in other words, an unknown.

Fidelis’ Tom Clare

“AI applies to structured environments – and security is not one of them – so we will see true AI applied to other areas in our lives before security solutions,” says Tom Clare, senior product manager, Fidelis Cybersecurity, a provider of threat detection, hunting, and response solutions. “While marketing hype promotes AI for security, [the] reality is [that] machine learning models specific use cases using attributes with reliable variances to detect outliers or anomalies. Machine learning helps both endpoint preventive and detection, and response defenses find anomalies; however, machine learning can produce false positives even with training baselines and feedback loops.”

While there is a place for how AI and machine learning will impact security, it will not happen by itself. So how will AI and ML impact endpoint security? Some AI and endpoint security experts were asked to weigh in on the topic with their informed opinions.

The 4 P’s of Security

As knowledgeable endpoint-security experts will relate, endpoint security is only one part of a multilayered defense against malicious threats and exploits of an enterprise computer system — whether in the cloud or on premises. And weaknesses or blind spots in network security can occur at any level when it comes to the fundamental four P’s: ports, privileges, passwords, and patches.

Cavirin’s Bashyam Anant

“While endpoints and users have been the traditional first mile for attackers, in our analysis, most successful breaches exploit the four P’s of open ports, loose privileges, weak passwords and missing patches in unforeseen ways,” says Bashyam Anant, head of product management, Cavirin, a cybersecurity startup.”The four P’s span the entire enterprise stack including the network, storage, databases, virtual and physical servers, containers, cloud services and applications.

So as Anant and other experts see it, for AI and machine learning to impact endpoint security, risk signals must be incorporated from across the enterprise — not just the endpoint. Fortunately, one of the most value-added propositions that MSSPs can offer their customers is …