How AI is protecting machine identities in a zero-trust world

Criminals know they are on the organization’s network simply by finding an unprotected machine ID. Their breach analysis shows that they are moving sideways between systems, departments, and servers, searching for the most valuable data while embedding ransomware. Attackers often scan the corporate network to find unprotected machine IDs that can be exploited. These factors are the reason why machine IDs are a popular attack surface today.

Why machine identities need zero trust

Organizations are competing in the world of zero trust today and quickly realize that every endpoint, human or machine, is a new security perimeter. Virtual workers stay here and create thousands of new mobility, devices, and IoT endpoints. Enterprises are also expanding their technology stack to gain insights from real-time surveillance data collected by edge computing and IoT devices.

Forrester estimates that machine IDs (including bots, robots, and IoT) are growing twice as fast as human IDs on enterprise networks. The combination of these factors results in inadequate protection of machine IDs, resulting in economic losses of $51.5 billion to $71.9 billion. The exposed API also puts machine IDs at risk, causing machine ID attacks that increased by 400 between 2018 and 2019 and by more than 700 between 2014 and 2019.

Defining machine identities

How AI is protecting machine identities in a zero-trust world 1
Getting zero trust strategies to scale for machine identities is challenging given how versatile their configurations are, combined with how certificate and key management needs to be consistent across each devices’ lifecycle to be effective.

CISOs tell VentureBeat that they are selectively applying AI and machine learning to the areas of endpoints, certificates, and key lifecycle management strategies that require greater automation and scalability today. .. An example is for financial services companies pursuing a zero trust strategy to use AI-based Unified Endpoint Management (UEM). It uses AI to analyze each endpoint and provide the right patch for everyone to keep machine-based endpoints up-to-date with patches.

How AI is protecting machine identities

According to a recent conversation between VentureBeat and the CISO of a Fortune 100 company, it’s common for companies to not know how many machine IDs they have at a given point in time. This is understandable given that 25% of security leaders say that the number of IDs they manage has increased more than 10 times last year.

84% of security leaders say they have doubled the number of IDs they manage last year. All of this adds to the workload of the already growing IT and security teams, 40% of which still use spreadsheets to manually track digital certificates, and 57% of organizations have SSH key accuracy. Certificate failures, key misuse or theft (including granting more privileges to employees who don’t need them), and audit failures are signs of greater machine identity and endpoint security issues.

Most CISOs that VentureBeat speaks of have long-term zero trust strategies that have their board of directors support them. The board wants a new digital first initiative to increase revenue while reducing the risk of cyberattacks. The CISO suffers from the tremendous workload of protecting machine identities while pursuing zero trust. The answer lies in using AI and machine learning to automate key areas of endpoint lifecycle management.

The following are five key areas AI and machine learning (ML) show the potential to protect machine identities in an increasingly zero-trust world.

Automating machine governance and policies –

To successfully secure communication between machines, start by consistently applying governance and policies to all endpoints. Unfortunately, this is not easy. This is because many organizations rely on siloed systems that provide little or no visibility and control to the CISO and its team. The CISO recently told VentureBeat that it’s frustrating to think about how much innovation is happening in cybersecurity. Currently, there is no single pane showing the integrity of all machine IDs and their governance, user policies, and endpoints. Vendors in this area include Ericom with the ZTEdge SASE platform and an automated policy builder that uses machine learning to create and manage policies at the user or machine level. Their customers say that policy builders are effective in automating repetitive tasks and providing higher policy accuracy than otherwise possible. Other notable vendors include Delinea Microsoft Security, Ivanti, SailPoint, Venafi, and ZScaler.

Ericom’s AI-based Automatic Policy Builder automatically creates policies for each user based on their observed behavior based on applications and machines typically accessed. Policies can be manually adjusted and updated to create a personalized policy, enabling least-privilege access without burdening IT staff.

Automating patch management while improving visibility and control-

Cybersecurity vendors prioritize patch management, increased visibility, and machine identity control to drive business cases whose results are funded. Patch management in particular is currently a fascinating area of ​​AI-based innovation for machine-based innovation. The CISO tells VentureBeat that cross-departmental teams are not communicating with each other, both within IT and across the business, when there are large inventory gaps in assets, such as errors in key management databases.

Vulnerability scans should be defined based on a particular organization’s risk tolerance, compliance requirements, asset class types and classifications, and available resources. This is a perfect use case for AI and algorithms to solve complex constraint-based problems involving paths of thousands of machines in a very short time. A data-driven approach to patch management helps organizations defend against ransomware attacks. Leading vendors in this area include BeyondTrust, Delinea, Ivanti, KeyFactor, Microsoft Security, Venafi and ZScaler.
How AI is protecting machine identities in a zero-trust world 2
Cisco’s AI Endpoint Analytics platform aggregates data from various sources in the network, collates and analyzes it to build a detailed endpoint profile, and groups similar endpoints by applying artificial intelligence and machine learning (AI/ML) techniques.

Key and digital certificate configuration

Perhaps one of the weakest links in machine ID and machine lifecycle management, the key and digital certificate configuration is often stored in spreadsheets and rarely updated to the current configuration. The CISO tells VentureBeat that this space suffers from a lack of resources within the organization and a chronic shortage of cybersecurity and IT to address. Each machine needs a unique ID to manage and secure connections and communications between machines over the network.

These digital IDs are often assigned via SSL, TLS or authentication tokens, SSH keys, or code design certificates. Criminals often target this area looking for ways to compromise SSH keys, bypass co-designed certificates, or compromise SSL and TLS certificates. AI and machine learning can help you overcome the challenge of properly assigning and maintaining up-to-date keys and digital certificates for each machine ID in your organization’s network. The goal is to rely on the algorithm to use each key and digital certificate to ensure the accuracy and integrity of each machine ID.

UEM for machine identities.

The adoption of AI and ML will accelerate fastest if these core technologies are incorporated into endpoint security platforms that are already deployed across the enterprise. The same applies to the machine ID UEM. An AI-based approach to managing machine-based endpoints enables real-time operating system, patch, and application updates that are most needed to keep each endpoint secure.

Leaders in this area include Resilience of Absolute Software, the industry’s first self-healing zero trust platform. According to the G2 Crowds Cloud Sourcing Review, it’s worth noting in asset management, device and application control, endpoint intelligence, incident reporting, and compliance. Ivanti Neurons for UEM leverages AI-enabled bots to search for machine IDs and endpoints and automatically update without prompting. The approach to self-healing endpoints is noteworthy as it creatively combines AI, ML and bot technologies to provide UEM and patch management on a large scale across the customer base. Other vendors highly valued by G2 Crowd include CrowdStrike Falcon and VMWare Workspace ONE.

A secure future for machine identity

Due to the complexity of machine identities, it is difficult to protect machine identities on a large scale and throughout their life cycle, further complicating the CISO’s efforts to protect machine identities as part of its Zero Trust security strategy. However, this is the most pressing issue that many organizations need to address. This is because a single compromised machine ID can bring down the entire corporate network. According to the CISO, the unique strengths of AI and machine learning have been successful in five key areas. First, to spend more on endpoint security, business cases need data to back them up, especially if the goal is to mitigate risk and ensure business continuity. AI and ML provide data technology and foundations to deliver results in five key areas, from machine control and policy automation to UEM implementation. The worst ransomware attacks and security breaches in 2021 began with the breach of machine IDs and digital certificates. The bottom line is that every business in the Zero Trust world competes with mixed threats targeting all available unprotected machines.