VentureBeat presents: AI Unleashed – An exclusive executive event for enterprise data leaders. Network and learn with industry peers. Learn More
Most organizations have no idea how many exposed, out-of-date endpoints they have or whether their remote and hybrid workers are safe. IT and security teams are often overwhelmed with work and conflicting urgent priorities. Unfortunately, it often takes an intrusion or breach for patching to become a priority.
Attackers know network weak spots better than admins
Cybercrime gangs and state-sponsored Advanced Persistent Threat (APT) threat actors who have launched the largest breaches in history — including the A.P. Møller-Maersk ransomware attack — often understand a target’s network better than admins. Whoever owns identities owns the business, and as devastating ransomware attacks show, threat actors are brazen about shutting an entire business down to meet demands.
Complacency kills, especially when it comes to understanding where endpoints that remote and hybrid workers rely on are, and whether they’re current or not. More than half (60%) of enterprises know less than 75% of the endpoint devices on their network. Only 58% can identify every attacked or vulnerable asset on their network within 24 hours of an exploit.
Commonly, organizations can’t identify up to 40% of their endpoints. Being complacent about where endpoints are and whether they’re patched is like leaving the doors of a home unlocked while on vacation.
An exclusive invite-only evening of insights and networking, designed for senior enterprise executives overseeing data stacks and strategies.
Ivanti’s 2023 report New Imperatives for Digital Employee Experience found that only 43% of IT professionals are currently using unified endpoint management (UEM), making it one of the most underutilized systems SecOps and IT Service Management (ITSM) for protecting remote and hybrid workers. The report explains why a holistic digital employee experience (DEX) strategy is core to building a strong vulnerability management posture and improving patch management at scale.
Overdue patch updates make remote and hybrid workers a soft target
Patching is one area where IT teams procrastinates. Nearly three-quarters (71%) of IT and security teams say it is overly complex, cumbersome and time-consuming, and 57% of those same professionals say remote work and decentralized workspaces make patch management even more challenging.
A breach, intrusion or external event triggers patch management activity in the typical enterprise 61% of the time. IT and security teams are caught off-guard, go into react mode and immediately prioritize patch management to limit the breach. Just over half the time (58%) it’s an actively exploited vulnerability that again pushes IT into a reactive mode.
Absolute Software’s 2023 Resilience Index confirms what VentureBeat hears anonymously from SecOps teams who admit that patch management isn’t a priority until a breach occurs. Absolute found that 52% of endpoints aren’t fully patched or updated, and the longer a remote or hybrid employee’s laptop goes without a reboot, the more vulnerable they are to an attack.
The typical endpoint is also nearly three months behind on patches (85 days) and has an average of 126 vulnerabilities, 54 of those critical. The typical remote endpoint has 77 applications installed.
Dark web best-sellers
Today, the dark web’s best-sellers are apps and tools designed to defeat what little security remote and hybrid worker threat surfaces have. They include Remote Desktop Protocol (RDP) kits and popular products include keyloggers, trojans, phishing kits and other malware designed to steal privileged access credentials from remote workers. Credentials are then used to gain access to VPNs and internal systems.
Generative AI-based VPN, vulnerability and exploit tools are also a best-seller, including malware to target popular VPN clients and custom plugins/tools to intercept VPN traffic and bypass corporate VPN security controls. The dark web’s fast-rising best sellers include ransomware-as-a-service, FraudGPT, hacker-for-hire programs and gen AI-based tools designed to launch living-off-the-land (LOTL)-based attacks.
Rogue attackers, cybercrime gangs, syndicates that operate globally and state-sponsored APT groups see an opportunity to cash in on providing the next generation of attackers with tools. In the last three years, innovation on the dark web has led to a 238% rise in attacks aimed at remote workers.
How AI-powered patch management protects remote and hybrid workers
One of the most compelling reasons to consider automating patch management with AI and machine learning (ML) is to close the gaps found in years and decades-old common vulnerabilities and exposures (CVE) that attackers weaponize. Leading providers of patch management solutions include Automox, Canonical, ConnectWise, Flexera, Ivanti Neurons for Patch Intelligence, Kaseya, ManageEngine, Syxsense and Tanium.
“With more than 160,000 vulnerabilities currently identified, it is no wonder that IT and security professionals overwhelmingly find patching overly complex and time-consuming,” Srinivas Mukkamala, chief product officer at Ivanti, told VentureBeat. “This is why organizations must utilize AI solutions … to assist teams in prioritizing, validating and applying patches. The future of security is offloading mundane and repetitive tasks suited for a machine to AI copilots so that IT and security teams can focus on strategic initiatives for the business.”
Below are some key use cases of AI-powered patch management protection.
Relying on AI to automate patch deployments in real time
What’s significant about this use case is how it’s being architected to be VPN-independent. CISOs say this alleviates a major roadblock for their help desks and and ITSM teams. AI models are used to determine the best or optimal deployment timing and orchestrate network-ride rollouts based on device availability, usage patterns and contextual intelligence.
More autonomous, intelligent patch prioritization
In this use case, AI and ML algorithms analyze all available vulnerability data, asset context, threat intelligence and business criticality to prioritize the most urgent and high-risk patches for remote devices. Ivanti Neurons for Patch Intelligence is considered a leader in this area, according to interviews VentureBeat has had with CISOs and security professionals. CISOs also mention CrowdStrike Falcon’s ability to integrate vulnerability management and threat intelligence, then use AI to prioritize patches.
Improving real-time endpoint visibility and control
The lack of visibility and control of manual and legacy approaches fall short. Security teams tell VentureBeat that pilots of new AI-based patch management systems not only deliver accurate patch inventories for devices, but also report back hardware and full device configuration. Self-healing endpoint providers offering patch management are seeing sales in this area despite economic uncertainty in the broader market.
Deliver predictive patch scheduling at scale
Using AI to identify optimal time windows to perform patches and automatically act on them alleviates one of the most time-intensive burdens for help desks and ITSM teams. CISOs say this use case alleviates the need for a fire drill if their managed detection and response (MDR) provider spots a potential intrusion aimed at a weak patch update, or if their endpoint systems determine an intrusion attempt on a CVE. Predictive patch scheduling predicts the optimal maintenance window for each remote employee based on observed usage habits and connectivity strength.
Getting digital experiences right is table stakes for patch management
There are eleven factors that CISOs and CIOs find most challenging when it comes to improving digital experiences that support stronger vulnerability and patch management. The following table compares those factors with what VentureBeat has learned from CIOs and CISOs. The fourth column shows the results of the Ivanti study emphasizing the importance of each factor.
For organizations considering automating patch management, it’s important to consider it more as a roadmap and less as a band-aid or quick fix. Making patch management as part of the DNA of a company is critical, especially with attackers studying CVEs for any weaknesses they can quickly weaponize.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.