Next-generation endpoint security goes beyond the endpoint

AI and behavioral analysis are key to elevating the level of security for devices and back-end systems and are a prerequisite for IoT devices and services. Is your vendor moving in the right direction?

Tiny figures are drawn toward a big, glowing lightbulb with a security shield. [idea/opportunity]
Digital Storm / Peshkov / Getty Images

Security remains in the top three concerns of most enterprises, as a plethora of end point devices (especially smartphones and tablets) are deployed. We’re also seeing a move to a distribution of corporate apps to on-device, on-prem data center and hybrid cloud approaches that provide a major challenge to implementing a consolidated approach to security and authentication.

One of the primary ways bad actors get into corporate systems is though stolen identity credentials. The old way of doing security for authentication (i.e., user name and password) are still dominant and won’t disappear quickly, but their usefulness as a secure solution is coming to an end.  

Device and data security using on-device signatures and file scans are also still dominant as most organizations use some form of antivirus tools to try and protect against hacks. These, too, are rapidly becoming obsolete as a sole means of securing the device, especially as zero day exploits, which are not easily detected by signature based systems are becoming a major problem.

As a result, the use of AI tools to effectively monitor device actions and events (e.g., app-device resource interactions, file data transfers, modification of the OS and/or BIOS, etc.) is rapidly gaining ground. New entrants such Cylance (which was acquired by BlackBerry), Okta, Splunk, Bromium (acquired by HP), Crowdstrike, Carbon Black (acquired by VMware) and so are gaining market traction, and traditional infrastructure security vendors are adding AI capability (e.g., Cisco, Symantec, McAfee, Microsoft, IBM, etc.), either of their own design or through acquisition.

Where does security go from here?

While current security and authentication products are being upgraded, more needs to be done. Next-generation security and authentication tools will be about behavioral ....

Log in or subscribe to Insider Pro to read the full analysis.

 

Security remains in the top three concerns of most enterprises, as a plethora of end point devices (especially smartphones and tablets) are deployed. We’re also seeing a move to a distribution of corporate apps to on-device, on-prem data center and hybrid cloud approaches that provide a major challenge to implementing a consolidated approach to security and authentication.

One of the primary ways bad actors get into corporate systems is though stolen identity credentials. The old way of doing security for authentication (i.e., user name and password) are still dominant and won’t disappear quickly, but their usefulness as a secure solution is coming to an end.  

Device and data security using on-device signatures and file scans are also still dominant as most organizations use some form of antivirus tools to try and protect against hacks. These, too, are rapidly becoming obsolete as a sole means of securing the device, especially as zero day exploits, which are not easily detected by signature based systems are becoming a major problem.

As a result, the use of AI tools to effectively monitor device actions and events (e.g., app-device resource interactions, file data transfers, modification of the OS and/or BIOS, etc.) is rapidly gaining ground. New entrants such Cylance (which was acquired by BlackBerry), Okta, Splunk, Bromium (acquired by HP), Crowdstrike, Carbon Black (acquired by VMware) and so are gaining market traction, and traditional infrastructure security vendors are adding AI capability (e.g., Cisco, Symantec, McAfee, Microsoft, IBM, etc.), either of their own design or through acquisition.

Where does security go from here?

While current security and authentication products are being upgraded, more needs to be done. Next-generation security and authentication tools will be about behavioral analysis and advanced biometrics that look at various aspects of the user interactions with the device/app/network/cloud to assess whether the action is safe or should be curtailed.

The system will “learn” about each user and apply the appropriate security rules necessary, guided by corporate rules associated with that user. This is useful not only in single user per device models, but especially in the increasingly common “one device-many users” approach in markets like retail, manufacturing, services and so on

How will AI security work?

Secure authentication will be based on analyzed behaviors like methods of typing (e.g., speed of keystrokes), mouse movements, and potentially voice and/or physical appearance. It will also include common use of specific apps, knowledge of user data needs and other activities that are uniquely recognized per user.  

While this is useful for common endpoints and data interactions on traditional compute equipment, it becomes mission critical for nontraditional compute devices (e.g., autonomous vehicles), especially in support of multiple users/operators, for which we need to move beyond traditional keyboard accessed authentication (there may not even be a keyboard). This approach also has the ability to eliminate the need to carry a multi-factor authentication “token” (e.g., RSA SecurID, security cards) that can be unavailable or lost.

New authentication for the world of IoT and 'things'

Traditional security does not fit very well into the world of IoT, where traditional keyboard/mouse/screen interactions may not exist. As an example, next-generation authentication/security will be required for advanced systems like autonomous vehicles. Recently, BlackBerry Cylance [full disclosure – as an industry analyst I work with many companies and BlackBerry is one] , showed a platform concept called Persona that provides advanced behavioral analysis to implement authentication and security mechanisms by monitoring things like steering interactions, rate of braking and acceleration, etc. This enables a single device (in this case a car) to be operated by more than one user while still preventing unauthorized users from operating the vehicle.

Cylance is not the only company working on such AI-based solutions, but it seems to currently be ahead in showing a working concept and is very focused on making this available in conjunction with the QNX OS powering many automotive systems like infotainment, motion control, and soon autonomous driving.

The challenge of this system is that it must be built into the car when it’s designed and manufactured, and so retrofitting current vehicles is not an option. Since the average car is on the road for 7-10 years, this means it will take a long time for a significant number of so-equipped vehicles to be in market. Nevertheless, I expect this to be a common feature in new cars within the next 3-4 years (it takes 1-3 years to design a new car before production – hence the significant time lag), starting in high-end models and then working its way down to the lower end.

This solution is not only appropriate for autonomous vehicles, but would be advantageous in other IoT solutions like medical and healthcare appliances, personal security systems, home automation and so on where mission critical security is paramount. I expect to see similar solutions as described above to come to market in the next 1-2 years, as more and more security is placed into IoT solutions that often have weak to no security currently.

Bottom Line: The current generation of security and authentication products have some significant holes when it comes to protecting devices and/or corporate data. We must move beyond simplistic login name and password systems to increase security generally and impede data theft and ransomware.

Next-generation systems built on AI and behavioral analysis are key to elevating the level of security for devices and back-end systems and are a prerequisite for newer IoT devices and services. Companies should be evaluating such systems now and formulate a plan to implement them over the next 1-2 years. If your current security vendor is not moving in this direction, it’s time to find another one.