5 ways AI-powered patch management is driving the future of cybersecurity

A non-data-driven approach to patch management is waiting for a breach to happen. Attackers are weaponizing her years-old CVE because security teams wait until a breach occurs before prioritizing patch management.

Cyber ​​attackers’ growing tactics now include more sophisticated contextual intelligence about which CVEs are most vulnerable. As a result, manual patch management, i.e. endpoints with too many agents, overloads them, leaves the attack surface unprotected, and creates exploitable memory contention.

Meanwhile, attackers continue to hone their craft, weaponizing vulnerabilities with new techniques and technologies that can evade detection and defeat manual patch management systems.

CrowdStrike’s 2023 Global Threat Report found that malware-free intrusion activity accounted for up to 71% of all detections indexed by the CrowdStrike Threat Graph. 47% of breaches were due to unpatched security vulnerabilities. More than half of organizations, or 56%, manually remediate security vulnerabilities.

If you need further proof that relying on manual patching methods doesn’t work, think about 20% of your endpoints. rear All patches have yet to remediate and are at risk of being breached again.

“Patching is not as easy as it sounds,” said Dr. Srinivas Mukkamala, chief product officer at Ivanti. “Even well-staffed and funded IT and security teams face the challenge of prioritizing among other pressing demands. Organizations should implement risk-based patch management solutions and leverage automation to identify, prioritize, and even address vulnerabilities without excessive manual intervention.”

Vendors quickly track risk-based vulnerability management and AI

CISOs told VentureBeat that traditional patch management systems are part of technology stack integration plans for risk-based vulnerability management (RBVM). RBVM is a more effective and quicker to deploy approach because it is cloud-based. AI-based patch management relies in part on algorithms that require a continuous stream of data to “learn” and continue to evaluate patch vulnerabilities. To set the pace of the market, look for leading vendors with multi-generational offerings in AI and machine learning development.

The GigaOm Radar for Patch Management Solutions report highlights the technical strengths and weaknesses of the top patch management providers. This is a noteworthy report as it compares the vendors in the market segments served by deployment models and patch coverage and evaluates each vendor. This report includes BMC Client Management Patch powered by Atera, Automox, Ivanti, Canonical, ConnectWise, Flexera, GFI, ITarian, Ivanti, Jamf, Kaseya, ManageEngine, N-able, NinjaOne, SecPod, SysWard, Syxsense, Tanium Analyzed vendors.

Breaking the reactive checklist mentality requires a breach

The CISO of a large insurance and financial services company, who anonymously told VentureBeat, said the urgency to patch endpoints and mission-critical systems is usually when systems are compromised by endpoint downrevision patches. It says that it is only As one CISO recently confided to VentureBeat, this is reactive rather than prescriptive reflection. Critical events, such as intrusions, compromise of mission-critical systems, and discovery of stolen access credentials, often escalate the required patching effort.

What CISOs are telling us aligns with Ivanti’s 2023 Security Readiness Report. Ivanti found that external events, intrusion attempts, or compromises will restart patch management efforts 61% of the time. As organizations scramble to defend against cyberattacks, the reactive checklist mentality still lingers in the industry. More than 9 out of 10 security professionals said patches were a priority, but all types ranked high, and no one said patches were a priority.

5 ways AI-powered patch management is disrupting cybersecurity

Leveraging diverse datasets and integrating them into the RBVM platform while automating patch management is a perfect use case for AI in cybersecurity. A state-of-the-art AI-based patch management system can interpret vulnerability assessment telemetry and prioritize risks by patch type, system, and endpoint. It is for risk-based scoring that nearly every vendor in this market is rapidly advancing AI and machine learning.

AI and machine learning-based vulnerability risk assessment or scoring provides the insights security teams need while prioritizing and automating patching workflows. Here are five key ways AI-driven patch management is redefining the future of cybersecurity.

1. Accurate real-time anomaly detection and prediction – the first line of defense against machine speed attacks

Attackers exploit machine-based vulnerabilities and weaknesses in patches to overwhelm perimeter-based security on endpoints. A supervised machine learning algorithm trained on data identifies attack patterns and adds them to the knowledge base. With the number of machine identities now outnumbering human her identities by 45 times, attackers believe there is an opportunity to compromise endpoints, systems and assets that are not protected by the latest patches. I’m here.

Ivanti’s Mukkamala told VentureBeat in a recent interview that he envisions patch management becoming more automated, with AI co-pilots providing better contextual intelligence and predictive accuracy.

“With over 160,000 vulnerabilities identified today, it’s no wonder IT and security professionals overwhelmingly find patching overly complex and time consuming,” said Mukkamala. . “This is why organizations should leverage AI solutions to help teams prioritize, validate, and apply patches. It’s about offloading to the co-pilot and allowing our IT and security teams to focus on strategic initiatives for the business.”

2. A risk scoring algorithm that continuously learns, improves and expands

Manual patching is prone to failure because it has to balance many unknown constraints and software dependencies simultaneously. Consider all the factors your security team needs to address. Enterprise software vendors can take a long time to issue patches. Regression testing may have been incomplete. Patches rushed to customers often break other parts of mission-critical systems, often without the vendor knowing why. Memory contention on endpoints is also common and reduces endpoint security.

Risk scoring is invaluable in automating patch management. Assigning vulnerability risk ratings helps you prioritize and manage your most risky systems and endpoints. Ivanti, Flexera, Tanium, and others have developed risk-scoring technologies that help streamline AI-based patch management.

3. Machine learning improves real-time patch intelligence

CISOs say VentureBeat machine learning is one of the most valuable technologies for improving vulnerability management across large-scale infrastructure. Supervised and unsupervised machine learning algorithms help achieve faster SLAs. They improve the efficiency, scale and speed of data analysis and event processing. And they also help with anomaly detection. Machine learning algorithms use patch intelligence to provide threat data from thousands of patches, revealing system vulnerabilities and stability issues. All of this makes it valuable in combating security threats.

Leaders in this space include Automox, Ivanti Neurons for Patch Intelligence, Kaseya, ManageEngine and Tanium.

Four. Save valuable time for your IT and security teams while improving predictive accuracy by automating remediation decisions

Machine learning algorithms continuously analyze and learn from telemetry data to improve prediction accuracy and automate remediation decisions. One of the most exciting areas in this area of ​​innovation is the rapid development of the Exploit Prediction Scoring System (EPSS) machine learning model, created from the collective wisdom of 170 experts.

EPSS aims to help security teams manage the ever-growing number of software vulnerabilities and identify the most dangerous ones. Now on the 3rd iteration, the model performs 82% better than the previous version. “Remediating vulnerabilities through faster patching can be costly and can mislead the most active threats,” says Gartner in its report Tracking Correct Vulnerability Management Metrics (Requires Client Access). increase. “Risk-based patching vulnerability remediation is more cost-effective and targets the most exploitable business-critical threats.”

Five. Contextual understanding of endpoint assets and their assigned identities

Another exciting area of ​​AI-based patch management innovation is how quickly vendors can use AI and machine learning to identify, inventory, and patch endpoints that need updates. Is it improving to While each vendor’s approach is different, they all share the goal of replacing outdated, error-prone, manual, inventory-based approaches. Patch management and RBVM platform providers have improved their ability to identify which endpoints, machines, and systems need patches, and are rapidly tracking new releases for better predictability.

Apply machine learning algorithms across the lifecycle

Automating patch management updates is the first step. His patch management system is then integrated with his RBVM platform for better versioning and change management at the application level. Supervised and unsupervised machine learning algorithms help models identify potential anomalies early and fine-tune risk scoring accuracy, enabling organizations to gain better contextual intelligence. increase.

Too many organizations are currently in catch-up mode when it comes to patch management. For these technologies to reach their full potential, enterprises must use them to manage their entire lifecycle.