Intelligent Tech Channels Issue 29 | Page 38

How important is Machine Learning for endpoint security? Machine Learning or Artificial Intelligence (AI) is very important for endpoint security. If you think about it, a machine works at machine speed, processing of data is fast and the decision-making aspect of it is also fast. When it comes to next-generation cybersecurity, traditional on-premise signature database protection models are ineffective and lack administrator visibility. Most traditional and next-gen approaches rely on scanning files to detect attacks, which makes them extremely vulnerable to new attack techniques. The shortcomings of other products are especially relevant to today’s live and fileless attacks. The on-agent AI detection engines allow SentinelOne to autonomously detect and respond to malicious behaviour immediately, offering machine speed responses such as on-agent remediation and rollback. To adequately defend the business and adopt cloud, containers, IoT and more, organisations need dynamic Artificial Intelligence-driven (AI) next-generation endpoint protection platforms that defend every endpoint against all types of attacks, at every stage in the threat lifecycle without the need for human intervention. Why is minimal dwell time so important and how does your technology address this? In our opinion, there is no such thing as minimal or maximal dwell time, all the talks about keeping a breach dwell time under 200 days instead of the average 285 days Tamer Odeh, Regional Director at SentinelOne in the Middle East When accessing corporate networks remotely, there is a higher risk of unauthorised access and data leakage. are pointless. If an attack takes place and is not detected before it is launched, we lost. We address this challenge by not accepting any dwell time scenarios. Detection and response are done in realtime. SentinelOne’s patented technology links all behaviours and indexes all activities into a storyline on the agent, in real-time. Our analysts can hunt faster, focusing on what matters, instead of wasting time looking for the needle in the stack. Malicious attempts are prevented in real-time, reducing overall risk and alert fatigue all too common with other EDR products. Are there any emerging trends in endpoint security of which CISOs should be aware? Technology is becoming more and more disruptive and, as Digital Transformation continues its march, more and more trends will emerge – especially concerning endpoint security. We believe that further adoption of AI will continue and will impact the security sector in various ways. AI already surrounds us everywhere we go, from Alexa to Google Home, Nest to smart speakers – you’d struggle to find a home that hasn’t incorporated some form of AI. Beyond our devices, AI recommendation engines are allowing for highly targeted (and creepily precise) advertisements across the web and social media. Machine Learning and other additions are also making AI even more intelligent. This allows AI to monitor anomalies, perform classification on gathered data and predict if a user is about to quit a service, for example. But with more capabilities comes more code and with more code comes more bugs. Coupled with the fact that AI is a new technology, which as a rule makes it inherently less secure, it’s easy to see why cybercriminals are taking advantage of this problematic new tool. AI shows no signs of slowing down; it’s effective and addictive, which is why we have adopted it with open arms. Clearly, there’s no going back now. As defenders, our next step has to be building the tools, security models and processes to combat the wave of deep fakes and beyond, securing a bright future with AI by our side, not against us. What advice would you give to organisations to ensure they have a comprehensive endpoint security strategy in place? Stopping the attack from happening is just part of the solution, a lot of malicious files can sit in your system for days and months and continue exploiting your data even after a breach is mitigated. It is more important than anything to secure your devices and not allow any active attacks. In the absolute worst-case scenario, our last reserve is the rollback function that we offer to our customers. If your system doesn’t have the ‘pre-attack state’ back up, your endpoint cybersecurity infrastructure is as good as non-existent. • 38