{"id":228495,"date":"2021-04-16T15:00:25","date_gmt":"2021-04-16T12:00:25","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/how-ai-machine-learning-and-endpoint-security-overlap-cloudsavvy-it\/"},"modified":"2021-04-16T15:00:25","modified_gmt":"2021-04-16T12:00:25","slug":"how-ai-machine-learning-and-endpoint-security-overlap-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/how-ai-machine-learning-and-endpoint-security-overlap-cloudsavvy-it\/","title":{"rendered":"#How AI, Machine Learning, and Endpoint Security Overlap \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2f3cc1d2bae\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2f3cc1d2bae\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/how-ai-machine-learning-and-endpoint-security-overlap-cloudsavvy-it\/#What_is_Endpoint_Security_and_How_Does_it_Work\" >What is Endpoint Security and How Does it Work?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/how-ai-machine-learning-and-endpoint-security-overlap-cloudsavvy-it\/#The_Shift_From_Threat_Prevention_to_Detection_and_Response\" >The Shift From Threat Prevention to Detection and Response<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/how-ai-machine-learning-and-endpoint-security-overlap-cloudsavvy-it\/#Data_Machine_Learning_and_AI\" >Data, Machine Learning, and AI<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/how-ai-machine-learning-and-endpoint-security-overlap-cloudsavvy-it\/#EDR_in_Action\" >EDR in Action<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/how-ai-machine-learning-and-endpoint-security-overlap-cloudsavvy-it\/#Insider_Threats\" >Insider Threats<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/how-ai-machine-learning-and-endpoint-security-overlap-cloudsavvy-it\/#Fileless_Malware\" >Fileless Malware<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/buradabiliyorum.com\/en\/how-ai-machine-learning-and-endpoint-security-overlap-cloudsavvy-it\/#Human_Error\" >Human Error<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/buradabiliyorum.com\/en\/how-ai-machine-learning-and-endpoint-security-overlap-cloudsavvy-it\/#Inherently_Unsecured_Endpoints\" >Inherently Unsecured Endpoints<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#How AI, Machine Learning, and Endpoint Security Overlap \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<figure style=\"width: 700px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-10686 size-full\" data-pagespeed-lazy-src=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/04\/b89553c0.png?width=1200&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"\" width=\"700\" height=\"350\" src=\"https:\/\/www.shutterstock.com\/image-vector\/abstract-artificial-intelligence-technology-web-background-1044933463\" data-credittext=\"Shutterstock\/vs148\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-vector\/abstract-artificial-intelligence-technology-web-background-1044933463\">Shutterstock\/vs148<\/a><\/span><\/figcaption><\/figure>\n<p>With new cyber threats coming up every day, security systems, especially those used by corporations, need to adapt. But instead of constantly needing updates from their manufacturers, what if endpoint security software can play a direct role in improving itself?<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"What_is_Endpoint_Security_and_How_Does_it_Work\"><\/span>What is Endpoint Security and How Does it Work?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Endpoint security is the process of securing a network\u2019s endpoints, such as user devices and online accounts. Endpoints are entryways to the network, connecting it to the open internet and other devices. In theory, by adequately securing physical and digital endpoints, your entire network should be safe from outside threats.<\/p>\n<p>By monitoring the data entering and exiting the network through its endpoints looking for threats, endpoint security software can protect numerous access points simultaneously, intercepting threats in real-time. On its own, it works similarly to how advanced antivirus software works. But cybercriminals are constantly devising new plans of attacks, both directly and through malicious software. And while traditional antivirus software relies on recognizing previously-identified viruses, it can\u2019t intercept zero-day and upcoming cyberattacks.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"The_Shift_From_Threat_Prevention_to_Detection_and_Response\"><\/span>The Shift From Threat Prevention to Detection and Response<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>A Ponemon Institute study, released in early 2020, estimated that\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.k2io.com\/zero-day-attacks-are-on-the-rise\/\">around 42 percent of all cyberattacks<\/a>\u00a0in the following year would be zero-day attacks. The lack of identifiable methodologies behind the attacks makes them harder to spot and intercept early on by traditional endpoint security software. In addition to looking for a way to handle near half of future attacks, businesses are coming to the realization that cyberattacks are inevitable. That realization created a collective need to shift the typical cybersecurity model from threat prevention to threat detection and response, allowing them to mitigate the damages of cyberattacks instead of stopping them altogether.<\/p>\n<p>Instead of security software that scans incoming data for known malware, the goal is to detect the signs that often correspond with an upcoming attack, whether insider or not. That\u2019s where traditional antivirus software fails but AI and machine learning step in.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Data_Machine_Learning_and_AI\"><\/span>Data, Machine Learning, and AI<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>By utilizing network monitoring, every security incident or vulnerability caused by a bug in the system or user misconduct gets recorded into log files. With time, specific data points in log files can reveal stark red flags and trends in your security like unusual behavior that precedes an attack\u2014such as extreme traffic and unwarranted changes in access permissions and settings. However, data this rich and complex is only useful after it\u2019s been fully categorized and analyzed, and filtered out background noise and routine log entries with little to no importance or relation to cybersecurity.<\/p>\n<p>AI and machine learning aren\u2019t necessary elements in endpoint security software\u2019s functionality, but they allow it to evolve and adapt to new security threats without needing direct human intervention. With human error playing a major role in cybersecurity shortcomings, automating the learning and growth tactics makes for a more accurate and risk-free product. In cybersecurity, data, AI, and machine learning build on top of one another.<\/p>\n<p>By feeding the machine learning algorithm labeled objects, the system gradually starts to recognize the differences between safe network activity and suspicious network activity, as well as the signs and user behavior leading up to each. Additionally, by including sufficient data of past security responses, machine learning and AI systems can start to identify plausible solutions to threats and execute the most suitable one in record time.<\/p>\n<p>This careful integration of data, AI, and machine learning with endpoint security results in an Endpoint Detection and Response (EDR) system. Instead of having multiple parts working independently, EDR combines the different types of <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> to produce a comprehensive security <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>roach of detecting threats and responding to them automatically.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"EDR_in_Action\"><\/span>EDR in Action<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The use of EDR doesn\u2019t stop with monitoring your network\u2019s access points for incoming viruses or data leaks. Its monitoring and detection capabilities can reach deep into the network, searching for underlying threats and security vulnerabilities.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Insider_Threats\"><\/span>Insider Threats<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Insider threats are malicious security threats to an organization that originate from the inside. The perpetrator can be anyone from current and former employees to business associates and independent contractors. Because those individuals often have insider access and information about the organization, security software that solely protects access points isn\u2019t of much use. But by utilizing behavioral analysis and log data, EDR can detect malicious behavior from inside the network. It can respond with the appropriate course of action and send out alerts to the IT and security departments.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Fileless_Malware\"><\/span>Fileless Malware<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>While traditional antivirus and endpoint security software can intercept known viruses, they fall short when the threat isn\u2019t a file to be scanned for malware. Fileless malware is malicious software that doesn\u2019t use or contain executable files, but a bit of code that hides directly on the device\u2019s memory. And instead of having all it needs to launch an attack like most viruses, fileless malware utilizes the system\u2019s racecourses and components against it, running with legitimate scripts alongside safe programs to mask its existence.<\/p>\n<p>EDR can stop fileless malware attacks by detecting the minute changes in data logs and behavior the endpoints or devices go through, relying on constant monitoring and the ability to recognize such patterns.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Human_Error\"><\/span>Human Error<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The vast majority of data breaches and successful cyberattacks are due to human error, where employees or contractors don\u2019t practice sound cybersecurity while using their work devices, resulting in a security gap that\u2019s easy for hackers to take advantage of. But thanks to AI-driven EDR\u2019s network monitoring, pattern recognition, and behavioral analysis capabilities, it can help detect security vulnerabilities in the system unknowingly caused by employees, almost im<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>tely,\u00a0instead of weeks. Not to mention, EDR cuts back on time to detect Advanced Persistent Threats (ADT), which target unsuspecting employees over a long period of time.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Inherently_Unsecured_Endpoints\"><\/span>Inherently Unsecured Endpoints<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Internet of Things (IoT) devices are more essential than ever to most organizations and offices, but they\u2019re often the weakest link in their security. While it\u2019s inconvenient to keep IoT devices offline in hectic and fast-paced work environments, connecting them to the internet poses a security risk. After all,\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.netscout.com\/sites\/default\/files\/2019-02\/SECR_001_EN-1901 - NETSCOUT Threat Intelligence Report 2H 2018.pdf\">NETSCOUT\u2019s Threat Intelligence report of 2018<\/a>\u00a0found that IoT devices get attacked a mere five minutes after connecting to the internet.<\/p>\n<p>With inherently unsecured endpoints, it\u2019s important to rely on the real-time threat detection and monitoring EDR has to offer. That\u2019s especially true with most IoT devices not being built for security but for convenience and ease of use instead.\n<\/p><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/10609\/how-ai-machine-learning-and-endpoint-security-overlap\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#How AI, Machine Learning, and Endpoint Security Overlap \u2013 CloudSavvy IT&#8221; Shutterstock\/vs148 With new cyber threats coming up every day, security systems, especially those used by corporations, need to adapt. But instead of constantly needing updates from their manufacturers, what if endpoint security software can play a direct role in improving itself? What is Endpoint&#8230;<\/p>\n","protected":false},"author":1,"featured_media":228496,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/04\/b89553c0.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-228495","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/228495","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=228495"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/228495\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/228496"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=228495"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=228495"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=228495"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}