5 ways AI-driven patch management is driving the future of cybersecurity

Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More


Patch management approaches that aren’t data-driven are breaches waiting to happen. Attackers are weaponizing years-old CVEs because security teams are waiting until a breach happens before they prioritize patch management.

Cyberattackers’ growing tradecraft now includes greater contextual intelligence about which CVEs are most vulnerable. The result: Manual approaches to patch management — or overloading endpoints with too many agents — leaves attack surfaces unprotected, with exploitable memory conflicts. 

Meanwhile, attackers continue honing their tradecraft, weaponizing vulnerabilities with new techniques and technologies that evade detection and can defeat manual patch management systems. 

Event

Transform 2023

Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.

Register Now

If you need even further proof that relying on manual patching methods doesn’t work, think about this: 20% of endpoints after remediation are still not current on all patches, leaving them vulnerable to breaches again.

“Patching is not nearly as simple as it sounds,” said Dr. Srinivas Mukkamala, chief product officer at Ivanti. “Even well-staffed, well-funded IT and security teams experience prioritization challenges amidst other pressing demands. To reduce risk without increasing workload, organizations must implement a risk-based patch management solution and leverage automation to identify, prioritize and even address vulnerabilities without excess manual intervention.”

Vendors fast-tracking risk-based vulnerability management and AI  

CISOs tell VentureBeat that legacy patch management systems are part of their tech stack consolidation plans because of risk-based vulnerability management (RBVM), an approach that provides greater efficacy and is quicker to deploy because it’s cloud-based. AI-based patch management relies in part on algorithms that need a continual stream of data in order to keep “learning” and assessing patch vulnerabilities. Look for leading vendors that are several product-generations into their AI and machine learning development to set the pace of the market.  

The GigaOm Radar for Patch Management Solutions Report highlights the technical strengths and weaknesses of the top patch management providers. Because it compares vendors in the market segments served by deployment models and patch coverage and assesses each vendor, this a noteworthy report. The report analyzed vendors including Atera, Automox, BMC Client Management Patch powered by Ivanti, Canonical, ConnectWise, Flexera, GFI, ITarian, Ivanti, Jamf, Kaseya, ManageEngine, N-able, NinjaOne, SecPod, SysWard, Syxsense and Tanium.

GigaOm Radar for Patch Management Solutions Report
The GigaOm Radar plots vendor solutions across a series of concentric rings, with those set closer to the center judged to be of higher overall value. The chart characterizes each vendor on two axes balancing Maturity versus Innovation and Feature Play versus Platform Play while providing an arrow that projects each solutions evolution over the coming 12 to 18 months.<br /> Source: GigaOm Radar for Patch Management Solutions Report

It takes a breach to break a reactive checklist mentality 

CISOs from leading insurance and financial services firms tell VentureBeat anonymously that the urgency to patch endpoints and mission-critical systems typically begins only when a system is breached due to down-rev patches on endpoints. It’s a reactive, not prescriptive reflex, as one CISO confided to VentureBeat recently. Often it takes a significant event, whether an intrusion, a breach of a mission-critical system or the discovery of stolen access credentials, to escalate the necessary patching work. 

What CISOs are telling us is consistent with Ivanti’s State of Security Preparedness 2023 Report. Ivanti found that 61% of the time, an external event, intrusion attempt or breach reinitiates patch management efforts. Though organizations are racing to defend against cyberattacks, the industry still has a reactive, checklist mentality. More than nine out of 10 security professionals said they prioritize patches, but they also said all types rank high, meaning none does.

Ivanti's State of Security Preparedness 2023 Report
Cybersecurity teams need a more efficient, scalable system for prioritizing patch management that automates the process with more significant insights and intelligence so teams can better share the workload.<br /> Image source: Ivantis State of Security Preparedness 2023 Report

5 ways AI-driven patch management is shaking up cybersecurity

Automating patch management while capitalizing on diverse datasets and integrating it into an RBVM platform is a perfect use case of AI in cybersecurity. Leading AI-based patch management systems can interpret vulnerability assessment telemetry and prioritize risks by patch type, system and endpoint. Risk-based scoring is why AI and machine learning are being fast-tracked by nearly every vendor in this market.

AI- and machine learning-based vulnerability risk rating or scoring deliver the insights security teams need while prioritizing and automating patching workflows. The following are five of the top ways AI-driven patch management is redefining the future of cybersecurity:

1. Accurate real-time anomaly detection and prediction — a first line of defense against machine-speed attacks

Attackers rely on machine-based exploitation of patch vulnerabilities and weaknesses to overwhelm perimeter-based security at endpoints. Supervised machine learning algorithms, trained on data, identify attack patterns and add them to their knowledge base. With machine identities now outnumbering human identities by a factorof 45, attackers see breach opportunities in endpoints, systems and assets not protected with the latest patches.

Ivanti’s Mukkamala told VentureBeat in a recent interview that he envisions patch management becoming more automated, with AI copilots providing greater contextual intelligence and prediction accuracy.

“With more than 160,000 vulnerabilities currently identified, it is no wonder that IT and security professionals overwhelmingly find patching overly complex and time-consuming,” Mukkamala said. “This is why organizations need to utilize AI solutions … to assist teams in prioritizing, validating and applying patches. The future of security is offloading mundane and repetitive tasks suited for a machine to AI copilots so that IT and security teams can focus on strategic initiatives for the business.”

2. Risk-scoring algorithms that continually learn, improve and scale

Manual patching tends to fail because it involves balancing many unknown constraints and software dependencies simultaneously. Consider all the factors a security team needs to deal with. Enterprise software vendors can be slow to issue patches. There may have been incomplete regression testing. Patches rushed to customers often break other parts of a mission-critical system, and vendors often don’t know why. Memory conflicts on endpoints also happen often, degrading endpoint security.

Risk scoring is invaluable in automating patch management. Assigning vulnerability risk ratings helps prioritize and manage the highest-risk systems and endpoints. Ivanti, Flexera, Tanium and others have developed risk-scoring technologies that help streamline AI-based patch management.

VRR
VRR is a score between 0 and 10 that indicates a vulnerabilitys risk to an organization or business. The higher the risk, the higher the VRR. Ivanti Neurons assigns a VRR to a vulnerability by identifying its threat factor and base score. Source: <a href="https://help.ivanti.com/iv/help/en_US/RS/vNow/How-Vulnerability-Risk-Ratings-VRR-Are-Used.htm#:~:text=VRR%20represents%20the%20risk%20posed,and%20determines%20the%20base%20score." target="_blank" rel="noreferrer noopener">Ivanti</a>

3. Machine learning is driving gains in real-time patch intelligence

CISOs tell VentureBeat machine learning is one of the most valuable technologies for improving vulnerability management across large-scale infrastructure. Supervised and unsupervised machine learning algorithms help achieve faster SLAs. They increase the efficiency, scale and speed of data analysis and event processing. And they help with anomaly detection. Machine learning algorithms can provide threat data for thousands of patches using patch intelligence, revealing system vulnerabilities and stability issues. All this makes them valuable in countering security threats.

Leaders in this area include Automox, Ivanti Neurons for Patch Intelligence, Kaseya, ManageEngine and Tanium.  

4. Automating remediation decisions saves IT and security teams valuable time while improving prediction accuracy

Machine learning algorithms improve prediction accuracy and automate remediation decisions by continuously analyzing and learning from telemetry data. One of the most fascinating areas in this field of innovation is the rapid development of the Exploit Prediction Scoring System (EPSS) machine learning model, created with the collective wisdom of 170 experts. 

The EPSS is meant to help security teams manage the growing number of software vulnerabilities and identify the most dangerous ones. Now in its third iteration, the model performs 82% better than previous versions. “Remediating vulnerabilities by faster patching is costly and can lead astray the most active threats,” writes Gartner in its report Tracking the Right Vulnerability Management Metrics (client access required). “Remediating vulnerabilities via risk-based patching is more cost-effective and targets the most exploitable, business-critical threats.”

5. Contextual understanding of endpoint assets and identities assigned to them

Another fascinating area of AI-based patch management innovation is how quickly vendors are improving their use of AI and machine learning to locate, inventory and patch endpoints that require updates. Each vendor’s approach is different, but they share the goal of replacing the outdated, error-prone, manual inventory-based approach. Patch management and RBVM platform providers are fast-tracking new releases that increase predictive accuracy with improved ability to identify which endpoints, machines and systems require patching.

Applying machine learning algorithms throughout the lifecycle 

Automating patch management updates is the first step. Next, patch management systems and RBVM platforms are integrated to improve version control and change management at the application level. As supervised and unsupervised machine learning algorithms help models identify potential anomalies early and fine-tune their risk-scoring accuracy, organizations will gain greater contextual intelligence.

Today, so many organizations are in catch-up mode with respect to patch management. For these technologies to deliver their full potential, enterprises must use them to manage entire lifecycles.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.

Source