How AI protects machine identities in a zero-trust world

Bad actors know all they need to do is find one unprotected machine identity, and they’re into a company’s network. Analyzing their breaches shows they move laterally across systems, departments, and servers, looking for the most valuable data to exfiltrate while often embedding ransomware. By scanning enterprise networks, bad actors often find unprotected machine identities to exploit. These factors are why machine identities are a favorite attack surface today.

Why machine identities need zero trust 

Organizations quickly realize they’re competing in a zero-trust world today, and every endpoint, whether human or machine-based, is their new security perimeter. Virtual workforces are here to stay, creating thousands of new mobility, device, and IoT endpoints. Enterprises are also augmenting tech stacks to gain insights from real-time monitoring data captured using edge computing and IoT devices. 

Forrester estimates that machine identities (including bots, robots, and IoT) grow twice as fast as human identities on organizational networks. These factors combine to drive an economic loss of between $51.5 to $71.9 billion attributable to poor machine identity protection. Exposed APIs lead to machine identities also being compromised, contributing to machine identity attacks growing 400% between 2018 and 2019, increasing by over 700% between 2014 and 2019. 

Defining machine identities 

CISOs tell VentureBeat they are selectively applying AI and machine learning to the areas of their endpoint, certificate, and key lifecycle management strategies today that need greater automation and scale. An example is how one financial services organization pursuing a zero trust strategy uses AI-based Unified Endpoint Management (UEM) that keeps machine-based endpoints current on patches using AI to analyze each and deliver the appropriate patch to each. 

How AI is protecting machine identities 

It’s common for an organization not to know how many machine identities it has at any given moment, according to a recent conversation VentureBeat had with the CISO of a Fortune 100 company. It’s understandable, given that 25% of security leaders say the number of identities they’re managing has increased by a factor of ten or more in the last year. Eighty-four percent of security leaders say the number of identities they manage has doubled in the last year. All of this translates into a growing workload for already overloaded IT and security teams, 40% of which are still using spreadsheets to manually track digital certificates, combined with 57% of enterprises not having an accurate inventory of SSH keys. Certificate outages, key misuse or theft, including granting too much privilege to employees who don’t need it, and audit failures are symptoms of a bigger problem with machine identities and endpoint security.

Most CISOs VentureBeat speaks with are pursuing a zero trust strategy long-term and have their boards of directors supporting them. Boards want to see new digital-first initiatives drive revenue while reducing the risks of cyberattacks. CISOs are struggling with the massive workloads of protecting machine identities while pursuing zero trust. The answer is automating key areas of endpoint lifecycle management with AI and machine learning. 

The following are five key areas AI and machine learning (ML) show the potential to protect machine identities in an increasingly zero-trust world.

• Automating machine governance and policies. Securing machine-to-machine communications successfully starts with consistently applying governance and policies across every endpoint. Unfortunately, this isn’t easy because machine identities in many organizations rely on siloed systems that provide little if any visibility and control for CISOs and their teams. One CISO told VentureBeat recently that it’s frustrating given how much innovation is going on in cybersecurity. Today, there is no single pane of glass that shows all machine identities and their governance, user policies, and endpoint health. Vendors to watch in this area include Ericom with their ZTEdge SASE Platform and their Automatic Policy Builder, which uses machine learning to create and maintain user or machine-level policies. Their customers say the Policy Builder is proving to be effective at automating repetitive tasks and delivering higher accuracy in policies than could be achieved otherwise. Additional vendors to watch include Delinea Microsoft Security, Ivanti, SailPoint, Venafi, ZScaler, and others. 

• Automating patch management while improving visibility and control. Cybersecurity vendors prioritize patch management, improved visibility, and machine identity control because their results drive funded business cases. Patch management, in particular, is a fascinating area of AI-based innovation for machine-based innovation today. CISOs tells VentureBeat it’s a sure sign of cross-functional teams both within IT and across the organization not communicating with each other when there are wide gaps in asset inventories, including errors in key management databases. Vulnerability scans need to be defined by a given organizations’ risk tolerance, compliance requirements, type and taxonomy of asset classes, and available resources. It’s a perfect use case for AI and algorithms to solve complex constraint-based problems, including path thousands of machines within the shortest time. Taking a data-driven approach to patch management is helping enterprises defeat ransomware attacks. Leaders in this area include BeyondTrust, Delinea, Ivanti, KeyFactor, Microsoft Security, Venafi, ZScaler, and others.    

• Using AI and ML to discover new machine identities. It’s common for cybersecurity and IT teams not to know where up to 40% of their machine endpoints are at any given point in time. Given the various devices and workloads IT infrastructures create, the fact that so many machine identities are unknown amplified how critical it is to pursue a zero-trust security strategy for all machine identities. Cisco’s approach is unique, relying on machine learning analytics to analyze endpoint data comprised of over 250 attributes. Cisco branded the service AI Endpoint Analytics. The system rule library is a composite of various IT and IoT devices in an enterprise’s market space. Beyond the system rule library, Cisco AI Endpoint Analytics has a machine-learning component that helps build endpoint fingerprints to reduce the net unknown endpoints in your environment when they are not otherwise available. Ivanti Neurons for Discovery is also proving effective in providing IT and security teams with accurate, actionable asset information they can use to discover and map the linkages between key assets with the services and applications that depend on those assets. Additional AI ML leaders to discover new machine identities include CyCognito, Delinea, Ivanti, KeyFactor, Microsoft Security, Venafi, ZScaler, and others.    

• Key and digital certificate configuration. Arguably one of the weakest links in machine identity and machine lifecycle management, key and digital certificate configurations are often stored in spreadsheets and rarely updated to their current configurations. CISOs tell VentureBeat that this area suffers because of the lack of resources in their organizations and the chronic cybersecurity and IT shortage they’re dealing with. Each machine requires a unique identity to manage and secure machine-to-machine connections and communication across a network. Their digital identities are often assigned via SSL, TLS, or authentication tokens, SSH keys, or code-signing certificates. Bad actors target this area often, looking for opportunities to compromise SSH keys, bypass code-signed certificates or compromise SSL and TLS certificates. AI and machine learning are helping to solve the challenges of getting key and digital certificates correctly assigned and kept up to date for every machine identity on an organizations’ network. Relying on algorithms to ensure the accuracy and integrity of every machine identity with their respective keys and digital certificates is the goal. Leaders in this field include CheckPoint, Delinea, Fortinet, IBM Security, Ivanti, KeyFactor, Microsoft Security, Venafi, ZScaler, and others.    

• UEM for machine identities. AI and ML adoption accelerate the fastest when these core technologies are embedded in endpoint security platforms already in use across enterprises. The same holds for UEM for machine identities. Taking an AI-based approach to managing machine-based endpoints enables real-time OS, patch, and application updates that are the most needed to keep each endpoint secure. Leading vendors in this area include Absolute Software’s Resilience, the industry’s first self-healing zero trust platform; it’s noteworthy for its asset management, device and application control, endpoint intelligence, incident reporting, and compliance, according to G2 Crowds’ crowdsourced ratings. Ivanti Neurons for UEM relies on AI-enabled bots to seek out machine identities and endpoints and automatically update them, unprompted. Their approach to self-healing endpoints is noteworthy for creatively combining AI, ML, and bot technologies to deliver UEM and patch management at scale across their customer base. Additional vendors rated highly by G2 Crowd include CrowdStrike Falcon, VMWare Workspace ONE, and others. 

A secure future for machine identity

Machine identities’ complexity makes them a challenge to secure at scale and over their lifecycles, further complicating CISOs’ efforts to secure them as part of their zero-trust security strategies. It’s the most urgent problem many enterprises need to address, however, as just one compromised machine identity can bring an entire enterprise network down. AI and machine learning’s innate strengths are paying off in five key areas, according to CISOs. First, business cases to spend more on endpoint security need data to substantiate them, especially when reducing risk and assuring uninterrupted operations. AI and ML provide the data techniques and foundation delivering results in five key areas ranging from automating machine governance and policies to implementing UEM. The worst ransomware attacks and breaches of 2021 started because machine identities and digital certificates were compromised. The bottom line is that every organization is competing in a zero-trust world, complete with complex threats aimed at any available, unprotected machine.