How self-healing endpoints are a solution to identities under siege

>>Don’t miss our special issue: How Data Privacy Is Transforming Marketing.<<

Cyberattackers steal identity and financial data by scanning endpoints for security gaps, combining intrusion, ransomware, social engineering and malware-free techniques to take control. Crippling endpoints to make them inoperable and then compromising corporate networks is common. CrowdStrike’s Falcon OverWatch Threat Hunting Report discovered that malware-free intrusion activity accounts for 71% of all detections indexed by the CrowdStrike Threat Graph. 

Unfortunately, malware-free intrusions are among the most difficult to identify and stop. Cyberattackers breach endpoints to hack into identity access management (IAM) systems and gain access to human and machine identities. They’re after admin rights, including privileges, to create new accounts and logins. 

Endpoints are under siege for identity data 

Gartner found that 75% of security failures [subscription required] are attributable to human error in managing access privileges and identities, up from 50% two years ago. Another factor making endpoints vulnerable is how overloaded they are with security controls and clients. Each client is decaying at a different rate, creating software conflicts that leave endpoints open to attack. On average, there are 11.7 security controls installed on an endpoint today, based on Absolute Software’s latest Endpoint Risk Report. In addition, 59% have an IAM client installed, and 52% have three or more endpoint management clients running concurrently.

Earlier this year on CNBC and at CrowdStrike’s Fal.Con conference, CrowdStrike President, CEO and cofounder George Kurtz said that 80% of breaches are identity-based. “Identity threat is one of the biggest attack vectors CrowdStrike sees and is responsible for 80% of attacks and compromises. Some sort or form of identity, credential theft is the most common attack vector,” he said during his keynote at CrowdStrike’s Fal.Con conference earlier this year. 

Endpoint security spending is soaring in response to identity threats   

Organizations continue to spend record amounts on endpoint security in response to growing threats of IAM breaches. At the same time, cyberattackers automate endpoint intrusion techniques faster than enterprises can respond. As a result, the endpoint security market is projected to grow from $14.9 billion this year to $25.1 billion by 2028, attaining a compound annual growth rate (CAGR) of 9%. More than 150 vendors compete directly or with adjacent products in the endpoint security market, with many claiming self-healing capability. G2 is currently tracking 42 of the leading endpoint protection platforms. 

Gartner’s latest forecast [subscription required] for end-user spending on information security and risk management systems and solutions is projected to grow at a constant-currency CAGR of 11% through 2026, reaching $262 billion that year. In addition, end-user spending globally on zero-trust network access (ZTNA) systems and solutions is forecast to grow from $819 million in 2022 to $2 billion in 2026, attaining a CAGR of 19.6%. Gartner is seeing a 60% year-over-year growth rate in ZTNA adoption. The 2022 Market Guide for Zero-Trust Network Access is noteworthy in providing insights into all that CISOs need to know about zero-trust security. 

Ericom’s latest Zero Trust Market Dynamics Survey found that 42% of companies start their zero trust initiatives with IAM. In addition, the majority of security and risk management professionals, 83%, also believe zero trust is strategically important to their business operations. The Microsoft Zero Trust Adoption Report found that 96% of security decision-makers say zero trust is critical to their organization’s success.

Adopting self-healing endpoints as part of a ZTNA security framework helps save the IT and security team valuable time. 51% of enterprises say that adopting a ZTNA security framework helps make security a higher priority throughout their company cultures. A close second benefit of ZTNA is increasing productivity at 48% of enterprises, followed by reducing risk at 47%. Implementing a ZTNA security framework also helps reduce the time spent on manually-intensive administrative security tasks, giving more time back to IT and security teams to concentrate on more complex problems. 

During a recent interview with VentureBeat, Daren Goeson, vice president digital experience products at Ivanti, said, “Adding self-healing capabilities to every endpoint is essential to alleviate the burden of manual process placed on your IT team. AI-powered automation allows you to proactively secure and heal all devices before issues impact the employee experience. When a solution such as Ivanti Neurons for Healing fixes a problem before an employee even notices there is one, it creates a seamless Digital Employee Experience (DEX), which is essential to enabling security and productivity in the hybrid and remote workplace.” 

More resilient, self-healing endpoints will help  

Endpoint attacks aimed at compromising identities are the fastest-growing threat vector there is. However, self-healing endpoints are proving effective as part of the ZTNA framework in identifying intrusions and stopping breach attempts from succeeding. In addition, artificial intelligence (AI) and machine learning are gaining adoption in self-healing endpoint management solutions, as illustrated by CrowdStrike Falcon, Ivanti Neurons, Microsoft Defender and other self-healing endpoint management systems. As a result, AI is bringing greater resilience to self-healing endpoints.  

“Endpoint management and self-healing capabilities allow IT teams to discover every device on their network, and then manage and secure each device using modern, best-practice techniques that ensure end users are productive and company resources are safe,” Srinivas Mukkamala, chief product officer at Ivanti told VentureBeat recently during an interview. “Automation and self-healing improves employee productivity, simplifies device management and improves security posture by providing complete visibility into an organization’s entire asset estate and delivering automation across a broad range of devices,” Mukkamala explained.  

Forrester’s report on self-healing endpoints, the Future of Endpoint Management, provides insights and guidance to CISOs on why self-healing endpoints need to be part of their strategic security plans. Andrew Hewitt, senior analyst at Forrester andauthor of the report, told VentureBeat in an interview that “self-healing will need to occur at multiple levels: 1) application, 2) operating system, and 3) firmware. Of these, self-healing embedded in the firmware will prove the most essential because it will ensure that all the software running on an endpoint, even agents that conduct self-healing at an OS level, can effectively run without disruption.”

Self-healing endpoints are most effective when designed into supporting platforms from the first written code. For example, endpoint protection platforms (EPP), endpoint detection and response (EDR), and extended detection and response (XDR) platforms automate endpoint management at scale and save valuable IT and security time in the process. Self-healing endpoints designed into these platforms capitalize on the telemetry data collected continuously to improve accuracy and resiliency. 

By definition, self-healing endpoints will shut down, validate their OS, application and patch versioning, and then reset themselves to an optimized configuration. Absolute Software, Akamai, Blackberry, Cisco’s self-healing networks, Ivanti, Malwarebytes, McAfee,  Microsoft 365, Qualys, SentinelOne, Tanium, Trend Micro, Webroot, and many others have endpoints that can autonomously self-heal themselves. Hewitt told VentureBeat that “most self-healing firmware is embedded directly into the OEM hardware. It’s worth asking about this in up-front procurement conversations when negotiating new terms for endpoints. What kinds of security are embedded in hardware? Which players are there? What additional management benefits can we accrue?“

Forrester also found that “one global staffing company is already embedding self-healing at the firmware level using Absolute Software’s Application Persistence capability to ensure that its VPN remains functional for all remote workers.”  Firmware-based self-healing endpoints create an undeletable digital tether to every PC-based endpoint. 

Hewitt also told VentureBeat during an interview that “firmware-level self-healing helps in several ways. First, it ensures that any corruption in the firmware is healed in and of itself. Secondarily, it also ensures that agents running on the devices heal. So, for example, if you have an endpoint security agent running on an endpoint, and it crashes or becomes corrupted somehow, firmware-level self-healing can help to fix it quickly and get it functioning properly again.”

Resilience is key to stopping breaches 

Self-healing endpoints are proving their value as part of ZTNA frameworks while reducing manual administrative tasks for IT and security teams. Of the wide variety of self-healing endpoint techniques and technologies in use today, firmware-based approaches deliver visibility into an endpoint’s configuration while protecting it. 

AI and machine learning-based approaches from Cisco, CrowdStrike, Ivanti, Microsoft and others have proven effective in providing accurate anomaly detection and incident response results that can autonomously track, quarantine or remove an inbound threat. 

The three most-proven approaches to providing accurate, resilient self-healing endpoints are AI-enabled agents or bots, behavioral-based detections and firmware-embedded self-healing technologies.

Originally appeared on: TheSpuzz