How AI can close gaps in cybersecurity tech stacks

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!


Gaps in cybersecurity tech stacks, especially in endpoint security and patch management, are increasingly leaving enterprises vulnerable to attacks. CISOs are focusing on how to drive new digital revenue strategies while reducing risk and protecting virtual workforces amidst the various threats. 

From cybercriminal gangs trying to recruit AI engineers, to state-funded Advanced Persistent Threat (APT) networks capable of simultaneously launching attacks across multiple attack vectors, cybercriminals are getting smarter all the time. Studies of job ads on the dark web show that those who know how to breach web services, have AI-based hacking skills and can capture privileged access credentials are the most in-demand. 

Keeping the balance of power in check with AI 

Machine endpoints are proliferating at twice the pace of human ones and new digital revenue strategies enterprises have are expected to deliver double-digit growth in 18 months. Virtual workforces to support new digital revenue growth need new security tools that are intuitive and easy to use. CISOs are balancing these demands with the need for real-time risk management insights and improving user experiences on their applications. Solving these challenges and maintaining a balance of power against threats and risks requires data-driven AI and machine learning technologies that deliver at scale.  

AI and machine learning effectively automate tasks IT and cybersecurity departments don’t have time to get to. A few are automated endpoint security, patch management and improving supply chain security, visibility and control with the industrial internet of things (IIoT). Enterprises proactively employ and prioritize zero-trust security, starting with identity access management (IAM), privileged access management (PAM), microsegmentation and endpoint security, then struggle to keep up with endpoints and patch management. 

Using AI and machine learning brings greater intelligence to endpoint and patch management and improves risk-based vulnerability assessments. Cybersecurity providers’ sales partners are also helping to close gaps in tech stacks by providing their expertise and insights.  

Closing tech stack gaps

There are five strategies cybersecurity vendors should rely on to help their enterprise customers close widening gaps in their security tech stacks. Based on conversations with endpoint security, IAM, PAM, patch management and remote browser isolation (RBI) providers and their partners, these strategies are beginning to emerge in a dominate way among the cybersecurity landscape.  

Fast-tracking endpoint, ransomware and risk management roadmaps

Cybersecurity vendors are accelerating their launch plans in three core areas today. Endpoint security is still one of the most elusive problems for a security team to fix and it’s typical for organizations not to know where up to 40% of their endpoints are. Broadcom, CrowdStrike, McAfee and Microsoft lead the endpoint security market and each has implied in earnings and briefings that they are accelerating their roadmaps. 

An analysis of Ivanti’s roadmap reflects how vendors are moving applications up and creating larger releases faster. Ivanti released five modules on its Neurons platform, a significant accomplishment for its DevOps, engineering and product management teams. Ivanti told VentureBeat that  Ivanti Neurons Patch for MEM (Microsoft Endpoint Manager) is highly demanded by enterprises who want to automate patch management and extend Intune implementations to include third-party application update capabilities. 

Cybersecurity vendors are fast-tracking their roadmaps to improve endpoint management including IIoT sensors, Risk-Based Vulnerability Management (RBVM) and customer experiences to help enterprises close the growing gaps in their tech stacks today

Land & expand selling of zero trust with partners is a high priority. 

Cybersecurity vendors tell VentureBeat that one of the primary factors accelerating their roadmaps is reseller and partners’ demand for new cloud services to support high margin sales. On the last earnings call, George Kurtz, president, CEO and cofounder of CrowdStrike said that channel sales are core to the company.  

Further validating its high priority to rely on partners to land, expand and provide zero trust solutions through the channel, Ivanti announced Dennis Kozak had joined them today as Chief Operating Officer (COO). Dennis will oversee Ivanti marketing, global sales, customer experience and operations as COO. Mr. Kozak is a long-time channel veteran, having spent 23 years with CA Technologies, where he led organizations such as global sales, global channel sales and strategy, sales operations and global transformation to deliver a next-generation portfolio strategy. He was most recently head of global channels at Avaya, which drove approximately 70% of their total revenue.  

Mr. Kozak told VentureBeat during an interview that his goals include turning channel sales into a force multiplier of growth for Ivanti by capitalizing on the five acquisitions made over the past 16 months. Additionally, Mr. Kozak explained in an interview with VentureBeat that bringing together all acquisitions into a unified go-to-market and channel strategy is the goal. 

Quantifying risk is table stakes

Enterprises need better tools to assess risks and vulnerabilities to identify and close gaps in tech stacks. As a result, there’s a growing interest in using Risk-Based Vulnerability Management (RBVM) that can scale across cloud, mobile IoT and IIoT devices today. Endpoint Detection & Response (EDR) vendors are moving into RBVM with vulnerability assessment tools. Leading vendors include CODA Footprint, CyCognito, Recorded Future, Qualys and others. Ivanti’s acquisition of RiskSense delivered its first product this month, Ivanti Neurons for Risk-Based Vulnerability Management (RBVM). What’s noteworthy about Ivanti’s release is that it is the first RBVM system that relies on a state engine to measure, prioritize and control cybersecurity risks to protect enterprises against ransomware and advanced cyber threats. Ivanti also developed proprietary Vulnerability Risk Ratings (VRR) that quantify adversarial risk so enterprises can identify and thwart risks before breaches occur.  

Ivanti’s approach to Risk-Based Vulnerability Management combines machine learning models from RiskSense and the Ivanti Neurons platform to create a single, unified view of known vulnerabilities. 

Doubling down on endpoint security as a core product strategy

Fast-tracking endpoint security applications and platforms are also helping to close the gaps in tech stacks today. All leading cybersecurity vendors either have announced or will shortly announce self-healing endpoints. A recent Tanium survey found that only 29% of security teams are confident the patches they’re installing will stop a breach. Absolute’s 2021 Endpoint Risk Report found 12.9 mission-critical applications per enterprise device, 11.7 of which are security controls. Absolute’s report found that the greater the endpoint complexity, the greater the risk of applications conflicting, colliding and canceling, leaving endpoints less secure. 

Ivanti’s recent survey on patch management found that 71% of IT and security professionals found patching to be overly complex and time-consuming and 53% said that organizing and prioritizing critical vulnerabilities takes up most of their time. Ivanti’s launch last week of their Neurons Patch for MEM reflects the future of AI-based patch intelligence for endpoint security by relying on AI-based bots to identify which patches most need updating. Additional vendors providing AI-based endpoint protection include Broadcom, CrowdStrike, SentinelOne, McAfee, Sophos,  Trend Micro, VMWare Carbon Black,  Cybereason, etc. 

Digital experiences need to drive greater productivity

Improving how intuitive any security application is to use increases productivity and reduces risks. Enterprise applications are known for being a challenge to use, however. Apple, known for its intuitive designs, relies on metrics and analytics combined with design principles to streamline each new application and system. No standard comes close to Apple’s success in this area in enterprise software. 

It’s encouraging to see cybersecurity vendors take on the challenge of using AI to improve user experience. Ivanti launched their Digital Experience Score within Ivanti Neurons Workspace last week. CIOs’ most common request from users is to improve application usability to drive greater security productivity and operational agility. Ivanti’s Digital Experience Score provides a 360-degree view and real-time insights into the devices, operating systems, networks and applications employees rely on in their virtual workspace. 

Ivanti claims it gets organizations out of using ticket counts as a proxy for employee experience, as closing tickets alone is not the service-level agreement (SLA) that needs to be measured; rather, organizations need to quantify how effective IT and digital experiences (XLAs) are and seek new ways to improve them. Machine Learning algorithms to produce a combined metric of holistic the users’ digital experience. 

Calculating and using AI to identify ways to improve Digital Experience Scores is the future of enterprise software and cybersecurity applications specifically. 

Quantifying risks 

The severity, speed and sophistication of cyberattacks are increasing quickly. CIOs and CISOs know they need to rely on more advanced technologies, including AI and machine learning, to keep on top of split-second attacks that can take down their networks. With cybercrime gangs recruiting AI engineers out of school and state-sponsored cyberattacks becoming more common, AI and machine learning’s potential to thwart breach attempts and sophisticated attacks is becoming more proven.

Cybersecurity vendors accelerate their product roadmaps with hardened, more data-driven applications, while AI platform players are looking to land and expand in partner strategies. Quantifying risks is now table stakes and every cybersecurity vendor in the endpoint security or adjacent markets is introducing self-healing endpoints. Cybersecurity tech stacks need AI to identify how best to thwart advanced attacks today and in the future.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.

Gartner lists seven cybersecurity trends for 2022

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – August 3. Join AI and data leaders for insightful talks and exciting networking opportunities. Learn more about Transform 2022


CISOs’ roles need to transition from technologists who prevent breaches to corporate strategists managing cyber risks. Unfortunately, slowing down CISOs’ career growth are security tech stacks that aren’t designed for new digital transformation, virtualization and hybrid cloud initiatives in their companies. Gartner’s recently published top security and risk management trends for 2022 report explains where the most vulnerable security stack gaps are.

The seven trends also help to explain the many challenges CISOs face when transitioning their careers and cybersecurity spending away from tactics and into strategic roles. Implicit in these trends is the urgent need to treat cybersecurity as a business decision. Taken together from the standpoint of enterprises focused on new digital initiatives, the seven trends show clearly that cybersecurity needs to be a business enabler first. The two trending proof points of cybersecurity’s business value are decentralized decision-making and faster response times to business challenges.

Responding to threats is what enterprises and their CISOs need the most help with today. As a result, Gartner chose to organize their trends and assign most of them to threat response. That’s a clear indication that their enterprise clients are focused on this area and looking for guidance. Attack Surface Expansion, Identity Threat Detection and Response and Digital Supply Chain Risk are the three trends Gartner sees as most important for threat response. 

Rethinking Technology is the second strategic trend, including Vendor Consolidation and Cybersecurity Mesh. The third strategic trend is Reframing The Cybersecurity Practice. Gartner adds Distribution Decisions and Beyond Awareness to this group.

Taken together, Gartner’s trends create a high-level cybersecurity roadmap that any enterprise can follow. Best of all, it starts out closing the gaps in existing security tech stacks at their most vulnerable breakpoints. These include identity access management (IAM), privileged access management (PAM) and reducing threats to digital supply chains. 

Translating the seven trends into a strategic roadmap yield the following:

Roadmap phase 1: Responding to threats

  • Attack surface expansion 
  • Identity threat detection and response 
  • Digital supply chain risk 

Roadmap phase 2: Rethinking technology

  • Vendor consolidation 
  • Cybersecurity mesh 

Roadmap phase 3: Reframing practice 

  • Distributing decisions 
  • Beyond awareness 

What the trends mean for CISOs 

The more adept a security stack becomes at managing risk and supporting new business, the greater the potential career growth for CISOs. But unfortunately, legacy systems don’t just hold enterprises back from growing, and they hold careers back too. Today, speed and time-to-market are getting compressed on all digital business initiatives and new ventures. That’s the catalyst driving the urgency behind the seven trends. 

The trends mean the following to CISOs today:

  • Decentralized cybersecurity is an asset. Getting away from centralized cybersecurity and adopting a more decentralized organization and supporting tech stack increases an organization’s speed, responsiveness and adaptability to new business ventures. Centralized cybersecurity is a bottleneck that limits the progress of new initiatives and limits the careers of those managing them, most often CISOs.
  • Cybersecurity needs extreme ownership. The hardest part of any CISO’s job is getting the thousands of employees in their organizations to follow cybersecurity hygiene. Authoritarian approaches and continual virtual learning programs are limited in effectiveness, evidenced by the record ransomware breaches in 2021 and continuing this year. CISOs need to take on change management to create extreme ownership of outcomes by employees. Finding new ways to reward ownership for cybersecurity and good security hygiene are key. The best-selling book, Extreme Ownership, is an excellent read and one that CISOs and their teams need to consider reading this year when it comes to leadership and change management.  
  • Attack surfaces are just getting started. It’s a safe bet that the number, complexity and challenges of managing multiple threat surfaces are only going to grow. CISOs and their teams need to anticipate it and secure their digital supply chains, especially in their core DevOps process areas. Getting IAM and PAM right is also essential, as the trend Identity Threat Detection and Response explains. 

CISOs: find new ways to add value 

Getting bogged down with security tactics puts enterprises and careers at risk. Instead, concentrate on making cyber-risk a business and organizational risk first. Only then can CISOs transition their organization to be more of an enabler and accelerator of new products and not a roadblock to new revenue. Most important is for CISOs to look at the trends through the lens of how they can build stronger relationships outside of IT. Starting with other C-level executives, board members with a specific focus on the CRO and CMO are key. The two executives who are the most responsible for revenue also make the riskiest decisions for an enterprise. Seeing how cybersecurity can manage risk is a great way to grow a business and a career.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.

How Ivanti hopes to redefine cybersecurity with AI

Join today’s leading executives online at the Data Summit on March 9th. Register here.


Widening gaps in cybersecurity tech stacks are leaving enterprises vulnerable to debilitating attacks. Making matters worse, there are often conflicting endpoints, patch management and patch intelligence systems that partially support a small subset of all devices. CISOs tell VentureBeat that gaps in their cybersecurity tech stacks are getting wider because their legacy systems can’t integrate across unified endpoint management (UEM), asset management, IT Service Management (ITSM) and cost management data available in real time to optimize cybersecurity deterrence strategies and spending.

AI is core To Ivanti’s enterprise vision 

Ivanti’s quickness in using AI and machine learning to take on these challenges is noteworthy. In the span of fewer than eighteen months, they’ve delivered their AI-based Ivanti Neurons platform to enterprise customers and continued to innovate it. The company first introduced the Ivanti Neurons platform in July 2020, empowering organizations to autonomously self-heal and self-secure devices and self-service end users. 

Since then, Ivanti has released updates and added innovations to the platform on a quarterly basis to further help customers quickly and securely embrace the future of work. For example, Ivanti recently released Ivanti Neurons for Zero Trust Access, the first AI-based solution to support organizations fine-tuning their zero trust frameworks. The company also introduced Ivanti Neurons for Patch Management, a cloud-native solution that enables IT teams to efficiently prioritize and remediate the vulnerabilities that pose the most danger to their organizations.

In the same period, Ivanti acquired MobileIron, Pulse Secure, Cherwell, RiskSense, and the Industrial Internet of Things (IIoT) platform owned by the WIIO Group. Their total addressable market has doubled due to these acquisitions, reaching $30 billion this year, growing to $60 billion by 2025. Ivanti has 45,000 customers, providing cybersecurity systems and platforms for 96 of the Fortune 100. 

Ivanti is successfully scaling its AI-based Neurons platform across multiple gaps in enterprises’ cybersecurity tech stacks. VentureBeat recently spoke with Ivanti’s CEO, Jeff Abbott, and president and chief product officer Nayaki Nayyar to gain further insight on Ivanti’s growth and success . The company’s executives detailed  how Ivanti’s approach to integrating AI and machine learning into its Neurons platform will help its customers anticipate, deter and learn from a wide variety of cyberattacks

The Ivanti Neurons platform relies on AI and machine learning to deliver contextual intelligence across the three core areas of self-service, self-security, and self-healing, anticipating and alleviating potential disruptions before they occur.

VentureBeat: Why do new customers choose an AI-based solution like Ivanti Neurons over the competing, substitute solutions in the market? 

Jeff Abbott: We’re looking to AI, machine learning, and related technologies to create a richer experience for our customers while continually delivering innovative and valuable new capabilities. We’re leveraging AI & machine learning bot technology to solve common challenges that our customers are facing. The example I like is discovery. The process of understanding what’s on a network. I talk to customers all the time, and one that comes to mind is a superintendent of a school district who said, “Every six months we send out teams to go to all the various locations of various schools and see what’s on the network physically or we run protocols on site. Now with your bot technology, we can do that on a nightly basis and discover what’s there.” That’s an example of how our unified platform increases visibility for our customers, while continually staying on top of security standards.

It’s fascinating to consider all the opportunities the metadata from UEM, IT service management (ITSM) / IT asset management (ITAM), and cost management systems provide. Having the metadata from all three systems on a single pane of glass becomes very interesting to what we can tell customers about their operations down to the device level. Creating a data lake based on the metadata becomes a powerful tool. Having a broad base of contextual data to analyze with the Ivanti Neurons platform enables us to gain a new understanding of what’s happening. We’re relying on AI and machine learning in the context of the Ivanti Neurons platform to scale from providing basic information up to contextually intelligent insights our customers can use to grow their businesses.  

Nayaki Nayyar: I was in the oil and gas industry for 15 years, working with Shell and Valero Energy for many years. So, I’ve lived in the customer’s shoes and can empathize with three big problems they’re facing today, regardless of the industry they are in

The first is the explosive growth of edge devices, including mobile devices, laptops, desktops, wearables and, to some extent, IoT devices. That’s a big challenge that everyone has to address. Then the second problem is ransomware. Not a single day goes by without a ransomware attack. And the third is how to provide a great customer experience that equals the quality of everyday consumer experiences. Solving how to bring a consumer-grade experience into an enterprise context is an area we’re prioritizing today. 

Our goal is to automate tasks beneath the user experience layer of our applications, so our customers don’t have to worry about them; let AI, machine learning, and deep learning capabilities heal endpoints, using intelligent bots for endpoint discovery, self-healing, asset management and more. Our goal is to provide customers with an experience where the routine tasks are managed autonomously, so they don’t have to. The Ivanti Neurons platform is designed to take on these challenges and more. 

VentureBeat: How are you fine-tuning your algorithms to fight ransomware so that your customers don’t have to become data scientists or consider recruiting a data scientist?

Nayaki Nayyar: I will highlight two distinct AI capabilities that we have to address your exact question on preventing ransomware.  We have what we call Ivanti Neurons for Edge Intelligence, which provides a 360-degree view of all the devices across a network, and using NLP, we’ve designed the platform so it’s flexible enough to respond to questions and queries. An example would be, “How many devices on my network are not patched correctly or have not been patched for these specific vulnerabilities?” The Ivanti Neurons platform will automatically respond to simple text-based and keyword searches. So, our customers can ask a question using natural language, and the system will respond to it.

We’ve also developed deep expertise in text ranking. We mine data from various social channels, including Twitter, Reddit, and publicly available sources. We then do sentiment analysis on various Common Vulnerabilities and Exposures (CVEs) that are trending and sentiment analysis on the patches. Then we provide those insights in Ivanti Neurons for Patch Intelligence. Using NLP, sentiment analysis, and AI, Ivanti Neurons for Patch Intelligence provides our customers’ administrators with the insights they need to prioritize which CVEs have the highest risks for their organization and then remediate those issues immediately. That doesn’t require data scientists to be employed by our customers. All of that is being embedded into our stack, and we make it simple for customers to consume it.

Jeff Abbott: We’re also constantly doing research on ransomware and vulnerabilities. In fact, we just released our Ransomware Spotlight Year-End Report. The analysis shows that the bad actors target organizations that are not keeping up with CVEs.

Not keeping up with zero-day vulnerabilities and defining a plan for addressing them can make any organization a gazelle in the middle of the field. So, as Nayaki said, we’re providing patch intelligence to help our customers prioritize which vulnerabilities are most important to address first. One of the factors that led to us acquiring RiskSense is their extensive data set on detection. We’re using the data to provide forward intelligence on the open vulnerabilities and help our customers anticipate and fix them quickly. We’re seeing that our mid-tier and SMB accounts need patch intelligence as much as our enterprise customers.

VentureBeat: How does AI deliver measurable value for customers? How do you quantify that and know you are meeting expectations with customers, that you’re delivering value?

Nayaki Nayyar:  For many years, solving security, IT or asset issues was a reactive process. Every customer called or filed a ticket right after the issue happened, reporting the issue. The ticket was created, then it was routed to the right service desk agent to solve it. But that took too much time, possibly ten days later or even a month later, before the ticket was resolved.

The Ivanti Neurons platform is designed to detect security, IT, asset, endpoint, or discovery issues before the end-user knows that issue will happen. Our bots are also designed to be self-healing and they can detect whether it’s a configuration drift that has happened on a device, or whether it is a security anomaly or a performance issue. Bots automatically heal those issues, so end users don’t even have to create a ticket and route the ticket to get a resolution.

If we can help customers reduce the number of issues by 30% or more before end users even create tickets, then that represents a massive cost saving. Not to mention the speed and accuracy at which those services are provided. 

VentureBeat: Which customer needs are the most urgent and best met by expanding the AI capabilities of your Ivanti Neurons platform?

Nayaki Nayyar: Today, discovering unknown assets or endpoints is an urgent, high-priority requirement. The greatest challenge is blind-spot detection within an organization. We’ve architected Ivanti Neurons to detect blind spots across enterprise networks. Our customers are using Neurons to identify assets regardless of their locations, whether they are in data centers, cloud assets, endpoints, or IoT assets.

Discovery is most often step one for our customers on the Ivanti Neurons platform because it helps them turn their unknown assets into known assets immediately. They don’t need to remediate and self-heal devices right away; that can come later in the asset cycle. Ivanti Neurons for Discovery are a critically important solution that customers get immediate benefit from and then can expand upon.

Most customers have what we call a Frankenstein’s mess of tools and technologies to manage their devices By combining our Neurons platform with the technologies from our recently acquired companies, we’re now providing a single pane of glass, so an analyst can log in, see what device types are on the network, and manage any endpoint security or asset management problems right from there.

Jeff Abbott: Patching is overly complex and time-consuming, and that’s a huge problem our customers also face. Ivanti Neurons for Patch Management and Patch Intelligence help solve those challenges for our customers. We’re focused on improving user experiences to make AI and NLP-based patch management and intelligence less intimidating. Our focus is specifically on helping our customers keep up with the latest zero-day vulnerabilities and CVEs that could impact them. We focus on solving the biggest risk areas first using Ivanti Neurons, alleviating the time-consuming work our customers would otherwise have to go through.

VentureBeat: What are the Ivanti Neurons platform’s top three design goals, and how do you benchmark success for those?

Jeff Abbott: Our primary goals are for the Ivanti Neurons platform to discover devices, and then self-heal and self-secure themselves using AI-based workflows and technologies. Our internal research shows that customers using Neurons are experiencing over 50% reductions in support call times. They’re also eliminating duplicate work between IT operations and security teams and reducing the number of vulnerable devices by 50%. These stats are all from customer surveys and anonymized actual results. Ivanti Neurons is also contributing to reducing unplanned outages by 63%.

Nayaki Nayyar:  Adding to what Jeff said, the entire architecture is container-based. We leverage containers that are cloud-agnostic, meaning we can deploy them anywhere. So, one goal is not just to deploy to the cloud, but also to drop these containers on the edge in the future so that we can process those workloads at the edge, closer to where the data is getting generated.

The platform is also all API-based, so the integration we do within the stack is all based on APIs,  This means that our customers don’t need to have the entire stack. They can start anywhere and evolve at their own pace. They can start in the security space in patch management and move from there. Or they can start in service management or discovery. They can start anywhere and evolve everywhere. And we also recognize that they don’t need to have just Ivanti’s entire stack. They can be using two or three pillars from us and other systems and platforms from other vendors. 

VentureBeat: Do you see customers moving to an AI-based platform to scale zero trust initiatives further out?

Nayaki Nayyar: Yes, we have a large manufacturing customer who was evolving from VPN-based access into zero trust. This is a big paradigm shift. With VPN-based access, you’re pretty much giving users access to everything, whereas, with a zero-trust approach, you’re continuously validating and authenticating every application access. As the customer was switching to zero trust, their employees were running into many “access denied” issues. The volume of tickets coming into the service deck spiked by 500%.

The manufacturing customer started using Ivanti Neurons with AI and ML-based bots to detect what kind of access issues users were having and self-heal those issues based on the right amount of access. The ticket volume immediately went down. So, it was a great example of customers evolving beyond VPN to zero trust access; our technology can help customers advance zero-trust and solve access challenges. 

VentureBeat: What additional verticals are you looking at beyond healthcare? For example, will there be an Ivanti Neurons for Supply Chain Management, given how many constraints they have become in the last year to eighteen months, for example? 

Nayaki Nayyar: I’m extremely passionate about IoT and what’s happening with edge devices today.  The transformation that we see at the edge is phenomenal. We’re designing support for edge devices into the Ivanti Neurons platform today, giving our customers the flexibility of managing IoT assets.

Healthcare is one of the verticals where we have gone deep into discovering and managing our customers’ many healthcare devices, especially those you see in a hospital setting like Kaiser.

Manufacturing facilities or shop floor is another area we are exploring. Our customers have different types of ruggedized IoT devices that we can apply the same principles of discovering, managing, and providing security to the IoT assets on the shop floor. In the future, we also plan on extending into the telco space. We have large telcos as customers, and they’ve been asking us to go more and more into the telco IoT world.

Our telco customers also tell us they would like to see greater support for ruggedized devices their field technicians use out in the field. Retailers are also expressing an interest in supporting ruggedized devices, which is an area we’re exploring today. 

Jeff Abbott: The public sector comprising federal, state, and local have unique requirements, of which Nayaki and I have had several conversations about. Many capabilities for vertical markets are still very horizontal. We’re seeing that as organizations discover the nuances of their use of edge computing and edge technology, more specialized vertical market requirements will become more dominant. I think we’re covering 90% or more of the security requirements now. That’s especially the case in discovery, patch management, and patch intelligence. 

VentureBeat: How do you integrate an AI-based platform into a legacy system tech stack or infrastructure? What are the most valuable technologies for accomplishing that, for example, APIs? 

Nayaki Nayyar:  We have a pretty strong connector base with existing systems. I won’t call them a legacy. We need to coexist with existing systems, as many have been installed for 10 to 15 years at a minimum in many organizations. To accomplish this, we have 300 or more connectors out of the box that can be leveraged by our customers, resellers, and partners. We’re committed to continually strengthening our ecosystem of partners to provide customers with the options they need for their unique integration requirements.   

VentureBeat: Could you share the top three lessons Ivanti has learned, designing intuitive user experiences to guide users using AI-based applications?

Jeff Abbott:  I think the most important lesson learned is to provide every customer, from SMBs to enterprises, data-driven insights that validate AI is performing appropriately. Ensuring that self-healing, self-servicing, and all supporting aspects of Ivanti Neurons protect customers’ assets while also contributing to more efficient ITSM performances.

When it comes to preventing ransomware attacks, the key is to always provide users with the option of performing an intuitive double-check. One day your organization could be very healthy. But, on the other hand, you may not be paying attention to the intuitive signals from AI, which could lead to the organization falling victim to an attack. Taking an active position on security, which includes knowing your organization’s tools and understanding what they can achieve, is important. 

Nayaki Nayyar: User experiences require a three-prong approach. Start by concentrating first with humans in the loop, recognizing the unique need for contextual intelligence. Next, add the need for augmented AI, and then the last level of maturity is humans out of the loop.

For customers, this translates into taking the three layers of maturity and identifying how and where user experience designs deliver more contextual intelligence. The goal with Ivanti Neurons is to remove as many extraneous interactions with users as possible, saving their time only for the most unique, complex decision trade-offs that need to be made. Our goal is to streamline routine processes, anticipate potential endpoint security, patch management, and ITSM-related tasks, and handle them before a user sees their impact on productivity and getting work done.  

VentureBeat: With machine learning models so dependent on repetitive learning, how did you design the Ivanti Neurons platform and related AI applications to continually learn from data without requiring customers to have data scientists on staff?

Nayaki Nayyar: We’re focused on making Ivanti Neurons as accessible as possible to every user. We’ve created an Employee Experience Score, a methodology to identify how effective our customers’ experiences are on our platform to achieve that. Using that data, we can tell which application workflows need the most work to further improve usability and user experiences and which ones are doing so well that we can use them as models for future development.

We’re finding this approach to be very effective in quantifying [whether] we’re meeting expectations or not by individual, employee, division, department, and persona. This approach immediately gets organizations out of using ticket counts as a proxy for user experience. Closing tickets alone is not the SLA that needs to be measured alone. It’s more important to quantify the entire experience and seek new ways to improve it. 

VentureBeat: How do you evaluate potential acquisitions, given how your product and services strategy moves in an AI-centric direction? What matters most in potential acquisitions?

Jeff Abbott: We’re prioritizing smaller acquisitions that deliver high levels of differentiation via their unique technologies first, followed by their potential contributions to our total addressable markets. We’re considering potential acquisitions that could strengthen our vertical tech stack in key markets. We’re also getting good feedback directly from customers and our partners on where we should look for new acquisitions. But I’d like to be clear that it’s not just acquisitions. 

We also have very interesting partnerships forming across industries, focusing on telco carriers globally. Some of the large hardware providers have also proposed interesting joint go-to-market strategies, which we think will be groundbreaking with the platform. We’re also looking at partnerships that create network effects across our partnership and customer base. That’s what we’re after in our partnership strategy, especially regarding the interest we’re seeing on the part of large telco providers today. So, we’re going to be selective. We will go after those that put us in a differentiation category. The good news is that many nice innovative companies are getting into that level of maturity.

Where we can partner or acquire them, we’re focused on not disrupting the trajectory they’re on. It creates a much bigger investment portfolio to continue to advance those solutions.

Nayaki Nayyar: We’re very deliberate in what acquisitions we do for two primary reasons. One is to strengthen the markets that we play in. We compete in three markets today, and our recent acquisitions strengthen our position in each. Our goal is to be among the top two or top three in each market we’re competing in. An integral part of our acquisition strategy is looking at how a potential acquisition can increase our entire addressable market and gain access to adjacent markets that we can start to grow in. 

We are in three markets: UEM, security, and service management. As we’re converging these three pillars into our Ivanti Neurons platform, we are evolving into adjacent markets like DEX (Digital Experience Management)  So far, our approach of relying on acquisitions to strengthen our core three markets is working well for us. To Jeff’s point, strengthening what we have to further to be a top vendor in these markets is working, delivering strong, differentiated value to our customers.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More

Cybersecurity’s challenge for 2022 is defeating weaponized ransomware

Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream.


Ransomware attack strategists continue to target zero-day vulnerabilities, execute supply chain attacks, fine-tune vulnerability chaining, and search for vulnerabilities in end-of-life products to improve the odds their ransomware attacks will succeed. Ivanti’s Ransomware Spotlight Year End Report illustrates why ransomware became the fastest-growing cyberattack strategy in 2021 and into 2022. There’s been a 29% growth in ransomware vulnerabilities in just a year, growing from 223 to 288 common vulnerabilities and exposures (CVEs).  

Last year, SonicWall recorded a 148% surge in global ransomware attacks (up to 495 million), making 2021 the worst year the company has ever recorded. The company also predicted 714 million attempted ransomware attacks by the close of 2021, a 134% increase over last year’s totals. Organizations pay an average of $220,298 and suffer 23 days of downtime following a ransomware attack, further damaging their businesses, brands, and customer relationships. 

Weaponized ransomware is growing 

Cybercriminal, ransomware, and advanced persistent threat (APT) groups are fast-tracking their efforts to weaponize ransomware and simultaneously take down entire supply chains using vulnerability chaining. Seven new APT groups are using ransomware vulnerabilities to mount attacks this year, meaning there’s now a total of 40 APT groups around the globe using ransomware..

New ransomware families created in the last year are being designed to scale ransomware-as-a-service, exploit-as-a-service, Dropper-as-a-service, and Trojan-as-a-service platforms. Platform-based approaches to providing ransomware as a service are among the fastest-growing ransomware gangs development areas.

Ivanti’s ransomware research uncovered 125 ransomware families between 2018–2020, including 32 new families in 2021, a 25.6% increase in the overall family count. With 157 ransomware families exploiting 288 vulnerabilities, ransomware attackers are prioritizing weaponization. Exploit codes are built to take advantage of a vulnerability and define a vulnerability as weaponized. The study found that public exploit codes are available for 57% (164) of ransomware vulnerabilities. Of these, 109 vulnerabilities can be exploited remotely (Remote Code Execution). The exploit vulnerabilities also include 23 vulnerabilities capable of privilege escalation, 13 vulnerabilities that can lead to denial-of-service attacks, and 40 vulnerabilities capable of exploiting web applications. 

Remote Code Execution (RCE)-based ransomware is the fastest-growing type of weaponized ransomware today.

Remote vulnerabilities are especially prevalent in soft targets – a favorite of cybercriminals, ransomware, and ABT gangs. Last year’s attacks on health care providers, oil and gas supply chains, food distributors and their supply chains, pharmacy, colleges, universities, and schools underscore how prevalent this strategy is. These critical sectors are known for not having the cybersecurity funding or expertise on staff to provide advanced threat detection and deterrence, and often have systems that are a year behind or more on patches.  

Procrastinating about patching invites ransomware

Endpoints that have conflicting agents or are down-rev on patches are just as vulnerable as an endpoint with no security at all. The Ivanti study found that unpatched vulnerabilities were the most prominent attack vectors exploited by ransomware groups in 2021. There are 223 vulnerabilities associated with ransomware in 2020, growing 29% in 2021, taking the total vulnerability count to 288 CVEs. Over 30% of these 65 newly added vulnerabilities are actively searched for on the internet, emphasizing prioritizing and addressing these vulnerabilities.

Organizations aren’t staying current on patch management, leaving their endpoints open for increasingly sophisticated, nuanced ransomware attacks. Of the current 288 ransomware CVEs, the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Homeland Security (DHS), the FBI, the National Security Agency (NSA), and other security agencies have put out multiple warnings for 66 of them. Their warnings communicate the urgency of prioritizing patches for vulnerabilities immediately. CISA also recently released a binding directive that forces the hand of public sector companies to patch a specific list of vulnerabilities, complete with strict deadlines. This list alone defines 20% of the 288 ransomware vulnerabilities.

Prioritizing patches based on the Common Vulnerability Scoring System (CVSS) doesn’t cover 73.61% of potential ransomware vulnerabilities – 49% of which are trending in ransomware groups. When Ivanti analyzed the 288 ransomware vulnerabilities from the perspective of the CVSS, they found that 26.73% belong to the critical category and 30.9% belong to the high severity category. They also found that 10% of the vulnerabilities had a medium severity rating, and one vulnerability had a low score.

“Organizations need to be extra vigilant and patch weaponized vulnerabilities without delays. This requires leveraging a combination of risk-based vulnerability prioritization and automated patch intelligence to identify and prioritize vulnerability weaknesses and then accelerate remediation,” Srinivas Mukkamala, senior vice president of security products at Ivanti, told VentureBeat. 

Risk-based vulnerability strategies need to look beyond NVD CVSS score analysis alone to get a complete, systemic view of ransomware vulnerabilities organizations are facing today.

The ransomware arms race

The arms race in ransomware is escalating into weaponized payloads, more nuanced approaches to vulnerability chaining, and opportunistic ransomware gangs creating as-a-service programs. Cybersecurity vendors and the organizations they serve need to challenge battling weaponized ransomware with a more effective approach to patch management first, followed by knowing with certainty the state of every endpoint. 

Unfortunately, this is a favored tactic that ransomware gangs use to research long-standing CVEs and find unpatched vulnerabilities to exploit. For example, the Cring ransomware quietly capitalized on two vulnerabilities, CVE-2009-3960 and CVE-2010-2861, in Adobe ColdFusion 9, which was left untouched since 2016 when it was tagged as “end of life.” The group exploited CVE-2010-2861 to enter into the server of a services-based company and used CVE-2009-3960 to upload web shells, Cobalt Strike’s Beacon payloads, and, finally, the ransomware payload.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More

5 ways AI and ML will improve cybersecurity in 2022

Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream.


Cyberattacks are happening faster, targeting multiple threat surfaces simultaneously using a broad range of techniques to evade detection and access valuable data. A favorite attack strategy of bad actors is to use various social engineering, phishing, ransomware, and malware techniques to gain privileged access credentials to bypass Identity Access Management (IAM) and Privileged Access Management (PAM) systems.

Once in a corporate network, bad actors move laterally across an organization, searching for the most valuable data to exfiltrate, sell, or use to impersonate senior executives. IBM found that it takes an average of 287 days to identify and contain a data breach, at an average cost of $3.61M in a hybrid cloud environment. And when ransomware is the attack strategy, the average cost of a data breach skyrockets to $4.62M.

Using AI to anticipate and lure attacks

A perfect use case for AI and machine learning (ML) is deciphering the millions of concurrent data connections a typical enterprise has with the outside world at any given minute. Training supervised machine learning algorithms with data streams helps them identify potential anomalies, even before the algorithm understands what the definition of an anomaly is, according to Boston Consulting Group.

Using AI and ML to lure attackers into simulated environments to analyze their attack strategies, components, and code needs to start at the transaction level. Transaction fraud detection is one of five core areas where AI and ML can improve cybersecurity this year. Additionally, malware detection and user & machine behavioral analysis are among the top five use cases delivering the most value based on their use of AI and ML this year.

Another report by Boston Consulting Group’ compares AI use cases in cybersecurity, comparing complexity and benefits. Cybersecurity vendors whose platforms are in the “high benefits, high complexity” quadrant are the best equipped to use AI and ML to lure attackers into simulated honeypots and reverse engineer their payloads, often down the executable file level.

Above: AI’s contributions to cybersecurity are differentiated by Operational Technology (OT), IoT, and IT use cases, with each sharing the same attribute of using machine learning to identify anomalies in transaction and operations data then assign risk scores.

Image Credit: Capgemini Research Institute

How AI will improve cybersecurity in 2022

CISOs tell VentureBeat that the AI and ML use cases in which they see the greatest payoff are pragmatic and driven by the need to reduce the overwhelming workload their analysts face daily. While the apps and platforms each have advanced analytics and detailed modeling, the full feature set rarely gets used. Enterprises see AI and ML cybersecurity-based systems as relief for their overwhelmed staff. Fifty-six percent of executives say their cybersecurity analysts are overwhelmed, according to BCG. When CISOs take a more pragmatic view of AI and ML’s potential contributions to their operations, they often focus on better protecting machine-based transactions.

It’s the machine-based transaction attacks that most concern CISOs and their teams because they’re so quick, difficult to identify, predict, and stop. BCG found that 43% of executives see an increase in machine-speed attacks. With seven out of every 10 executives believing they can’t respond or thwart advanced cyberattacks without AI, the demand for AL and ML-based cybersecurity systems in the following five core areas continues to grow.

1. Transaction fraud detection – CISOs tell VentureBeat that the pandemic’s effects on their ecommerce sales are the primary catalyst for investing in AI and ML-based transaction fraud detection. Transaction fraud detection is designed to provide real-time monitoring of payment transactions, using ML techniques to identify anomalies and potential fraud attempts. In addition, ML algorithms are being trained to identify login processes and prevent account takeovers (ATOs), one of the fastest-growing areas of online retail fraud today.

Leading online retailers are training their cybersecurity analysts on transaction fraud detection systems and having their data scientists work with vendors to spot identity spoofing and the use of stolen privileged access credentials. Identifying behaviors that don’t fit with the legitimate account holders are also helping to stop impersonation and stolen credential attacks. Fraud detection and identity spoofing are converging as CISOs and CIOs want a single AI-based platform to scale and protect all transactions. Equifax acquired Kount in 2021 to expand its digital identity and fraud prevention solutions footprint. Leading vendors include Accertify, Akamai, Arkose Labs, BAE Systems Cybersource, IBM, LexisNexis Risk Solutions, Microsoft, NICE Actimize, and several others.

2. Account Takeover (ATO) – Cybersecurity teams who define multifactor authentication (MFA) as a standard to pass audits and attain regulatory compliance are missing the point and often get hacked with successful account takeover (ATO) attempts. The most reliable approaches to MFA need to include three core areas of something only the user knows, something only the user holds, and something the user is or does. True MFA will include at least two of these three attributes by the user. However, getting users’ behavior to change permanently is far more difficult and a longer-term challenge. That’s why enterprises adopt AI and ML-based platforms that can calculate and assign a risk score for each interaction using a broader set of external variables or indicators aggregated into a series of analytics. AI and ML-based platforms offering protection against ATO are configurable for the relative levels of risk management a given organization wants to take on. When risk scoring identifies a suspicious email or file, it automatically quarantines it to protect all users on the network.

Leading ATO providers include Avanan, Experian, Iovation, and others. Leading providers of passwordless authentication solutions include Microsoft Azure Active Directory (Azure AD), Ivanti Zero Sign-On (ZSO), OneLogin Workforce Identity, and Thales SafeNet Trusted Access. Ivanti Zero Sign-on (ZSO) is noteworthy for its use of adaptive authentication, including multifactor authentication (MFA) based on risk. Zero Sign-On also relies on biometrics, including Apple’s Face ID, as a secondary authentication factor to access work email, unified communications and collaboration tools, and corporate-shared databases and resources. It’s integrated into the Ivanti Unified Endpoint Management (UEM) platform.

3. Defending against ransomware – Organizations fell victim to a ransomware attack every 11 seconds by 2021, up from 40 seconds in 2016, and the average cost of a traditional breach reached $3.86 million. Absolute Software has analyzed the anatomy of ransomware attacks and provided key insights in their study. Their analysis of how a ransomware attack takes place is illustrated in the graphic below:

Above: Absolute Software’s anatomy of a ransomware attack illustrates why implementing cybersecurity training, regularly updating anti-virus and anti-malware, and backing up data to a non-connected environment is essential for preventing an attack.

Image Credit: Absolute Software

Taking steps to improve the security hygiene of an enterprise, including adopting MFA on every endpoint, is just the starting point. Getting patch management right can make a difference in how secure an enterprise stays when bad actors attempt to launch a ransomware attack. AI and ML are making a difference against ransomware by automating patch management with bots instead of relying on brute-force endpoint inventory methods. AI-powered bots use constraint-based algorithms to pinpoint which endpoints need updates and probable risk levels. Algorithms use current and historical data to identify the specific patch updates and provide the build any given endpoint device needs.

Another advantage of taking more of a bot-based approach to patch management is how it can autonomously scale across all endpoints and networks of an organization. Automated patch management systems need more historical ransomware data to train AI and machine learning-based models better and fine-tune their predictive accuracy further.

That’s what makes the approach taken by RiskSense, which Ivanti recently acquired, noteworthy. Ivanti gained the largest, most diverse data set of vulnerabilities and exposures through the RiskSense Vulnerability Intelligence and Vulnerability Risk Rating. The risk ratings reflect the future of ML-driven patch management by prioritizing and quantifying adversarial risk based on factors such as threat intelligence, in-the-wild exploit trends, and security analyst validation.

Microsoft accelerating acquisitions in cybersecurity reflects the priority they are putting on ransomware. In a blog post, Microsoft announced its acquisition of RiskIQ on July 12, 2021. RiskIQ’s services and solutions will join Microsoft’s suite of cloud-native security products, including Microsoft 365 Defender, Microsoft Azure Defender, and Microsoft Azure Sentinel.

4. Identity proofing – Bad actors attempt to create false identities and privileged access credentials with banks, educational institutions, financial services, and health care facilities to defraud the institution and potentially breach its systems. Identity proofing reduces fraud by verifying the identity of new customers when they submit applications for care, enrollment or services, account openings, and balance transfers for new accounts. AI and ML adoption are diverse across the identity proofing market, including identity affirmation and identity proofing tools. ML algorithms rely on convolutional neural networks to assess the authenticity of photo IDs and related photo-based documents, applying attack detection techniques to an image before attempting to match it to the photo ID.

Identity proofing and affirmation are both needed to reduce fraud, which is one of the challenges vendors competing in this market are addressing through API-based integration across platforms. Additionally, identity-proofing vendors are seeing exponential growth due to the pandemic, with venture capital firms investing heavily in this area. Identity verification startup Incode, which recently raised $220 million in a Series B funding round, led by General Atlantic and SoftBank with additional investment from J.P. Morgan and Capital One, is one of many new entrants in this growing market.

5. Process behavior analysis – AL and ML are paying off in this area of cybersecurity today due to their combined strengths at quickly identifying potential breach attempts and acting on them. Process behavior analysis concentrates on identifying anomalous, potentially malicious behavior earlier based on patterns in behavior. As a result, it’s proven particularly effective in thwarting attacks that don’t necessarily carry payloads.

An excellent example of process behavior analysis is how Microsoft Defender 365 relies on behavior-based detections and machine learning to identify when endpoints need to be healed and carry out the necessary steps autonomously with no human interaction. Microsoft 365 does this by continually scanning every file in Outlook 365. Microsoft Defender 365 is one of the most advanced behavioral analysis systems supporting self-healing endpoints capable of correlating threat data from emails, endpoints, identities, and applications. When there’s a suspicious incident, automated investigation results classify a potential threat as malicious, suspicious, or “no threat found.” Defender 365 then takes a series of autonomous actions to remediate malicious or suspicious artifacts. Remediation actions include sending a file to quarantine, stopping a process, isolating a device, or blocking a URL. A Virtual Analyst is also part of the Microsoft 365 Defender suite that provides autonomous investigation and response.

Above: Microsoft Defender Security Center Security operations dashboard monitors potential threats using process behavior analysis techniques, with the data shown above based on an analysis of Endpoint Detection and Response (EDR) real-time activity.

Image Credit: Microsoft

Enterprises need to prioritize cybersecurity in 2022

Improving cybersecurity from the endpoint to the core of IT infrastructures needs to be every enterprise’s goal in 2022. AI and ML show potential in five core areas to improve cybersecurity, thwart ransomware attempts, and learn from data patterns to predict potential attack scenarios and attack vectors. Attacks happen faster, with greater precision, and with more orchestrated force today than ever before, often relying on machine-to-machine communication. AI and ML stand the best chance of keeping up with the onslaught of cyber-attack attempts while also increasing the pace of innovation to outsmart attackers who are always stepping up their efforts.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member