How important is Machine Learning
for endpoint security?
Machine Learning or Artificial Intelligence
(AI) is very important for endpoint security.
If you think about it, a machine works at
machine speed, processing of data is fast
and the decision-making aspect of it is also
fast. When it comes to next-generation
cybersecurity, traditional on-premise
signature database protection models are
ineffective and lack administrator visibility.
Most traditional and next-gen approaches
rely on scanning files to detect attacks,
which makes them extremely vulnerable to
new attack techniques. The shortcomings
of other products are especially relevant to
today’s live and fileless attacks.
The on-agent AI detection engines allow
SentinelOne to autonomously detect and
respond to malicious behaviour immediately,
offering machine speed responses such as
on-agent remediation and rollback.
To adequately defend the business and
adopt cloud, containers, IoT and more,
organisations need dynamic Artificial
Intelligence-driven (AI) next-generation
endpoint protection platforms that defend
every endpoint against all types of attacks,
at every stage in the threat lifecycle without
the need for human intervention.
Why is minimal dwell time so
important and how does your
technology address this?
In our opinion, there is no such thing as
minimal or maximal dwell time, all the talks
about keeping a breach dwell time under
200 days instead of the average 285 days
Tamer Odeh,
Regional Director
at SentinelOne in
the Middle East
When accessing
corporate networks
remotely, there
is a higher risk of
unauthorised access
and data leakage.
are pointless. If an attack takes place and is
not detected before it is launched, we lost.
We address this challenge by not
accepting any dwell time scenarios.
Detection and response are done in realtime.
SentinelOne’s patented technology
links all behaviours and indexes all activities
into a storyline on the agent, in real-time.
Our analysts can hunt faster, focusing on
what matters, instead of wasting time
looking for the needle in the stack. Malicious
attempts are prevented in real-time,
reducing overall risk and alert fatigue all too
common with other EDR products.
Are there any emerging trends in
endpoint security of which CISOs
should be aware?
Technology is becoming more and more
disruptive and, as Digital Transformation
continues its march, more and more
trends will emerge – especially concerning
endpoint security.
We believe that further adoption of AI
will continue and will impact the security
sector in various ways. AI already surrounds
us everywhere we go, from Alexa to
Google Home, Nest to smart speakers –
you’d struggle to find a home that hasn’t
incorporated some form of AI. Beyond our
devices, AI recommendation engines are
allowing for highly targeted (and creepily
precise) advertisements across the web and
social media.
Machine Learning and other additions
are also making AI even more intelligent.
This allows AI to monitor anomalies,
perform classification on gathered data and
predict if a user is about to quit a service,
for example.
But with more capabilities comes more
code and with more code comes more
bugs. Coupled with the fact that AI is a
new technology, which as a rule makes it
inherently less secure, it’s easy to see why
cybercriminals are taking advantage of this
problematic new tool.
AI shows no signs of slowing down; it’s
effective and addictive, which is why we have
adopted it with open arms. Clearly, there’s no
going back now. As defenders, our next step
has to be building the tools, security models
and processes to combat the wave of deep
fakes and beyond, securing a bright future
with AI by our side, not against us.
What advice would you give to
organisations to ensure they have
a comprehensive endpoint security
strategy in place?
Stopping the attack from happening is just
part of the solution, a lot of malicious files
can sit in your system for days and months
and continue exploiting your data even after
a breach is mitigated.
It is more important than anything to
secure your devices and not allow any active
attacks. In the absolute worst-case scenario,
our last reserve is the rollback function that
we offer to our customers. If your system
doesn’t have the ‘pre-attack state’ back up,
your endpoint cybersecurity infrastructure is
as good as non-existent. •
38