Criminals know they are on the organization’s network simply by finding an unprotected machine ID. Their breach analysis shows that they are moving sideways between systems, departments, and servers, searching for the most valuable data while embedding ransomware. Attackers often scan the corporate network to find unprotected machine IDs that can be exploited. These factors are the reason why machine IDs are a popular attack surface today.
Why machine identities need zero trust
Organizations are competing in the world of zero trust today and quickly realize that every endpoint, human or machine, is a new security perimeter. Virtual workers stay here and create thousands of new mobility, devices, and IoT endpoints. Enterprises are also expanding their technology stack to gain insights from real-time surveillance data collected by edge computing and IoT devices.
Forrester estimates that machine IDs (including bots, robots, and IoT) are growing twice as fast as human IDs on enterprise networks. The combination of these factors results in inadequate protection of machine IDs, resulting in economic losses of $51.5 billion to $71.9 billion. The exposed API also puts machine IDs at risk, causing machine ID attacks that increased by 400 between 2018 and 2019 and by more than 700 between 2014 and 2019.
Defining machine identities
CISOs tell VentureBeat that they are selectively applying AI and machine learning to the areas of endpoints, certificates, and key lifecycle management strategies that require greater automation and scalability today. .. An example is for financial services companies pursuing a zero trust strategy to use AI-based Unified Endpoint Management (UEM). It uses AI to analyze each endpoint and provide the right patch for everyone to keep machine-based endpoints up-to-date with patches.
How AI is protecting machine identities
According to a recent conversation between VentureBeat and the CISO of a Fortune 100 company, it’s common for companies to not know how many machine IDs they have at a given point in time. This is understandable given that 25% of security leaders say that the number of IDs they manage has increased more than 10 times last year.
Most CISOs that VentureBeat speaks of have long-term zero trust strategies that have their board of directors support them. The board wants a new digital first initiative to increase revenue while reducing the risk of cyberattacks. The CISO suffers from the tremendous workload of protecting machine identities while pursuing zero trust. The answer lies in using AI and machine learning to automate key areas of endpoint lifecycle management.
The following are five key areas AI and machine learning (ML) show the potential to protect machine identities in an increasingly zero-trust world.
Automating machine governance and policies –
To successfully secure communication between machines, start by consistently applying governance and policies to all endpoints. Unfortunately, this is not easy. This is because many organizations rely on siloed systems that provide little or no visibility and control to the CISO and its team. The CISO recently told VentureBeat that it’s frustrating to think about how much innovation is happening in cybersecurity. Currently, there is no single pane showing the integrity of all machine IDs and their governance, user policies, and endpoints. Vendors in this area include Ericom with the ZTEdge SASE platform and an automated policy builder that uses machine learning to create and manage policies at the user or machine level. Their customers say that policy builders are effective in automating repetitive tasks and providing higher policy accuracy than otherwise possible. Other notable vendors include Delinea Microsoft Security, Ivanti, SailPoint, Venafi, and ZScaler.
Automating patch management while improving visibility and control-
Cybersecurity vendors prioritize patch management, increased visibility, and machine identity control to drive business cases whose results are funded. Patch management in particular is currently a fascinating area of ​​AI-based innovation for machine-based innovation. The CISO tells VentureBeat that cross-departmental teams are not communicating with each other, both within IT and across the business, when there are large inventory gaps in assets, such as errors in key management databases.
Key and digital certificate configuration
Perhaps one of the weakest links in machine ID and machine lifecycle management, the key and digital certificate configuration is often stored in spreadsheets and rarely updated to the current configuration. The CISO tells VentureBeat that this space suffers from a lack of resources within the organization and a chronic shortage of cybersecurity and IT to address. Each machine needs a unique ID to manage and secure connections and communications between machines over the network.
These digital IDs are often assigned via SSL, TLS or authentication tokens, SSH keys, or code design certificates. Criminals often target this area looking for ways to compromise SSH keys, bypass co-designed certificates, or compromise SSL and TLS certificates. AI and machine learning can help you overcome the challenge of properly assigning and maintaining up-to-date keys and digital certificates for each machine ID in your organization’s network. The goal is to rely on the algorithm to use each key and digital certificate to ensure the accuracy and integrity of each machine ID.
UEM for machine identities.
The adoption of AI and ML will accelerate fastest if these core technologies are incorporated into endpoint security platforms that are already deployed across the enterprise. The same applies to the machine ID UEM. An AI-based approach to managing machine-based endpoints enables real-time operating system, patch, and application updates that are most needed to keep each endpoint secure.
A secure future for machine identity
Due to the complexity of machine identities, it is difficult to protect machine identities on a large scale and throughout their life cycle, further complicating the CISO’s efforts to protect machine identities as part of its Zero Trust security strategy. However, this is the most pressing issue that many organizations need to address. This is because a single compromised machine ID can bring down the entire corporate network. According to the CISO, the unique strengths of AI and machine learning have been successful in five key areas. First, to spend more on endpoint security, business cases need data to back them up, especially if the goal is to mitigate risk and ensure business continuity. AI and ML provide data technology and foundations to deliver results in five key areas, from machine control and policy automation to UEM implementation. The worst ransomware attacks and security breaches in 2021 began with the breach of machine IDs and digital certificates. The bottom line is that every business in the Zero Trust world competes with mixed threats targeting all available unprotected machines.
