• United States




The future of AI and endpoint security

Jan 18, 20185 mins
Artificial IntelligenceData and Information SecurityEndpoint Protection

Endpoints are the weakest link in your enterprise security chain. Is AI the solution?

network security digital internet firewall binary code
Credit: Thinkstock

Ensuring endpoint security has always been a key challenge for enterprises.

But whereas it was once enough to install antivirus (AV) software across a network and expect a reasonable level of endpoint protection, this is no longer the case.

With the proliferation of bring your own device policies in the workplace and the wide variety of smart devices available to end users, not to mention the growth of IoT, there are more endpoints than ever, and endpoint security has never been more under threat.

Various studies put the number of security breaches originating at endpoints between 70 and 95 per cent.

This does not necessarily imply insider threat, even though this is a big issue, it could also suggest phishing attacks are still successful.

Indeed, the 2017 Verizon Data Breach Investigations Report said that despite many warnings about the dangers of opening unknown emails and efforts to increase awareness through employee training, phishing scams continue to thrive.  

According to the DBIR, 95 percent of phishing attacks that resulted in a breach were followed by a software installation, depositing malware on a system.

AV and anti-malware software is still a basic necessity, but even the best software can only react to already known threats - human intervention is needed to ensure new threats are covered.

Regular software updates aren't enough to deal with the multiple threats facing enterprises today - cyberattacks are evolving quickly and enterprises have to play catch up to protect their end users and their valuable data.

Even teams of human security analysts could not hope to sift through all the data provided by an enterprise's AV and anti-malware software, and most enterprises will only have a small number of individuals devoted to cybersecurity anyway.

There have also been a number of trust issues around AV, with the recent controversy over software made by Russia-based Kaspersky Labs a prominent example.

Despite being one of the largest antivirus providers in the world, Kaspersky's software was banned for use in U.S. Government departments last September after the Department of Homeland Security alleged it could enable Russian espionage and threaten national security.

Although no solution is going to entirely protect all endpoints against all cyber threats, one option is to use artificial intelligence (AI) algorithms and machine learning.

Machine learning, which enables systems to learn from data without specific programming, could be used to gather and analyze data and identify threats that could point to enterprise level cyberattacks.

These threats could then be stopped at the endpoint before they cause any damage.

AI is many times faster than any human security analyst could ever hope to be, calculating literally millions of possibilities every second.

The best recent example was when machine learning technology was able to detect and protect many systems from last year's WannaCry ransomware outbreak, which bypassed almost all traditional AV software and other systems.

The WannaCry attack hit over 200 thousand computers in 150 countries, including NHS computer systems in the U.K., and perfectly illustrates the need for increased and enhanced endpoint security.

The key to machine learning success currently lies in the cloud. Traditional servers are not large or fast enough to process the data and create the models needed to detect and combat attacks, but by using cloud servers the process is quicker, easier and much more affordable than ever before, bringing it into the reach of more enterprises.

Hackers are already using automated systems, machine learning and AI to create new cyber threats. Security experts think the next 12 months will see an acceleration in the adoption of machine learning by hackers as they try to carry out increasingly sophisticated phishing attacks.

However, AI antivirus solutions are still relatively thin on the ground. Although a small number of companies do offer machine learning and AI cyber threat solutions for endpoints, such as Cylance, Darktrace and Symantec, this really should become the industry standard.

Microsoft at least seems to have learned from its experience of WannaCry and is apparently turning to AI to create the next generation of anti-virus software. A recent security update incorporated machine learning from millions of computers running Windows 10, which the corporation says will create an artificial intelligence antivirus that can detect malware.

While this is a good start, the wider cybersecurity industry must wake up to the AI imbalance and address it quickly if we are to stay one step ahead of the hackers and avoid more incidents like WannaCry.


Debbie Garside is founder of GeoLang, a provider of sustainable cyber solutions, and a renowned cyber security and cloud computing expert.

Debbie has been an entrepreneur successfully running IT companies for past 25 years. She is an expert in cyber security and natural language, was appointed the first Prince of Wales Innovation Scholar at the University of Wales and has just finalized her PhD thesis on Human Visual Perception in Cyber Security – her related patent to a new Pseudo-isochromatic second generation CAPTCHA system based on her PhD has been granted. As the Principal UK Expert for Language Encoding, Debbie was until recently editor of two international ISO standards, and a BSI and ISO Chair.

Also a member of the advisory board for HPC Wales, a €40 million high performance computing project, Debbie is a named contributor to a number of internet standards produced by the Internet Engineering Task Force, and has been an advisor to Wikimedia Foundation (overseeing Wikipedia activity) on natural language.

Debbie currently sits on the KTN Defence and Security Advisory Board and is a member of the Cloud Industry Forum. Debbie recently accompanied the UK Prime Minister on a bi-lateral trade mission to India as part of a “Best of British” showcase. Debbie is also the Product Owner for Ascema feeding insights from industry into product development.

The opinions expressed in this blog are those of Debbie Garside and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.