Skip to content

Posts tagged ‘Absolute Software’

10 Predictions How AI Will Improve Cybersecurity In 2020

10 Predictions How AI Will Improve Cybersecurity In 2020

Capgemini predicts 63% of organizations are planning to deploy AI in 2020 to improve cybersecurity, with the most popular application being network security.

Cybersecurity is at an inflection point entering 2020. Advances in AI and machine learning are accelerating its technological progress. Real-time data and analytics are making it possible to build stronger business cases, driving higher adoption. Cybersecurity spending has rarely been linked to increasing revenues or reducing costs, but that’s about to change in 2020.

What Leading Cybersecurity Experts Are Predicting For 2020

Interested in what the leading cybersecurity experts are thinking will happen in 2020, I contacted five of them. Experts I spoke with include Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software; Dr. Torsten George, Cybersecurity Evangelist at Centrify; Craig Sanderson, Vice President of Security Products at Infoblox; Josh Johnston, Director of AI, Kount; and Brian Foster, Senior Vice President Product Management at MobileIron. Each of them brings a knowledgeable, insightful, and unique perspective to how AI and machine learning will improve cybersecurity in 2020. The following are their ten predictions:

  1. AI and machine learning will continue to enable asset management improvements that also deliver exponential gains in IT security by providing greater endpoint resiliency in 2020. Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software, observes that “Keeping machines up to date is an IT management job, but it’s a security outcome. Knowing what devices should be on my network is an IT management problem, but it has a security outcome. And knowing what’s going on and what processes are running and what’s consuming network bandwidth is an IT management problem, but it’s a security outcome. I don’t see these as distinct activities so much as seeing them as multiple facets of the same problem space, accelerating in 2020 as more enterprises choose greater resiliency to secure endpoints.”
  2. AI tools will continue to improve at drawing on data sets of wildly different types, allowing the “bigger picture” to be put together from, say, static configuration data, historic local logs, global threat landscapes, and contemporaneous event streams.  Nicko van Someren, Ph.D., and CTO at Absolute Software also predict that“Enterprise executives will be concentrating their budgets and time on detecting cyber threats using AI above predicting and responding. As enterprises mature in their use and adoption of AI as part of their cybersecurity efforts, prediction and response will correspondingly increase.”
  3. Threat actors will increase the use of AI to analyze defense mechanisms and simulate behavioral patterns to bypass security controls, leveraging analytics to and machine learning to hack into organizations. Dr. Torsten George, Cybersecurity Evangelist at Centrify, predicts that “threat actors, many of them state-sponsored, will increase their use and sophistication of AI algorithms to analyze organizations’’ defense mechanisms and tailor attacks to specific weak areas. He also sees the threat of bad actors being able to plug into the data streams of organizations and use the data to further orchestrate sophisticated attacks.”
  4. Given the severe shortage of experienced security operations resources and the sheer volume of data that most organizations are trying to work through, we are likely to see organizations seeking out AI/ML capabilities to automate their security operations processes. Craig Sanderson, Vice President of Security Products at Infoblox also predicts that “while AI and machine learning will increasingly be used to detect new threats it still leaves organizations with the task of understanding the scope, severity, and veracity of that threat to inform an effective response. As security operations becomes a big data problem it necessitates big data solutions.”
  5. There’s going to be a greater need for adversarial machine learning to combat supply chain corruption in 2020. Sean Tierney, Director of Threat Intelligence at Infoblox, predicts that “the need for adversarial machine learning to combat supply chain corruption is going to increase in 2020. Sean predicts that the big problem with remote coworking spaces is determining who has access to what data. As a result, AI will become more prevalent in traditional business processes and be used to identify if a supply chain has been corrupted.”
  6. Artificial intelligence will become more prevalent in account takeover—both the proliferation and prevention of it. Josh Johnston, Director of AI at Kount, predicts that “the average consumer will realize that passwords are not providing enough account protection and that every account they have is vulnerable. Captcha won’t be reliable either, because while it can tell if someone is a bot, it can’t confirm that the person attempting to log in is the account holder. AI can recognize a returning user. AI will be key in protecting the entire customer journey, from account creation to account takeover, to a payment transaction. And, AI will allow businesses to establish a relationship with their account holders that are protected by more than just a password.”
  7. Consumers will take greater control of their data sharing and privacy in 2020. Brian Foster, Senior Vice President Product Management at MobileIron, observes that over the past few years, we’ve witnessed some of the biggest privacy and data breaches. As a result of the backlash, tech giants such as Apple, Google, Facebook and Amazon beefed up their privacy controls to gain back trust from customers. Now, the tables have turned in favor of consumers and companies will have to put privacy first to stay in business. Moving forward, consumers will own their data, which means they will be able to selectively share it with third parties, but most importantly, they will get their data back after sharing, unlike in years past.
  8. As cybersecurity threats evolve, we’ll fight AI with AI. Brian Foster, Senior Vice President Product Management at MobileIron, notes that the most successful cyberattacks are executed by highly professional criminal networks that leverage AI and ML to exploit vulnerabilities such as user behavior or security gaps to gain access to valuable business systems and data. All of this makes it extremely hard for IT security organizations to keep up — much less stay ahead of these threats. While an attacker only needs to find one open door in an enterprise’s security, the enterprise must race to lock all of the doors. AI conducts this at a pace and thoroughness human ability can no longer compete with, and businesses will finally take notice in 2020.
  9. AI and machine learning will thwart compromised hardware finding its way into organizations’ supply chains. Rising demand for electronic components will expand the market for counterfeit components and cloned products, increasing the threat of compromised hardware finding its way into organizations’ supply chains. The vectors for hardware supply-chain attacks are expanding as market demand for more and cheaper chips, and components drive a booming business for hardware counterfeiters and cloners. This expansion is likely to create greater opportunities for compromise by both nation-state and cybercriminal threat actors. Source: 2020 Cybersecurity Threats Trends Outlook; Booz, Allen, Hamilton, 2019.
  10. Capgemini predicts 63% of organizations are planning to deploy AI in 2020 to improve cybersecurity, with the most popular application being network security. Capgemini found that nearly one in five organizations were using AI to improve cybersecurity before 2019. In addition to network security, data security, endpoint security, and identity and access management are the highest priority use cases for improving cybersecurity with AI in enterprises today. Source: Capgemini, Reinventing Cybersecurity with Artificial Intelligence: The new frontier in digital security.
10 Predictions How AI Will Improve Cybersecurity In 2020

Source: Capgemini, Reinventing Cybersecurity with Artificial Intelligence: The new frontier in digital security.

Improving Endpoint Security Needs To Be A Top Goal In 2020

Improving Endpoint Security Needs To Be A Top Goal In 2020

Bottom Line:  Attacking endpoints with AI, bots, and machine learning is gaining momentum with cybercriminals today with no signs of slowing down into 2020, making endpoint security a must-have cybersecurity goal for next year.

Cyberattacks are growing more complex and difficult to prevent now and will accelerate in the future, making endpoint security a top goal in 2020. Cybercriminals are using structured and unstructured machine learning algorithms to hack organizations’ endpoints with increasing frequency. Endpoint attacks and their levels of complexity will accelerate as cybercriminals gain greater mastery of these techniques.

In response, endpoint protection providers are adopting machine learning-based detection and response technologies, providing more cloud-native solutions that can scale across a broader range of endpoints, and designing in greater persistence and resilience for each endpoint. The recent IDC survey published this month, Do You Think Your Endpoint Security Strategy Is Up to Scratch? completed in collaboration with HP recommends that “companies should seek to build resilience — on the assumption that breaches are inevitable — and look for “security by design” features that facilitate or automate detection and recovery.” IDC surveyed 500 senior security executives globally, finding major differences between leading organizations who realize endpoint security is essential for a unified cybersecurity strategy and followers, who don’t.

What Differentiates The Most Effective Endpoint Strategies? 

IDC’s study found that leaders who integrate endpoint security into their cybersecurity plans are more effective at compliance reporting, endpoint hardening, and attack detection and response. Leaders capitalize on the data from their endpoint security strategies, creating contextual intelligence that helps protect their most vulnerable threat surfaces. The following are key insights from the IDC study showing why endpoint security needs to be an integral part of any corporate-wide cybersecurity strategy:

  • 29.6% of all enterprises globally consider endpoint security to be a significant component of their overall cybersecurity strategy, with leaders 2X as likely to consider it a high priority. Close to half of all enterprises (49.4%) believe endpoint security can perform effectively as a secondary component. IDC found that the lesser the priority security leaders place on endpoint security, the more likely endpoints will fail. Instead of taking a strategic approach, organizations treat endpoint security as an isolated strategy, adding an average of 10 security agents per device according to Absolute’s 2019 Endpoint Security Trends Report. You can get a copy of the report here. Cybersecurity leaders realize that having a unified endpoint security strategy designed for persistence and resilience is far more effective than relying on an isolated one. The following findings from the IDC report illustrate how leaders view endpoint as integral to their cybersecurity strategies.
  • When enterprises are complacent about endpoint security, procurement standards become mediocre over time and leave digital businesses at greater risk. Followers lack security focus for everything other than desktops during procurement, for example. Though most enterprises include security requirements in procurement requests, those requirements are not specified equally for all endpoint device types, resulting in uneven security coverage and compliance risk.
  • Automated operating system image recoverability, detect and recover firmware integrity breaches, and enabling software monitoring from the hardware level are the three most in-demand endpoint security features for enterprises today. Leader enterprises have relied on persistent connections to every endpoint in a network to achieve greater resilience across their global networks. Absolute is working to change this relationship, allowing remote, disconnected endpoints to remain resilient, which reflects what leaders are looking for in terms of greater control and visibility for every threat surface or endpoint. Senior security leaders, including CISOs, are taking a more integrated approach to endpoint security by designing in persistence to the device level that thwarts breach attempts in real-time. Absolute is working to change this relationship, allowing remote, disconnected endpoints to remain resilient.
  • Enterprises who are cybersecurity leaders most value a device’s built-in security features when evaluating PCs, laptops, and mobile devices while followers value this feature least. 33% of enterprises who are leaders prioritize devices that have built-in security capabilities that immediately provide persistent connections across the network, enabling greater resiliency. The study also makes the point that endpoint security needs to be tamper-proof at the operating system level, yet be flexible enough to provide IT and cybersecurity teams with device visibility and access to modify protections. One of the leaders in this area, Absolute, has invented endpoint security technology that begins at the BIOS level. There are currently 500M devices that have their endpoint code embedded in them. The Absolute Platform is comprised of three products: Persistence, Intelligence, and Resilience—each building on the capabilities of the other. The following graphic from the IDC study illustrates the stark contrast between enterprises who are cybersecurity leaders versus followers when it comes to adopting build-in security capabilities to harden endpoints across their networks.

Conclusion

When 70% of all breaches originate at endpoints, despite enterprise IT spending more than ever in cybersecurity, it’s a clear sign that endpoint security needs to be an integral part of any cybersecurity strategy. On average, every endpoint has ten security agents installed, often leading to software conflicts and frequent endpoint encryption failures. Absolute’s latest study found that over 42% of endpoints experience encryption failures, leaving entire networks at risk from a breach. They’re most commonly disabled by users, malfunction, or have error conditions or have never been installed correctly in the first place. Absolute also found that endpoints often failed due to the fragile nature of their encryption agents’ configurations. 2% of encryption agents fail every week, and over half of all encryption failures occurred within two weeks, fueling a constant 8% rate of decay every 30 days. 100% of all devices experiencing encryption failures within one year. Multiple endpoint security solutions conflict with each other and create more opportunities for breaches than avert them. These are just a few of the many factors that make improving endpoint security a top goal all enterprises need to achieve in 2020.

It’s Time To Solve K-12’s Cybersecurity Crisis

It's Time To Solve K-12's Cybersecurity Crisis

  • There were a record 160 publicly-disclosed security incidents in K-12 during the summer months of 2019, exceeding the total number of incidents reported in all of 2018 by 30%.
  • 47% of K-12 organizations are making cybersecurity their primary investment, yet 74% do not use encryption.
  • 93% of K-12 organizations rely on native client/patch management tools that have a 56% failure rate, with 9% of client/patch management failures never recovered.

These and many other fascinating insights are from Absolute’s new research report, Cybersecurity and Education: The State of the Digital District in 2020​, focused on the state of security, staff and student safety, and endpoint device health in K-12 organizations. The study’s findings reflect the crisis the education sector is facing as they grapple with high levels of risk exposure – driven in large part by complex IT environments and a digitally savvy student population – that have made them a prime target for cybercriminals and ransomware attackers. The methodology is based on data from 3.2M devices containing Absolute’s endpoint visibility and control platform, active in 1,200 K-12 organizations in North America (U.S. and Canada). Please see the full report for complete details on the methodology.

Here’ the backdrop:

  • K-12 cybersecurity incidents are skyrocketing, with over 700 reported since 2016 with 160 occurring during the summer of 2019 alone. Educational IT leaders face the challenge of securing increasingly complex IT environments while providing access to a digitally savvy student population capable of bypassing security controls. Schools are now the second-largest pool of ransomware victims, just behind local governments and followed by healthcare organizations. As of today, 49 school districts have been hit by ransomware attacks so far this year.

“Today’s educational IT leaders have been tasked with a remarkable feat: adopting and deploying modern learning platforms, while also ensuring student safety and privacy, and demonstrating ROI on security and technology investments,” said Christy Wyatt, CEO of Absolute.

Research from Absolute found:

K-12 IT leaders are now responsible for collectively managing more than 250 unique OS versions, and 93% are managing up to five versions of common applications. The following key insights from the study reflect how severe K-12’s cybersecurity crisis is today:

  • Digital technologies’ rapid proliferation across school districts has turned into a growth catalyst for K-12’s cybersecurity crisis. 94% of school districts have high-speed internet, and 82% provide students with school-funded devices through one-to-one and similar initiatives. Absolute found that funding for educational technology has increased by 62% in the last three years. The Digital Equity Act goes into effect this year, committing additional federal dollars to bring even more technology to the classroom. K-12 IT leaders face the daunting challenge of having to secure on average 11 device types, 258 unique operating systems versions and over 6,400 unique Chrome OS extensions and more, reflecting the broad scale of today’s K-12 cybersecurity crisis. Google Chromebooks dominate the K-12 device landscape. The following graphic illustrates how rapidly digital technologies are proliferating in K-12 organizations:

  • 42% of K-12 organizations have staff and students regularly bypass security endpoint controls using web proxies and rogue VPN apps, inadvertently creating gateways for malicious outsiders to breach their schools’ networks. Absolute found that there are on average 10.6 devices with web proxy/rogue VPN apps per school and 319 unique web proxy/rogue VPN apps in use today, including “Hide My Ass” and “IP Vanish.”  Many of the rogue VPN apps originate in China, and all of them are designed to evade web filtering and other content controls. With an average of 10.6 devices per school harboring web proxies and rogue VPN apps, schools are also at risk of non-compliance with the Children’s Internet Protection Act (CIPA).

  • While 68% of education IT leaders say that cybersecurity is their top priority, 53% rely on client/patch management tools that are proving ineffective in securing their proliferating IT infrastructures. K-12 IT leaders are relying on client/patch management tools to secure the rapidly proliferating number of devices, operating systems, Chrome extensions, educational apps, and unique application versions. Client/patch management agents fail 56% of the time, however, and 9% never recover. There are on average, nine daily encryption agents’ failures, 44% of which never recover. The cybersecurity strategy of relying on native client/patch management isn’t working, leading to funds being wasted on K-12 security controls that don’t scale:

“Wyatt continued, this is not something that can be achieved by simply spending more money… especially when that money comes from public funds. The questions they each need to be asking are if they have the right foundational security measures in place, and whether the controls they have already invested in are working properly. Without key foundational elements of a strong and resilient security approach in place – things like visibility and control, it becomes nearly impossible to protect your students, your data, and your investments.”

  • Providing greater device visibility and endpoint security controls while enabling applications and devices to be more resilient is a solid first step to solving the K-12 cybersecurity crisis. Thwarting the many breach and ransomware attacks K-12 organizations receive every day needs to start by considering every device as part of the network perimeter. Securing K-12 IT networks to the device level delivers asset management and security visibility that native client/patch management tools lack. Having visibility to the device level also gives K-12 IT administrators and educators insights into how they can tailor learning programs for broader adoption. The greater the visibility, the greater the control. K-12 IT administrators can ensure internet safety policies are being adhered to while setting controls to be alerted of suspicious activity or non-compliant devices, including rogue VPNs or stolen devices. Absolute’s Persistence platform provides a persistent connection to each endpoint in a K-12’s one-to-one program, repairing or replacing critical apps that have been disabled or removed.

You can download the full Absolute report here.

10 Ways AI And Machine Learning Are Improving Endpoint Security

  • Gartner predicts $137.4B will be spent on Information Security and Risk Management in 2019, increasing to $175.5B in 2023, reaching a CAGR of 9.1%. Cloud Security, Data Security, and Infrastructure Protection are the fastest-growing areas of security spending through 2023.
  •  69% of enterprise executives believe artificial intelligence (AI) will be necessary to respond to cyberattacks with the majority of telecom companies (80%) saying they are counting on AI to help identify threats and thwart attacks according to Capgemini.
  •  Spending on AI-based cybersecurity systems and services reached $7.1B in 2018 and is predicted to reach $30.9B in 2025, attaining a CAGR of 23.4% in the forecast period according to Zion Market Research.

Traditional approaches to securing endpoints based on the hardware characteristics of a given device aren’t stopping breach attempts today. Bad actors are using AI and machine learning to launch sophisticated attacks to shorten the time it takes to compromise an endpoint and successfully breach systems. They’re down to just 7 minutes after comprising an endpoint and gaining access to internal systems ready to exfiltrate data according to Ponemon. The era of trusted and untrusted domains at the operating system level, and “trust, but verify” approaches are over. Security software and services spending is soaring as a result, as the market forecasts above show.

AI & Machine Learning Are Redefining Endpoint Security

AI and machine learning are proving to be effective technologies for battling increasingly automated, well-orchestrated cyberattacks and breach attempts. Attackers are combining AI, machine learning, bots, and new social engineering techniques to thwart endpoint security controls and gain access to enterprise systems with an intensity never seen before. It’s becoming so prevalent that Gartner predicts that more than 85% of successful attacks against modern enterprise user endpoints will exploit configuration and user errors by 2025. Cloud platforms are enabling AI and machine learning-based endpoint security control applications to be more adaptive to the proliferating types of endpoints and corresponding threats. The following are the top ten ways AI and machine learning are improving endpoint security:

  • Using machine learning to derive risk scores based on previous behavioral patterns, geolocation, time of login, and many other variables is proving to be effective at securing and controlling access to endpoints. Combining supervised and unsupervised machine learning to fine-tune risk scores in milliseconds is reducing fraud, thwarting breach attempts that attempt to use privileged access credentials, and securing every identity on an organizations’ network. Supervised machine learning models rely on historical data to find patterns not discernable with rules or predictive analytics. Unsupervised machine learning excels at finding anomalies, interrelationships, and valid links between emerging factors and variables. Combining both unsupervised and supervised machine learning is proving to be very effective in spotting anomalous behavior and reducing or restricting access.
  • Mobile devices represent a unique challenge to achieving endpoint security control, one that machine learning combined with Zero Trust is proving to be integral at solving.  Cybercriminals prefer to steal a mobile device, its passwords, and privileged access credentials than hack into an organization. That’s because passwords are the quickest onramp they have to the valuable data they want to exfiltrate and sell. Abandoning passwords for new techniques including MobileIron’s zero sign-on approach shows potential for thwarting cybercriminals from getting access while hardening endpoint security control. Securing mobile devices using a zero-trust platform built on a foundation of unified endpoint management (UEM) capabilities enables enterprises to scale zero sign-on for managed and unmanaged services for the first time. Below is a graphic illustrating how they’re adopting machine learning to improve mobile endpoint security control:
  • Capitalizing on the core strengths of machine learning to improve IT asset management is making direct contributions to greater security.  IT Management and security initiatives continue to become more integrated across organizations, creating new challenges to managing endpoint security across each device. Absolute Software is taking an innovative approach to solve the challenge of improving IT asset management, so endpoint protection is strengthened at the same time. Recently I had a chance to speak with Nicko van Someren, Ph.D. and Chief Technology Officer at Absolute Software, where he shared with me how machine learning algorithms are improving security by providing greater insights into asset management. “Keeping machines up to date is an IT management job, but it’s a security outcome. Knowing what devices should be on my network is an IT management problem, but it has a security outcome. And knowing what’s going on and what processes are running and what’s consuming network bandwidth is an IT management problem, but it’s a security outcome. I don’t see these as distinct activities so much as seeing them as multiple facets of the same problem space. Nicko added that Absolute’s endpoint security controls begin at the BIOS level of over 500M devices that have their endpoint code embedded in them. The Absolute Platform is comprised of three products: Persistence, Intelligence, and Resilience—each building on the capabilities of the other. Absolute Intelligence standardizes the data around asset analytics and security advocacy analytics to allow Security managers to ask any question they want. (“What’s slowing down my device? What’s working and what isn’t? What has been compromised? What’s consuming too much memory? How does this deviate from normal performance?”). An example of Absolute’s Intelligence providing insights into asset management and security is shown below:
  • Machine learning has progressed to become the primary detection method for identifying and stopping malware attacks. Machine learning algorithms initially contributed to improving endpoint security by supporting the back-end of malware protection workflows. Today more vendors are designing endpoint security systems with machine learning as the primary detection method. Machine learning trained algorithms can detect file-based malware and learn which files are harmful or not based on the file’s metadata and content. Symantec’s Content & Malware Analysis illustrates how machine learning is being used to detect and block malware. Their approach combines advanced machine learning and static code file analysis to block, detect, and analyze threats and stop breach attempts before they can spread.
  • Supervised machine learning algorithms are being used for determining when given applications are unsafe to use, assigning them to containers, so they’re isolated from production systems. Taking into account an applications’ threat score or reputation, machine learning algorithms are defining if dynamic application containment needs to run for a given application. Machine learning-based dynamic application containment algorithms and rules block or log unsafe actions of an application based on containment and security rules. Machine learning algorithms are also being used for defining predictive analytics that define the extent of a given applications’ threat.
  •  Integrating AI, machine learning, and SIEM (Security Information and Event Management) in a single unified platform are enabling organizations to predict, detect, and respond to anomalous behaviors and events. AI and machine learning-based algorithms and predictive analytics are becoming a core part of SIEM platforms today as they provide automated, continuous analysis and correlation of all activity observed within a given IT environment. Capturing, aggregating, and analyzing endpoint data in real-time using AI techniques and machine learning algorithms is providing entirely new insights into asset management and endpoint security. One of the most interesting companies to watch in this area is LogRhythm. They’ve developed an innovative approach to integrating AI, machine learning, and SIEM in their LogRhythm NextGen SIEM Platform, which delivers automated, continuous analysis and correlation of all activity observed within an IT environment. The following is an example of how LogRhythm combines AI, machine learning, and SIEM to bring new insights into securing endpoints across a network.
  • Machine learning is automating the more manually-based, routine incident analysis, and escalation tasks that are overwhelming security analysts today. Capitalizing on supervised machine learnings’ innate ability to fine-tune algorythms in milliseconds based on the analysis of incidence data, endpoint security providers are prioritizing this area in product developnent. Demand from potential customers remains strong, as nearly everyone is facing a cybersecurity skills shortage while facing an onslaught of breach attempts.  “The cybersecurity skills shortage has been growing for some time, and so have the number and complexity of attacks; using machine learning to augment the few available skilled people can help ease this. What’s exciting about the state of the industry right now is that recent advances in Machine Learning methods are poised to make their way into deployable products,” Absolute’s CTO Nicko van Someren added.
  • Performing real-time scans of all processes with an unknown or suspicious reputation is another way how machine learning is improving endpoint security. Commonly referred to as Hunt and Respond, supervised and unsupervised machine learning algorithms are being used today to seek out and resolve potential threats in milliseconds instead of days. Supervised machine learning algorithms are being used to discover patterns in known or stable processes where anomalous behavior or activity will create an alert and pause the process in real-time. Unsupervised machine learning algorithms are used for analyzing large-scale, unstructured data sets to categorize suspicious events, visualize threat trends across the enterprise, and take immediate action at a single endpoint or across the entire organization.
  • Machine learning is accelerating the consolidation of endpoint security technologies, a market dynamic that is motivating organizations to trim back from the ten clients they have on average per endpoint today. Absolute Software’s 2019 Endpoint Security Trends Report found that a typical device has ten or more endpoint security agents installed, each often conflicting with the other. The study also found that enterprises are using a diverse array of endpoint agents, including encryption, AV/AM, and Endpoint Detection and Response (EDR). The wide array of endpoint solutions make it nearly impossible to standardize a specific test to ensure security and safety without sacrificing speed. By helping to accelerate the consolidation of security endpoints, machine learning is helping organizations to see the more complex and layered the endpoint protection, the greater the risk of a breach.
  • Keeping every endpoint in compliance with regulatory and internal standards is another area machine learning is contributing to improving endpoint security. In regulated industries, including financial services, insurance, and healthcare, machine learning is being deployed to discover, classify, and protect sensitive data. This is especially the case with HIPAA (Health Insurance Portability and Accountability Act) compliance in healthcare. Amazon Macie is representative of the latest generation of machine learning-based cloud security services. Amazon Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property and provides organizations with dashboards, alerts, and contextual insights that give visibility into how data is being accessed or moved. The fully managed service continuously monitors data access activity for anomalies and generates detailed alerts when it detects the risk of unauthorized access or inadvertent data leaks. An example of one of Amazon Macie’s dashboard is shown below:

5 Key Insights From Absolute’s 2019 Endpoint Security Trends Report

  • Endpoint security tools are 24% of all IT security spending, and by 2020 global IT security spending will reach $128B according to Morgan Stanley Research.
  • 70% of all breaches still originate at endpoints, despite the increased IT spending on this threat surface, according to IDC.

To better understand the challenges organizations have securing the proliferating number and type of endpoints, Absolute launched and published their 2019 Endpoint Security Trends Report. You can get a copy of the report here. Their findings and conclusions are noteworthy to every organization who is planning and implementing a cybersecurity strategy. Data gathered from over 1B change events on over 6M devices is the basis of the multi-phased methodology. The devices represent data from 12,000 anonymized organizations across North America and Europe. Each device had Absolute’s Endpoint Resilience platform activated. The second phase of the study is based on exploratory interviews with senior executives from Fortune 500 organizations. For additional details on the methodology, please see page 12 of the study.

Key insights from the report include the following:

  1. Increasing security spending on protecting endpoints doesn’t increase an organizations’ safety and in certain cases, reduces it. Organizations are spending more on cybersecurity than ever before, yet they aren’t achieving greater levels of safety and security. Gartner’s latest forecast of global information security and risk management spending is forecast to reach $174.5B in 2022, attaining a five-year Compound Annual Growth Rate (CAGR) of 9.2%. Improving endpoint controls is one of the highest-priority investments driving increased spending. Over 70% of all breaches are still originating at endpoints, despite millions of dollars spent by organizations every year. It’s possible to overspend on endpoint security and reduce its effectiveness, which is a key finding of the study. IBM Security’s most recent Cost of a Data Breach Report 2019 found that the average cost of a data breach in the U.S. grew from $3.54M in 2006 to $8.19M in 2019, a 130% increase in 14 years.
  2. The more complex and layered the endpoint protection, the greater the risk of a breach. One of the fascinating findings from the study is how the greater the number of agents a given endpoint has, the higher the probability it’s going to be breached. Absolute found that a typical device has ten or more endpoint security agents installed, each conflicting with the other. MITRE’S Cybersecurity research practice found there are on average, ten security agents on each device, and over 5,000 common vulnerabilities and exposures (CVEs) found on the top 20 client applications in 2018 alone. Enterprises are using a diverse array of endpoint agents, including encryption, AV/AM, and Endpoint Detection and Response (EDR). The wide array of endpoint solutions make it nearly impossible to standardize a specific test to ensure security and safety without sacrificing speed. Absolute found organizations are validating their endpoint configurations using live deployments that often break and take valuable time to troubleshoot. The following graphic from the study illustrates how endpoint security is driving risk:

  1. Endpoint security controls and their associated agents degrade and lose effectiveness over time. Over 42% of endpoints experience encryption failures, leaving entire networks at risk from a breach. They’re most commonly disabled by users, malfunction or have error conditions or have never been installed correctly in the first place. Absolute found that endpoints often failed due to the fragile nature of their encryption agents’ configurations. 2% of encryption agents fail every week, and over half of all encryption failures occurred within two weeks, fueling a constant 8% rate of decay every 30 days. 100% of all devices experiencing encryption failures within one year. Multiple endpoint security solutions conflict with each other and create more opportunities for breaches than avert them:

  1. One in five endpoint agents will fail every month, jeopardizing the security and safety of IT infrastructure while prolonging security exposures. Absolute found that 19% of endpoints of a typical IT network require at least one client or patch management repair monthly. The patch and client management agents often require repairs as well. 75% of IT teams reported at least two repair events, and 50% reported three or more repair events. Additionally, 5% could be considered inoperable, with 80 or more repair events in the same one-month. Absolute also looked at the impact of families of applications to see how they affected the vulnerability of endpoints and discovered another reason why endpoint security is so difficult to attain with multiple agents. The 20 most common client applications published over 5,000 vulnerabilities in 2018. If every device had only the top ten applications (half), that could result in as many as 55 vulnerabilities per device just from those top ten apps, including browsers, OSs, and publishing tools. The following graphic summarizes the rates of failure for Client/Patch Management Agent Health:

  1. Activating security at the device level creates a persistent connection to every endpoint in a fleet, enabling greater resilience organization-wide. By having a persistent, unbreakable connection to data and devices, organizations can achieve greater visibility and control over every endpoint. Organizations choosing this approach to endpoint security are unlocking the value of their existing hardware and network investments. Most important, they attain resilience across their networks. When an enterprise network has persistence designed to the device level, there’s a constant, unbreakable connection to data and devices that identifies and thwarts breach attempts in real-time.

Bottom Line:  Identifying and thwarting breaches needs to start at the device level by relying on secured, persistent connections that enable endpoints to better detecting vulnerabilities, defending endpoints, and achieve greater resilience overall.

Absolute’s CEO Christy Wyatt On Leading A Cybersecurity Company And The Power Of Resilience

Christy Wyatt’s career exemplifies what you would expect from a high-performing tech leader who thrives on turning challenges into growth. Showing persistence, resiliency, and tenacity – she has a long history of scaling high-growth technology companies and infusing them with greater creative energy, ingenuity, and intensity for results. As CEO of Absolute, she’s leading the company through an evolution that is shifting its focus from simply being known as a ‘track and trace’ company to becoming the world’s most trusted security company delivering endpoint resiliency to businesses of all sizes.

Previously she served as CEO of Dtex Systems, a user behavior intelligence company that grew revenue by 321% last year. Before Dtex, she was Chairman, CEO, and President of Good Technology, the global leader in mobile security where she defined and delivered an aggressive growth strategy before its successful acquisition by BlackBerry. Wyatt began her career as a software engineer and rose through the executive leadership ranks at Citigroup, Motorola, Apple, Palm and Sun Microsystems. She was named one of Inc. Magazine’s Top 50 Women Entrepreneurs in America, CEO of the Year by the Information Security Global Excellence Awards, and one of Fierce Wireless’s Most Influential Women in Wireless.

Insights From Absolute’s Latest Earnings Call

On August 13th, Christy Wyatt and Errol Olsen, CFO of Absolute, hosted the company’s latest earnings call with financial analysts. A transcript of the call is available here. Key insights from the company’s latest quarter and fiscal year-end were shared and included the following:

  • Total revenue in FY19 was $98.9M, representing an increase of 6% over the prior fiscal year with the ACV Base reaching $98M as of June 30, 2019, up $6.5M or 7%, over the prior year.
  • Enterprise sector portion of the ACV Base increased 11% year-over-year. Enterprise customers represented 55% of the ACV Base of June 30, 2019. And the Government sector portion of the ACV Base increased 15% year-over-year, now representing 12% of the ACV Base as of June 30, 2019.
  • Incremental ACV from new customers was $5.2M in FY19, compared to $3.4M in FY18.
  • Adjusted EBITDA in FY19 was $19.3M, or 20% of revenue, up from $9.2M or 10% of revenue, in the prior fiscal year.
  • FY19 Net Income increased 144% over the prior fiscal year based on continued Enterprise market growth.
  • In Q4, Absolute signed a new financial services customer with an ACV just under $1M with their service being delivered by a Managed Service Provider (MSP) that maintains the customers computing infrastructure.
  • Absolute has provided product-level enhancements to make it easier for MSP partners to use their products to support multiple customers, with the strategy paying off with more deals globally.

Christy Wyatt On Competing In Today’s Cybersecurity Industry 

I recently had the opportunity to interview Christy and learn more about how she sees the cybersecurity industry today and where it’s heading, in addition to gaining insights into her and her teams’ goals at Absolute, one of the top 10 cybersecurity companies to watch in 2019. Absolute serves as the industry benchmark for endpoint resilience, visibility, and control. Embedded in over a half-billion devices, the company enables more than 12,000 customers with self-healing endpoint security, always-connected visibility into their devices, data, users, and applications whether endpoints are on or off the corporate network, and the ultimate level of control and confidence required for the modern enterprise.

The following is my interview with Christy:

Louis:             Coming into a new company environment and establishing yourself with credibility in the role is key. What are the things that you’ve gone after immediately to address how the company is doing and where it’s going? In essence, what’s been your 90-day plan, and how’s that going overall?

Christy:          Most incoming CEOs join a company with a thesis about why this is an interesting opportunity and how they can invest significant intellectual capital into it. And then that first 90 days is really about vetting out that model and seeing if the opportunity is real. With Absolute, my thesis was here is a company that very few people understood, with an amazing install base and partner community built around unique self-healing capabilities. If you juxtapose that against the security industry today, you’ll see the glaringly huge problem. There are start-ups after start-ups all claiming they can protect businesses from breaches – so organizations keep buying more and more technology – all while breaches are accelerating. And those businesses keep asking themselves, “Are we more secure? How do I know if my business is more secure?” And the answer is they don’t know.

When I talk to customers, they say, “I have more than ten agents on every laptop in my device fleet. User experience is suffering, and the complexity is mind boggling.” As a CEO, I want to be able to fix that, right? How do we effectively deploy security controls in a way that is healthy and productive for both the laptop and for the user? That’s a massive opportunity, and that’s what gets me excited about Absolute.

Louis:             In your last few earnings calls, you referenced wins in financial services, healthcare, and professional services. What do you attribute the success of Absolute moving more towards the enterprise?

Christy:          The initial transition and increased focus on the enterprise market predates me. Over the past year, however, we’ve expanded our discussions into all the sectors you mention, and more, to better understand what they’re doing around enterprise resilience.

In April, we published original research that examined the state of decay and exposure points around endpoint security. Once we quantified that, we then spent our time with customers talking about what’s happening within their unique environments. What we found was that they had a false sense of security. They have encryption, malware security, and VPN all checked. But based on our research and new analytics, we were able to show them there are gaps in their protection when those agents became un-installed, missed a patch, or conflicted with other controls. That is the rate of decay we are talking about. How to make their existing controls more resilient to decay. We highlighted how their existing deployments degrade, weaken and fail over time. We also showed them some simple strategies to heal and even boost the immune system of their environment. That’s very powerful, and as a result, customers are leaning into our resilience story – it helps them capture the value of the investments they have already made.

Louis:             Regarding your product roadmap and the direction you’re going in, what are some of the plans that you’re looking to be able to capitalize on that presence that you have on billions of devices?

Christy:          Critical to our success has always been our partners. If you look at our Resilience product, which is our enterprise product, we can heal other third-party applications. So if the average enterprise has ten plus security agents deployed, there are probably at least three to five that they care about. They say, “Look, I feel exposed from a compliance perspective or a risk perspective if I don’t have, for example, encryption turned on… and it’s not okay with me that my users can delete something or turn it off.” Our data tells us where and how we can serve, and better secure, those enterprise IT architectures.

There’s a growing list of things within our platform today that we already heal. Broadening our resilience capabilities is something you’re going to see us invest significantly in. And then there’s work we have to do for our customers’ security and IT organizations, pointing them to the specific, critical things that need their focus right now. So if there’s a gap or something has gone offline in their security fabric, I want to bring their attention to it; I want to heal it and fix it. Absolute excels at solving those challenges for our customers.

Louis:             You mention endpoints often, and it makes me think about ‘Zero Trust’ security and the proliferation of IoT and industrial internet of things devices and how that’s flourishing across manufacturing and other distributed based industries like supply chains. What are your long term plans in these areas?

Christy:          We’re doing a lot of work in that space. With 5G quickly evolving, this is going to have a significant impact on the enterprise, and the ability to have similar controls on anything that’s connected to your network will be critical. I think there is a lot of credence in Zero Trust model as one of the many security architectures, but any one of these has to be rooted in something. So even if you’re trying to manage security from the cloud, your efficiency and your effectiveness are only as good as the data that you’re getting. If you don’t have visibility on what’s connected or what’s happening on the endpoint, your ability to diagnose it or fix it is relatively is impacted. My view is whatever you think your security strategy is today, the controls you think you need are going to be completely different 18 months from now. And so the five things you care about persisting and healing today are not going to be the same five things you care about in that timeframe. Our job is leverage our BIOS enabled foundation that allows enterprises to get reliable data, see the things that are protecting their environment, and heal them if something goes wrong – regardless of what their stack looks like.

Louis:             So Absolute becomes a system of record because it is the definitive record of all activity coming off of that laptop or that device that’s enabled at the BIOS level with your technology.

Christy:          I think we’re a big part of that. We’ve talked to a lot of customers, and there are other visibility solutions on the market. A lot of times somebody says, “Well, I have a fill-in-the-blank-security-product, and so I think I see everything.” My answer is the thing they are relying on is likely one of those ten things that are sitting in the stack that has a rate of decay – because it is not rooted in the BIOS so, therefore, it has some inherent vulnerability. So we should be instrumenting that and ensuring that we protect that critical control, ensure it is always running, and heal it if it goes offline. Our customers rely on us because they know that we are giving them the complete picture.

I don’t see the vast ecosystem of security products as competitive to what we are doing. I see those as complementary. Whatever is in your security technology stack, let’s make sure it’s always there, let’s make sure it’s always turned on, and let’s heal it if it goes offline.

Louis:             Regarding the designed-in win you’ve achieved with being embedded at the BIOS level, do you spend time OEMs? How is that all orchestrated at the platform level, or at the OEM level, to ensure that you continue to have that as a competitive advantage?

Christy:          We’ve had very close relationships with our OEM partners for well over a decade. We spend a lot of time looking at both the technical architectures and customer challenges. Every one of our OEM partners has a unique strategy for how they are delivering unique security services to their customers, and we view ourselves as an enabler of those strategies.

Louis:             When you visit customers, what are they most excited about? What’s their burning need right now? What are they focused on?

Christy:          Right now, we’re spending a lot of time with our customers focused on simplifying their experience and making these new capabilities easier to use, and easier to integrate into their environments. A lot of our customers have been with us for a long time and get very excited about how we make their jobs easier with more automation using things like our constantly expanding library of Reach scripts, enabling their IT teams to automate a lot of their endpoint tasks.

Where we also see a significant change in behavior is when we show them the power of some of our Resilience capabilities, paired with some of our analytics pieces. When we show them the state of the endpoint as it applies to their unique environment, where the gaps are, and demonstrate how we can help heal those gaps, I often hear, “Oh, I didn’t know Absolute could do that…” It’s a big departure from where we were ten years ago. So I think we’re going through a period of reintroducing ourselves to our customers and showing them that, even with the technology they already have, they could be doing so much more.

Louis:             How do you build the business case for Absolute?

Christy:          I think it depends on the customer. I think that if they’re a customer that’s talking to us about our visibility and control products, which are really about trust in our BIOS level visibility and control, management and tracking and locating and taking fine grain view at their assets, then I think the conversation is really about return on investment around the asset itself. Using their data to give them valuable insights about the state of their assets, as well as their posture. It’s a conversation about protecting the investment you’re making in your computing infrastructure.

When we’re talking to a customer about resiliency, it’s really about how much they are spending on security and how do we help them get back the return on investment of the dollars they’ve already spent. I believe the frenzy around security spending has put a lot of IT managers into a position where they have deep stacks and are not getting the full return on investment from those controls. We want to help them close the gap.

Louis:             How do you enable innovation of culture and be able to turn out the next generation products?

Christy:          So, I’ve done it a bunch of different ways, and I believe that what is most empowering to people who love to build great products….is when individuals get to see their stuff, their unique idea, their new concept go to market and be used by customers. We are fundamentally builders using our tools to solve customer problems.

What I like is a little bit more of the startup energy. Where people can bring forward ideas, and if we agree this is a cool idea – we invest.  We give them a team and a timeline. We can give those ideas an opportunity for commercialization. And by the way, that’s what engineers and innovators and entrepreneurs love the most. That’s what they want. They get passionate about pointing to a product and saying, “I did that. That’s super cool. It was my idea; they gave me a team. I learned a lot, and I got to have an impact.” And I think that impact is really what fires or fuels the innovation culture.

Why AI Is The Future Of Cybersecurity

These and many other insights are from Capgemini’s Reinventing Cybersecurity with Artificial Intelligence Report published this week. You can download the report here (28 pp., PDF, free, no opt-in). Capgemini Research Institute surveyed 850 senior executives from seven industries, including consumer products, retail, banking, insurance, automotive, utilities, and telecom. 20% of the executive respondents are CIOs, and 10% are CISOs. Enterprises headquartered in France, Germany, the UK, the US, Australia, the Netherlands, India, Italy, Spain, and Sweden are included in the report. Please see page 21 of the report for a description of the methodology.

Capgemini found that as digital businesses grow, their risk of cyberattacks exponentially increases. 21% said their organization experienced a cybersecurity breach leading to unauthorized access in 2018. Enterprises are paying a heavy price for cybersecurity breaches: 20% report losses of more than $50 million. Centrify’s most recent survey, Privileged Access Management in the Modern Threatscape, found that 74% of all breaches involved access to a privileged account. Privileged access credentials are hackers’ most popular technique for initiating a breach to exfiltrate valuable data from enterprise systems and sell it on the Dark Web.

Key insights include the following:

  • 69% of enterprises believe AI will be necessary to respond to cyberattacks. The majority of telecom companies (80%) say they are counting on AI to help identify threats and thwart attacks. Capgemini found the telecom industry has the highest reported incidence of losses exceeding $50M, making AI a priority for thwarting costly breaches in that industry. It’s understandable by Consumer Products (78%), and Banking (75%) are 2nd and 3rd given each of these industry’s growing reliance on digitally-based business models. U.S.-based enterprises are placing the highest priority on AI-based cybersecurity applications and platforms, 15% higher than the global average when measured on a country basis.

  • 73% of enterprises are testing use cases for AI for cybersecurity across their organizations today with network security leading all categories. Endpoint security the 3rd-highest priority for investing in AI-based cybersecurity solutions given the proliferation of endpoint devices, which are expected to increase to over 25B by 2021. Internet of Things (IoT) and Industrial Internet of Things (IIoT) sensors and systems they enable are exponentially increasing the number of endpoints and threat surfaces an enterprise needs to protect. The old “trust but verify” approach to enterprise security can’t keep up with the pace and scale of threatscape growth today. Identities are the new security perimeter, and they require a Zero Trust Security framework to be secure. Be sure to follow Chase Cunningham of Forrester, Principal Analyst, and the leading authority on Zero Trust Security to keep current on this rapidly changing area. You can find his blog here.

  • 51% of executives are making extensive AI for cyber threat detection, outpacing prediction, and response by a wide margin. Enterprise executives are concentrating their budgets and time on detecting cyber threats using AI above predicting and responding. As enterprises mature in their use and adoption of AI as part of their cybersecurity efforts, prediction and response will correspondingly increase. “AI tools are also getting better at drawing on data sets of wildly different types, allowing the “bigger picture” to be put together from, say, static configuration data, historic local logs, global threat landscapes, and contemporaneous event streams,” said Nicko van Someren, Chief Technology Officer at Absolute Software.

  • 64% say that AI lowers the cost to detect and respond to breaches and reduces the overall time taken to detect threats and breaches up to 12%. The reduction in cost for a majority of enterprises ranges from 1% – 15% (with an average of 12%). With AI, the overall time taken to detect threats and breaches is reduced by up to 12%. Dwell time – the amount of time threat actors remain undetected – drops by 11% with the use of AI. This time reduction is achieved by continuously scanning for known or unknown anomalies that show threat patterns. PetSmart, a US-based specialty retailer, was able to save up to $12M by using AI in fraud detection from Kount. By partnering with Kount, PetSmart was able to implement an AI/Machine Learning technology that aggregates millions of transactions and their outcomes. The technology determines the legitimacy of each transaction by comparing it against all other transactions received. As fraudulent orders were identified, they were canceled, saving the company money and avoiding damage to the brand. The top 9 ways Artificial Intelligence prevents fraud provides insights into how Kount’s approach to unsupervised and supervised machine learning stops fraud.

  • Fraud detection, malware detection, intrusion detection, scoring risk in a network, and user/machine behavioral analysis are the five highest AI use cases for improving cybersecurity. Capgemini analyzed 20 use cases across information technology (IT), operational technology (OT) and the Internet of Things (IoT) and ranked them according to their implementation complexity and resultant benefits (in terms of time reduction). Based on their analysis, we recommend a shortlist of five high-potential use cases that have low complexity and high benefits. 54% of enterprises have already implemented five high impact cases. The following graphic compares the recommended use cases by the level of benefit and relative complexity.

  • 56% of senior execs say their cybersecurity analysts are overwhelmed and close to a quarter (23%) are not able to successfully investigate all identified incidents. Capgemini found that hacking organizations are successfully using algorithms to send ‘spear phishing’ tweets (personalized tweets sent to targeted users to trick them into sharing sensitive information). AI can send the tweets six times faster than a human and with twice the success. “It’s no surprise that Capgemini’s data shows that security analysts are overwhelmed. The cybersecurity skills shortage has been growing for some time, and so have the number and complexity of attacks; using machine learning to augment the few available skilled people can help ease this. What’s exciting about the state of the industry right now is that recent advances in Machine Learning methods are poised to make their way into deployable products,” said Nicko van Someren, Chief Technology Officer at Absolute Software.

Conclusion

AI and machine learning are redefining every aspect of cybersecurity today. From improving organizations’ ability to anticipate and thwart breaches, protecting the proliferating number of threat surfaces with Zero Trust Security frameworks to making passwords obsolete, AI and machine learning are essential to securing the perimeters of any business.  One of the most vulnerable and fastest-growing threat surfaces are mobile phones. The two recent research reports from MobileIronSay Goodbye to Passwords (4 pp., PDF, opt-in) in collaboration with IDG, and Passwordless Authentication: Bridging the Gap Between High-Security and Low-Friction Identity Management (34 pp., PDF, opt-in) by Enterprise Management Associates (EMA) provide fascinating insights into the passwordless future. They reflect and quantify how ready enterprises are to abandon passwords for more proven authentication techniques including biometrics and mobile-centric Zero Trust Security platform.

%d bloggers like this: