Story image

IBM harnessing augmented intelligence for context-specific endpoint management

23 Nov 17

Hackers are constantly unleashing creative new phishing attacks to get credentials to gain access to a PC, tablet or smartphone.

Zero-day attacks and the use of tools that find vulnerable systems require new defences to protect organisations.

In just a few short years, we have seen the shift from mobile device management to endpoint mobility management to unified endpoint management (UEM), which provides a higher level of management functionality and far more effective security capabilities.

Among the most important advances in UEM is the integration of augmented intelligence and cognitive technology, as IBM has done with IBM MaaS360 with Watson.

The integration with Watson changes the game on several fronts.

First, it reduces the number and scope of manual tasks and mobile minutiae that systems managers and admins spend time on by discovering key insights and alerts and delivering them right to the MaaS360 console.

Second, it speeds changes to security policies and rules.

And third, the use of cognitive technology enables further refinement of policies and standards so they are contextual to the specific needs of the organisation rather than more general rules.

How augmented intelligence and cognitive technologies reduce endpoint vulnerability

In many cases, the problem with endpoint security is not a lack of input information from logs, threat intelligence, behaviour tracking and other data.

Rather, it’s the difficulty of building a meaningful understanding of what is occurring and how to respond.

Cognitive technologies use augmented intelligence to sort through all of the information and activity to provide security analysts and IT admins with actionable intelligence and more useful dashboards focused on endpoint devices.

UEM tools with augmented intelligence will change management and security processes by delivering more context about threats, customised for the unique needs and infrastructure of a specific organisation.

As such, actions are driven by prioritisation based on the organisation, not a general perspective.

As the number of vulnerabilities and threats increases each month, being able to prioritise them accurately is critical.

Cognitive technologies enable both IT and security teams to take a far more proactive approach to cyberdefense, determining the following:

  • What happened: Teams can identify and understand a security event or endpoint management problem more quickly. While many existing solutions can identify most of these events, they often take longer to do so, don’t find them consistently or provide only partial information. This forces staff to spend additional time identifying the details of the issue and how the information applies to their environment. Many legacy products provide only reactive—rather than proactive—support after the problem or breach has occurred.
     
  • What can happen: With augmented intelligence, it becomes possible to forecast what may happen to endpoints prior to an event occurring so SecOps can prepare for the impact. This is a game changer. Not every organisation has the same vulnerabilities or endpoint management capabilities, and these unique elements have a substantial bearing on future risks or issues. Cognitive technologies allow organisations to match future threats against their current cyberdefenses.
     
  • What should be done: Once there is a more accurate understanding of future risks, it becomes possible to 3 Augmented Intelligence Slashes Mobile and Endpoint Vulnerabilities define the options for action. However, using cognitive technologies and intelligence, organisations can evaluate more options and gain a better understanding of the outcome for each. Using consistent data for each permutation, and reducing the amount of subjective input, it becomes far simpler to compare options and pick the best alternative. Actions can then be delivered to an administrator with just a click.

Legacy approaches to managing endpoint vulnerabilities can’t keep up or provide the kind of true insight organisations require to make informed and optimal decisions.

Improving endpoint management tools with augmented intelligence and cognitive technologies is the answer. 

Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
How Schneider Electric aims to simplify IT management
With IT Expert, Schneider Electric aims to ensure secure, vendor agnostic, wherever-you-go monitoring and visibility of all IoT-enabled physical infrastructure assets.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
Preparing for the future of work – growing big ideas from small spaces
We’ve all seen it: our offices are changing from the traditional four walls - to no walls. A need to reduce real estate costs is a key driver, as is enabling a more diverse and agile workforce.
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
How AI can fundamentally change the business landscape
“This is an extremely interesting if not pivotal time to discuss how AI is being deployed and leveraged, both in business and at home.”