Skip to content

Posts tagged ‘Absolute Resilience’

Absolute’s CEO Christy Wyatt On The Future Of Endpoint Security

Absolute's CEO Christy Wyatt On The Future Of Endpoint Security

Removing any doubt endpoints are resilient, self-healing and secure is what matters most to cybersecurity leaders today. It has become the highest priority across education, enterprise, financial services and government organizations in 2020 and beyond. At the same time, CIOs and CISOs are recognizing that endpoint complexity itself is a vulnerability. Absolute’s 2020 State of Endpoint Resilience Report​  finds there are now 10.2 agents per endpoint installed, up from 9.8. Add to this how quickly software agents degrade across thousands of remote devices and the size of the challenge becomes clear. 

Absolute’s approach to delivering unified endpoint security using their Endpoint Resilience platform that creates a permanent digital tether to every endpoint in the enterprise is getting noticed by CIOs and CISOs. IT leaders say Absolute’s ability to provide greater visibility and control is what they need. Interested in learning more about how Absolute is helping customers taking on the many challenges of protecting the proliferating number of endpoints today and how the company sees the future, I recently spoke with Christy Wyatt, CEO. (You can see my discussion with her last year here.)

Under her leadership, Absolute’s revenues, customer retention and Net Income continue to grow. Total revenue in Q4-FY2020 was $27.2M, representing a year-over-year increase of 7%. Annual revenue in FY2020 was $104.7M, representing an increase of 6% over F2019. Absolute also attained a 14% year-over-year increase in Enterprise and Government revenue making this segment 68% of Total ARR on June 30, 2020.

Christy is one of the most brilliant, insightful leaders in cybersecurity today and her perspective on the future of endpoint security makes for a fascinating discussion. The following is my interview with her:  

Louis: When you look back over the last eight months, which decisions and strategies do you see as being pivotal to Absolute’s growth and the fact that you accomplished so much, so quickly?

Christy: That’s a great question and the first thing that jumps to mind is our decision that Endpoint Resilience needs to be its own category. This was kind of a new thing. Many people talk about finding bad guys and the need for identity and access management.. there is a lot of use of the fear factor. And as an industry, we kept thinking of different ways devices could be compromised and we kept adding more security controls to solve those problems.

The thesis we arrived at, here at Absolute, is, “Listen, more isn’t always better. Making sure that things are actually working in there when you need them, that’s what is more important.” Because when you spend a lot of money on solutions, or when you tell your board or your CEO that you have a particular control and are now safe from a specific kind of risk… you need to go to sleep at night knowing that that’s in fact true. There needs to be a foundational belief that there is something solid to stand on when bad things happen.

And so, much of what we did this past year was really focused on quantifying that rate of decay because we believe that it is a painful problem organizations are having. I think that we are making traction and the insights we continue to publish on the state of Endpoint Resilience is really helping with that.

Louis: On your last earnings call, you talked about undeletable endpoint security and how it caught on in the education market. Did you change your go-to-market strategy this quarter to show you could scale an enterprise-wide deployment with teachers and administrators?

Christy: What’s important to remember is that we’ve been in business 20 years and that we started in education – as the one-to-one laptop initiatives for school kids were just getting underway. Those devices were very expensive and so that is the first problem we worked to solve. If somebody got their hands on a student’s device, how do you build a security platform that can survive anything that happens to that device? That was the original design premise all those years ago. And so, we have deep experience in things like scalability and solving problems for the education market.

What we’ve been seeing n the education market over the last couple of years has really been that, while technology has been an enabler for students, they weren’t necessarily thinking about teachers and administrators. So the challenge that they’ve grappled with over the last few months, notably with the accelerated shift to remote learning, is figuring out how to be both a digital and remote organization all at once. A lot of their processes were not yet online and not every single individual was connected.

Because we have a long-standing relationship with this community, we have a lot of expertise in the providing the scale and stability that they need. It was relatively intuitive for us to step and say, “Listen, these are things we can help you with. Here’s the bigger picture of things we could be helping you with, as you’re still figuring out distance learning and how to mobilize students.” Because we’ve also while serving education, we’ve also been serving banks and governments – and our enterprise business has been growing quite nicely over the years as well.

And I think we’re going to see that continue, because even as schools are contemplating sending children back to school, nobody knows whether this is a long-term or short-term. The new term I’ve started using is operational agility… and I think it applies to enterprise as well as it goes to education. I don’t think we ever again get to take for granted location and physical proximity to employees or students or devices. It has become a critical KPI for most organizations going forward.

Louis: Excellent point. And with regard to enterprise and government sectors growing 14% annually, what did you see in the eight months of this year that led to the double-digit growth in those markets?

Christy: Very few organizations had ever really contemplated the question, “What would happen if everybody had to be remote at a moment’s notice?” While our enterprise business has been experiencing double-digit growth for quite a while now, the onset of the pandemic really accelerated that growth. There has been a shift in thinking, that working remotely is not just for a smaller population of road warriors and sales reps and executives. I’ve spoken with many organizations that would say having a permanent digital connection to a device is really important for the people who are on airplanes and in a taxi cabs. But, I have a large percentage of my population that has a device that really they only use at work. Maybe it’s a laptop, maybe it’s a desktop – but either way, 99% of the time they are here. Or the times that they’re not here, they can VPN in. And I think that’s really become the challenge, that we can’t make that assumption anymore.

A lot of customers are rethinking all of that right now, as they’re seeing that being a remote, digitally-led organization can actually fit within their business model. If they give employees the flexibility to do what they love, where they want to do it, they’ll have an edge. While this is something that’s been forced on us, as with many things, the more you practice, the better you get… and then at some point, it becomes a part of the company’s DNA. And you learn to trust that you’re going to be safe and secure, your data and your employees are going to be just fine, because you don’t lose connection with them just because you can’t see them.

Louis: I think trust is an accelerator and Absolute’s success with endpoint security shows how to enable it at scale across organizations. Now with 13,000 customers, Absolute’s approach to building trust is working well.

On the earnings call you gave guidance of $112M to $118M with between 7% to 13% growth defined by how accounting transactions are handled. Underneath those figures, what’s the customer segment or what’s the geographic segment that you believe will be the primary catalyst for that revenue growth?

Christy: Perhaps a bit unusually for company our size, a large percentage of our revenue is actually North America-based. Our international markets have been some of the fastest growing segments for us. Our ecosystem of partners that we support – notably, the large PC and device manufacturers and their indirect channels – most of those are global entities and would like to support their customers in the same way internationally that they support them in North America. So one big focus for us is doing more selling and marketing globally, to meet this need.

I think the other big catalyst is going to be this shift to Resilience. We have a lot of customers who still rely on us for making sure they’re always connected to their devices and able to take preventative action – such as selectively wiping images or freezing a device, or geo-fencing a device from specific locations. While that’s certainly a critical set of capabilities, because we’re sitting in the hardware and sort of looking up at the software, we can help with this concept of self-healing. We can make sure that the critical controls you care about are truly working and protecting your employees.

A lot of the conversations we’re having, especially with new customers, are really focused on these capabilities. It’s not just, “How do I make sure I always know where my things are and that I can take action on them no matter where they are?” Instead, it’s “how do I use automated workflows to remediate risk? How do I have devices fix themselves so that my IT people don’t have to drown and help those calls?”

This concept of persistence and true self-healing that’s rooted in the hardware, I think is really, really powerful.. and the value of that really starts to become apparent when we’re in a world that looks like this. So I think those are some big focus areas for us as we go in the next year.

Louis: I like that one point you made on the earnings call about intelligence efforts, providing more data in a more interactive way for customers. I thought that that was really insightful and I think relevant to what you’ve been saying throughout our discussion. How do you help customers see themselves in a new way with new metrics, more interactively, more intuitively with greater insight?

Christy:  It’s a different view for us and it’s something I’m very excited about. When it comes to a new product, I focus on, “What’s the question the customer’s going to be asking? What’s the problem they’re trying to solve?” And from there, “How do I package that up neatly so that they click on a button and get a report and it solves all of their problems?” But that’s not the world we live in today, especially when you have so many moving parts and things are continuously changing.

So it’s a different design philosophy when we say to the team, “You actually have no idea what question the customer is going to ask. Your job is to create tools that allow them to ask any question they have and then help them define the answer, either using our tool or using our data in some other tool.” At the end of the day, that’s how they get closer to the truth about what’s going on within their organization… and how they gain the ability to make better decisions.

Louis: Absolutely, that’s key to creating a culture that can continues to innovate and with Absolute’s focus on helping customers attain greater autonomous endpoint resiliency, it’s proving to be a strong catalyst for future growth too.

Improving Online Learning Experiences One Secured Endpoint At A Time

Improving Online Learning Experiences One Secured Endpoint At A Time

Bottom Line: Defining the perfect mix of cloud apps, platforms and secured endpoints to create compelling online learning experiences customizable to students’ learning strengths is how schools are overcoming the challenge of virtual teaching.

There are over 56 million students in the U.S. alone who are relying on remote learning apps, platforms and autonomous endpoint security to protect them as they pursue their education. School districts, online educators and teachers quickly realized the move to 100% online classes could mean the end to outdated mechanized approaches to teaching. Eager to teach using technologies that tailor individual learning programs to every student’s unique learning strengths, schools are combining cloud, e-learning and endpoint security with strong results. Combining technologies gives every student regardless of their socioeconomic background a chance to excel. The goal is to provide unique personalized instruction at scale using a teaching technique called scaffolding. Scaffolding stresses creating an individual learning plan for each student complete with reinforcement for each lesson.

Why Cybersecurity Is The Cornerstone Of Online Learning 

Tailoring the latest technologies to the diverse needs of online learners is the easy part of creating an online learning program. Far more difficult is choosing the right endpoint security strategies to protect their identities, every one of their video conference sessions with peers and teachers and thwarting breach attempts. Parents, teachers, students and administrators all need to trust an e-learning platform to make it work. The bottom line is an e-learning platform needs to create and grow trust while being adaptive enough to meet students’ unique learning needs.

Interested in learning more about how leading online educators are bringing together the latest cloud and autonomous endpoint security technologies to help students learn online, I recently interviewed Eric Ramos Chief Technology Officer at Duarte Unified School District and Dean Phillips, Senior Technology Director, David Atkins, Director of Marketing and Communications and Jennifer Shoaf, Deputy Chief Academic Officer at PA Cyber.  Duarte Unified School District (USD) serves the educational needs of 3,400 scholars at the elementary, K-8 and high school levels. The Pennsylvania Cyber Charter School (PA Cyber) in Midland, PA, is one of the most experienced and successful online K-12 public schools in the nation serving over 12,000 students. Together the group of education professionals provided valuable insights into how educators can combine cloud, collaboration and cybersecurity applications to create more personalized, effective learning experiences for students. David Atkins of PA Cyber says that their approach to e-learning is succeeding because they take a fully holistic view of the student, their family and their situation. “Our collaboration with the student starts from the very moment that there’s interest in having some sort of cyber education. And we go from enrollments, all the way through any issues of that students could have, or the students family could have and take them all the way through graduation’ David said. “We take the time to listen and see the student as a complete person.”

The following are the key insights based on our conversations:

  • Choosing to make cybersecurity the highest priority treats students as customers, protecting their unique online learning experiences while providing excellent access across all socioeconomic levels. That’s when online learning experiences excel. What’s impressive how committed the team of educators I spoke with is about making technology work as a catalyst to help every student achieve their educational goals across all socioeconomic levels. They’re also the most advanced at tailoring complex technologies to deliver customized online learning experiences with PA Cyber serving 12,000 remote students at once. “Each of our students is different and they’re looking to accomplish different things and they learn in different ways. We have a different classroom options that they can choose from. And we have a lot of different scaffolding options in place when it comes to our instructional platform, “Jennifer Shoaf, Deputy Chief Academic Officer at PA Cyber said. Eric Ramos, CTO at USD says that he and his staff “reach out to teachers and staff members and provide them with the latest cybersecurity alerts and make sure they are aware of how their autonomous endpoint security platform is securing every laptop and making their job of staying in compliance to security protocols easy.” Eric continued saying that, “having an undeletable digital tether gives my staff, senior educators and me peace of mind, especially with summer here and the need to keep track of the Chromebooks out with students and families.”
  • The more resilient the autonomous endpoint security on the laptop, the easier it is to secure, upgrade and locate each of them if they’re lost or stolen. Duarte Unified School District provides Chromebooks to students for use all year long, often also providing an Internet HotSpot as many students’ families don’t have Internet access. PA Cyber provides students a Dell laptop and an entire technology kit that includes printers and peripherals as well. Having an undeletable digital tether to every laptop makes it possible to keep every system up to date on security and system patches. Dean Phillips, Senior Technology Director at PA Cyber, says that it’s been very helpful to know each laptop has active autonomous endpoint security running at all times. Dean says that endpoint management is a must-have for PA Cyber “We’re using Absolute’s Persistence to ensure an always-on, two-way connection with our IT management solution, Kaseya®, which we use to remotely push out security patches, new applications and scripts. That’s been great for students’ laptops as we can keep updates current and know where the system is. Without an endpoint management solution on student laptops, it is very difficult to manage endpoints without that agent. So Absolute absolutely helps us with that as well. That’s been a big plus.” Eric Ramos, CTO, says that Absolute has been great, especially when student calls in and says they can’t find their laptop. I don’t know where it is. It’s lost or maybe stolen. We’re able to pull that up, figure out the last time it got pinged and we can locate that usually. Nine times out of 10, the student finds it by next day by just having that information. So that’s been crucial. It’s always been something we love having.”
  • Standardize on a secure cloud platform that is flexible enough to support scaffolding or individualized learning yet hardened enough to protect every laptop connected to it via an undeletable digital tether. A major challenge both online schools face is keeping their cloud platforms adaptive enough to support students’ varying skills yet also secure enough to protect every student online.  Dean Phillips, Senior Technology Director at PA Cyber, says that it’s best to “keep technology as simple as possible for the students and families. Standardization is key, I think, with everything you do from a technology standpoint. Making sure that you build from the inside out from the core. Your applications and networks and making sure that that’s consistent all the way to the endpoint, I think that’s extremely important.” PA Cyber’s lessons learned creating a secure and adaptive e-learning platform makes the goal of providing personalized instruction for every student achievable at scale.  Jennifer Shoaf, Deputy Chief Academic Officer at PA Cyber, explains how the school personalizes online instruction for every student. “It all starts when the student first comes to PA Cyber and we try to get an understanding of where they are and where they should be and where they want to see themselves, whether it’s in a month or in a couple years, or when they graduate from our school. So one of the things that we pride ourselves on here at this school is allowing for multiple modes of instruction for our students,” Jennifer said.
  • Capitalizing on the excellent asset management reporting autonomous endpoint security solutions have, CTOs and senior IT directors are gaining new insights into how to improve learning effectiveness. Having resilient, persistent connections to every endpoint with an undeletable digital tether also provides invaluable asset management data. Eric Ramos of Duarte USD and Dean Phillips of PA Cyber are leaders in this area of e-learning today. Eric Ramos says that asset management and activity reports made possible by the autonomous endpoint platform he is using from Absolute makes getting prepared for senior management meetings easy. “During principal meetings, I’m able to pull up these reports and say, look, these were the goals at the beginning of the year to use these four products at this amount of time. And here’s where you’re at on a small window. Or you can look at it over time and saying, this has been an increase here, this is a decrease here, these sites are doing really well with it, these sites may be not. But let’s now talk about what’s working for you. What are your teachers liking about the particular program? Or, program aside, how are your results coming about?” Eric Ramos, CTO said.

Conclusion

Delivering an excellent online learning experience needs to start with a cybersecurity strategy that includes autonomous endpoint security. Duarte USD and PA Cyber are leaders in this field, being among the first to see how combining core technologies while having an undeletable digital tether to every laptop is a must-have. Earning and growing the trust of parents, students, teachers and school administrators start with an endpoint security strategy that can adapt and grow as an e-learning program does.

How Absolute Protects Patient Data At Apria Healthcare

How Absolute Protects Patient Data At Apria Healthcare

Bottom Line: Healthcare providers need to adopt more persistent, resilient endpoint cybersecurity to thwart cybercriminals who are escalating their efforts to steal healthcare records. Motivated by up to $1,000 being offered on the Dark Web for healthcare records, cybercriminals are prioritizing healthcare breaches for financial gain.

Endpoint Resilience Is the Cornerstone of Apria Healthcare’s Cybersecurity Strategy

Healthcare providers are a favorite target for cybercriminals, and their popularity is growing. In the first eight weeks of 2020, the U.S. Department of Health and Human Services received 66 reports of breaches affecting 500 patient records or more at healthcare providers and health plans. The Health & Human Services Breach Portal, which contains a list of all cases under investigation today, reflects the severity of healthcare providers’ cybersecurity crisis and the urgent need for a strong, resilient system to protect patient information. Apria Healthcare is well aware of these threats and has taken an innovative, insightful approach to thwart them.

Apria Healthcare’s cybersecurity strategy focuses heavily on deterrence at the endpoint and device level, an approach that has proven effective in mitigating breaches globally. The company is a recognized leader in healthcare, serving nearly 2M patients annually across 300 locations in 49 states. They have more than 8,000 laptops, desktops and tablets, many of which regularly leave the organization. Apria needed a way to deliver zero-touch IT asset management, provide self-healing endpoint security, and employ always-on data visibility and protection whether an asset was on or off their corporate network. They turned to Absolute and the company’s patented Persistence technology.

“Persistence [located] in the BIOS is the number one item that I think really sets Absolute apart from other companies touting that they can do asset tracking better,” said Janet Hunt, Senior Director, IT User Support at Apria Healthcare. “The other vendors really can’t, they don’t have that piece – that persistent piece is so important to me. I always am looking for opportunities to use different technologies as they come up, and I haven’t found anything that’s as good as Absolute. Nothing can compare.”

Absolute’s Persistence technology, the foundation of the company’s Resilience solution, enables a self-healing, unbreakable two-way connection to endpoints, applications, and data. It provides an adaptive layer of defense by notifying IT of where devices are and when security applications are removed or corrupt, and triggering automatic reinstallation. Because Absolute is already embedded in the BIOS of Dell, HP, Lenovo, and 22 other leading manufacturers’ devices, it provides Apria with the single source of truth needed to protect personal data and help achieve HIPAA compliance.

Turning HIPAA Compliance into A Competitive Advantage  

Apria quickly established a leadership position in the healthcare industry by setting and maintaining stringent requirements needed to achieve HIPAA compliance across its patient data platform. Leveraging Absolute’s Resilience solution and Persistence technology, Apria differentiated itself from its competitors and reduced the risk they would ever see fines for HIPAA non-compliance. And with HIPAA fines ranging from $25,000 to $15.M per year, Apria’s prescient decision to turn compliance into a competitive advantage was an excellent one because it put patients’ welfare and data security first, above all other IT priorities.

Achieving Greater Device Control & Visibility Is Key 

Absolute’s dashboard provides Apria with both a snapshot of the status of all devices, updated every 15 minutes, as well as a complete device history that enables security managers to see and report on encryption, geolocation, and usage.

“Our geo-fencing is extremely tight. I have PCs that live in the Philippines. I have PCs that live in India. I have one, or actually two, PCs that live in Indonesia. If somebody goes from where they say that they’re going to be to another part of Indonesia, that device will freeze because that’s not where it’s supposed to be, and that’s an automatic thing. Don’t ask forgiveness, don’t ask questions, freeze the device, and see what happens. It’s one of the best things we’ve done for ourselves,” Janet Hunt recently said during a recent during a recent panel discussion. Geofencing is a must-have in any persistent endpoint security strategy.

“[With Absolute] I have a complete history of each device, which makes it really easy for me to say not only whether it is encrypted now, but also what its status was a week ago, or two weeks ago, or two months ago,” said Dave Ochoa, Manager, Information Security Operations at Apria Healthcare. “So, you get this lovely little package that you can hand off to your auditor and say, ‘Not an issue.’ You know that this is not an incident, this is not a breach.”

Endpoint Security’s Network Effect Is Accelerating

Apria Healthcare’s decision to protect its 8,000 laptops, desktops, and tablets using Absolute’s Resilience endpoint solution is a leading indicator of the Network Effect happening with endpoint security today. A sure sign the Network Effect is taking place is how demand is growing for more endpoint security agents and applications. Absolute is seeing this Network Effect globally and has been steadily adding integrations with more than 30 endpoint security agents and applications – most recently adding support for the market-leading security solution VMware® Carbon Black.

“The average enterprise today has already spent thousands, if not millions, of dollars on security controls and applications, and that total security investment only continues to rise in the face of escalating risk,” said Christy Wyatt, CEO of Absolute. “However, the vast number of controls and agents being invested in and subsequently piled onto the endpoint can introduce a false sense of security; those controls are only effective if they are present and actually running. A foundation of Resilience enables IT and security teams to understand the current state of their assets, understand if the security controls have been compromised, and heal those that have been taken offline.”

Conclusion

In the face of increasingly sophisticated attackers and vectors, organizations continue to layer on security controls. Gartner estimates that more than $174B will be spent on security by 2022, and of that, approximately $50B will be dedicated to protecting the endpoint. Absolute’s 2019 Endpoint Security Trends Report revealed that organizations have an average of 10 distinct agents layered onto endpoint devices, all competing with one another for device services and resources. The resulting complexity not only negatively impacts endpoint performance but creates an environment ripe for collision and decay. This, along with humans tampering with or removing security controls, means that even the most well-functioning endpoint agents have a high probability of failure.

All of this has IT and security administrators grappling with increasing complexity and risk levels, while also facing mounting pressure to ensure endpoint controls maintain integrity, availability, and functionality at all times, and deliver their intended value. And so, organizations need complete visibility and real-time insights to pinpoint the dark endpoints, identify what’s broken and where gaps exist, as well as respond and take action quickly.

Absolute’s Resilience offering empowers organizations to build an enterprise security approach that is intelligent, adaptive, and self-healing. Rather than perpetuating a false sense of security, Absolute provides a single source of truth and the diamond image of resilience for endpoints as Apria Healthcare’s cybersecurity strategy and results indicate.

 

 

 

 

Why Cybersecurity Needs To Focus More On Customer Endpoints

Why Cybersecurity Needs To Focus More On Customer Endpoints

  • Cloud-based endpoint protection platforms (EPP) are proliferating across enterprises today as CIOs and CISOs prioritize greater resiliency in their endpoint security strategies going into 2020.
  • Gartner predicts that Global Information Security and Risk Management end-user spending is forecast to grow at a five-year CAGR of 9.2% to reach $174.5 billion in 2022, with approximately $50B spent on endpoint security.
  • Endpoint security tools are 24% of all IT security spending, and by 2020 global IT security spending will reach $128B according to Morgan Stanley Research.
  • 70% of all breaches still originate at endpoints, despite the increased IT spending on this threat surface, according to IDC.

There’s a surge of activity happening right now in enterprises that are prioritizing more resiliency in their endpoint security strategies going into 2020. The factors motivating CIOs, CISOs, IT, and Practice Directors to prioritize endpoint resiliency include more effective asset management based on real-time data while securing and ensuring every endpoint can heal itself using designed-in regenerative software at the BIOS level of every device. CIOs say the real-time monitoring helps reduce asset management operating expense, a big plus many of them appreciate give their tight budgets. Sean Maxwell, Chief Commercial Officer at Absolute, says, “Trust is at the center of every endpoint discussion today as CIOs, CISOs and their teams want the assurance every endpoint will be able to heal itself and keep functioning.”

The Endpoint Market Is Heating Up Going Into 2020

Over thirty vendors are competing in the endpoint security market right now. A few of the most interesting are Absolute Software, Microsoft, Palo Alto Networks, and others who are seeing a surge of activity from enterprises based on discussions with CIOs and CISOs. Absolute Software’s Persistence self-healing endpoint security technology is embedded in the firmware of more than 500 million devices and gives CIOs, CISOs and their team’s complete visibility and control over devices and data. Absolute is the leading visibility and control platform that provides enterprises with tamper-proof resilience and protection of all devices, data, and applications.

Like Absolute, Microsoft is unique in how they are the only vendor to provide built-in endpoint protection at the device level, with the core focus being on the OS. Windows 10 has Windows Defender Antivirus now integrated at the OS level, the same System Center Endpoint Protection delivers in Windows 7 and 8 OS. Microsoft Defender Advanced Threat Protection (ATP) incident response console aggregates alerts and incident response activities across Microsoft Defender ATP, Office 365 ATP, Azure ATP, and Active Directory, in addition to Azure.

Further evidence of how enterprise customers are placing a high priority on endpoint security is the increase in valuations of key providers in this market, including Absolute Software (TSE: ABT) and others. Absolute’s stock price has jumped 13% in just a month, following their latest earnings announcement on November 12th with a transcript of their earnings call here. Absolute’s CEO Christy Wyatt commented during the company’s most recent earnings call that, “The ability to utilize near real-time data from the endpoint to… to deliver actionable insights to IT about where controls are failing and the ability to apply resilience to self-heal and reinforce those security controls will become a critical skill for every one of our customers. This is the essence of Absolute’s platform, which adds resiliency to our customer’s operations.” It’s evident from what CIOs and CISOs are saying that resiliency is transforming endpoint security today and will accelerate in 2020.

Key Takeaways From Conversations With Enterprise Cybersecurity Leaders

The conversations with CIOs, CISOs, and IT Directors provided valuable insights into why resiliency is becoming a high priority for endpoint security strategies today. The following are key takeaways from the conversations:

  • Known humorously as the “fun button” cybersecurity teams enjoy being able to brick any device any time while monitoring the activity happening on it in real-time. One CIO told the story of how their laptops had been given to a service provider who was supposed to destroy them to stay in compliance with the Health Insurance Portability and Accountability Act (HIPAA), and one had been resold on the back market, ending up in a 3rd world nation. As the hacker attempted to rebuild the machine, the security team watched as each new image was loaded, at which time they would promptly brick the machine. After 19 tries, the hacker gave up and called the image re-build “brick me.”
  • IT budgets for 2020 are flat or slightly up, with many CIOs being given the goal of reducing asset management operating expenses, making resiliency ideal for better managing device costs. The more effectively assets are managed, the more secure an organization becomes. That’s another motivating factor motivating enterprises to adopt resiliency as a core part of the endpoint security strategies.
  • One CIO was adamant they had nine software agents on every endpoint, but Absolute’s Resilience platform found 16, saving the enterprise from potential security gaps. The gold image an enterprise IT team was using had inadvertently captured only a subset of the total number of software endpoints active on their networks. Absolute’s Resilience offering and Persistence technology enabled the CIO to discover gaps in endpoint security the team didn’t know existed before.
  • Endpoints enabled with Resiliency have proven their ability to autonomously self-heal themselves, earning the trust of CIOs and CISOs, who are adopting Absolute to alleviate costly network interruptions and potential breaches in the process. 19% of endpoints across a typical IT network require at least one client or patch management repair monthly, according to Absolute’s 2019 Endpoint Security Trends Report. The report also found that increasing security spending on protecting endpoints doesn’t increase an organizations’ safety – and in some instances, reduces it. Having a systematic, design-in solution to these challenges gives CIOs, CISO, and their teams greater peace of mind and reduces expensive interruptions and potential breaches that impede their organizations’ growth.

 

10 Predictions How AI Will Improve Cybersecurity In 2020

10 Predictions How AI Will Improve Cybersecurity In 2020

Capgemini predicts 63% of organizations are planning to deploy AI in 2020 to improve cybersecurity, with the most popular application being network security.

Cybersecurity is at an inflection point entering 2020. Advances in AI and machine learning are accelerating its technological progress. Real-time data and analytics are making it possible to build stronger business cases, driving higher adoption. Cybersecurity spending has rarely been linked to increasing revenues or reducing costs, but that’s about to change in 2020.

What Leading Cybersecurity Experts Are Predicting For 2020

Interested in what the leading cybersecurity experts are thinking will happen in 2020, I contacted five of them. Experts I spoke with include Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software; Dr. Torsten George, Cybersecurity Evangelist at Centrify; Craig Sanderson, Vice President of Security Products at Infoblox; Josh Johnston, Director of AI, Kount; and Brian Foster, Senior Vice President Product Management at MobileIron. Each of them brings a knowledgeable, insightful, and unique perspective to how AI and machine learning will improve cybersecurity in 2020. The following are their ten predictions:

  1. AI and machine learning will continue to enable asset management improvements that also deliver exponential gains in IT security by providing greater endpoint resiliency in 2020. Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software, observes that “Keeping machines up to date is an IT management job, but it’s a security outcome. Knowing what devices should be on my network is an IT management problem, but it has a security outcome. And knowing what’s going on and what processes are running and what’s consuming network bandwidth is an IT management problem, but it’s a security outcome. I don’t see these as distinct activities so much as seeing them as multiple facets of the same problem space, accelerating in 2020 as more enterprises choose greater resiliency to secure endpoints.”
  2. AI tools will continue to improve at drawing on data sets of wildly different types, allowing the “bigger picture” to be put together from, say, static configuration data, historic local logs, global threat landscapes, and contemporaneous event streams.  Nicko van Someren, Ph.D., and CTO at Absolute Software also predict that“Enterprise executives will be concentrating their budgets and time on detecting cyber threats using AI above predicting and responding. As enterprises mature in their use and adoption of AI as part of their cybersecurity efforts, prediction and response will correspondingly increase.”
  3. Threat actors will increase the use of AI to analyze defense mechanisms and simulate behavioral patterns to bypass security controls, leveraging analytics to and machine learning to hack into organizations. Dr. Torsten George, Cybersecurity Evangelist at Centrify, predicts that “threat actors, many of them state-sponsored, will increase their use and sophistication of AI algorithms to analyze organizations’’ defense mechanisms and tailor attacks to specific weak areas. He also sees the threat of bad actors being able to plug into the data streams of organizations and use the data to further orchestrate sophisticated attacks.”
  4. Given the severe shortage of experienced security operations resources and the sheer volume of data that most organizations are trying to work through, we are likely to see organizations seeking out AI/ML capabilities to automate their security operations processes. Craig Sanderson, Vice President of Security Products at Infoblox also predicts that “while AI and machine learning will increasingly be used to detect new threats it still leaves organizations with the task of understanding the scope, severity, and veracity of that threat to inform an effective response. As security operations becomes a big data problem it necessitates big data solutions.”
  5. There’s going to be a greater need for adversarial machine learning to combat supply chain corruption in 2020. Sean Tierney, Director of Threat Intelligence at Infoblox, predicts that “the need for adversarial machine learning to combat supply chain corruption is going to increase in 2020. Sean predicts that the big problem with remote coworking spaces is determining who has access to what data. As a result, AI will become more prevalent in traditional business processes and be used to identify if a supply chain has been corrupted.”
  6. Artificial intelligence will become more prevalent in account takeover—both the proliferation and prevention of it. Josh Johnston, Director of AI at Kount, predicts that “the average consumer will realize that passwords are not providing enough account protection and that every account they have is vulnerable. Captcha won’t be reliable either, because while it can tell if someone is a bot, it can’t confirm that the person attempting to log in is the account holder. AI can recognize a returning user. AI will be key in protecting the entire customer journey, from account creation to account takeover, to a payment transaction. And, AI will allow businesses to establish a relationship with their account holders that are protected by more than just a password.”
  7. Consumers will take greater control of their data sharing and privacy in 2020. Brian Foster, Senior Vice President Product Management at MobileIron, observes that over the past few years, we’ve witnessed some of the biggest privacy and data breaches. As a result of the backlash, tech giants such as Apple, Google, Facebook and Amazon beefed up their privacy controls to gain back trust from customers. Now, the tables have turned in favor of consumers and companies will have to put privacy first to stay in business. Moving forward, consumers will own their data, which means they will be able to selectively share it with third parties, but most importantly, they will get their data back after sharing, unlike in years past.
  8. As cybersecurity threats evolve, we’ll fight AI with AI. Brian Foster, Senior Vice President Product Management at MobileIron, notes that the most successful cyberattacks are executed by highly professional criminal networks that leverage AI and ML to exploit vulnerabilities such as user behavior or security gaps to gain access to valuable business systems and data. All of this makes it extremely hard for IT security organizations to keep up — much less stay ahead of these threats. While an attacker only needs to find one open door in an enterprise’s security, the enterprise must race to lock all of the doors. AI conducts this at a pace and thoroughness human ability can no longer compete with, and businesses will finally take notice in 2020.
  9. AI and machine learning will thwart compromised hardware finding its way into organizations’ supply chains. Rising demand for electronic components will expand the market for counterfeit components and cloned products, increasing the threat of compromised hardware finding its way into organizations’ supply chains. The vectors for hardware supply-chain attacks are expanding as market demand for more and cheaper chips, and components drive a booming business for hardware counterfeiters and cloners. This expansion is likely to create greater opportunities for compromise by both nation-state and cybercriminal threat actors. Source: 2020 Cybersecurity Threats Trends Outlook; Booz, Allen, Hamilton, 2019.
  10. Capgemini predicts 63% of organizations are planning to deploy AI in 2020 to improve cybersecurity, with the most popular application being network security. Capgemini found that nearly one in five organizations were using AI to improve cybersecurity before 2019. In addition to network security, data security, endpoint security, and identity and access management are the highest priority use cases for improving cybersecurity with AI in enterprises today. Source: Capgemini, Reinventing Cybersecurity with Artificial Intelligence: The new frontier in digital security.

10 Predictions How AI Will Improve Cybersecurity In 2020

Source: Capgemini, Reinventing Cybersecurity with Artificial Intelligence: The new frontier in digital security.

%d bloggers like this: