KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
And the first thing we will do is we have a panel about redefining endpoint security, the role of AI and machine learning. And as it is, it's quite common for, for a hybrid conference. We also have a hybrid panel.
So on, on, on one side of me, that's in a different way displayed to you. We have Dr. KARE who is co-founder and CEO of severity. Welcome custom. Yeah. Welcome. Thanks for having me. And then we have from Langford for Sentinel one, a global security advocate. Sounds a really great shop description. I Know they, they let me make it up myself. Yeah.
And, and, and so I think we, we probably best go for, for a quick round of introductions and with this very smart title you have, maybe you start and, and maybe give a little bit of background on your brief background on your personal and maybe sort of an intro statement on how you think about the role of AI and machine learning for endpoint security. Yeah. So my name is Tom Langford. I am what they call a recovering CSO.
When I, I was a CSO for a large global marketing advertising communications group, holding group of companies. I then subsequently went on and ran my own security information, security consultancy, and I'm now security advocate for Sentinel one vendor, which is a very interesting move for to, to that side of the table, but, but a fun one. Nonetheless, I think my, my opening gambit on AI and machine learning and endpoint security is fairly simple. The criminals, not cyber criminals, they're just criminals.
The criminals are using machines to attack us and they, and those machines are attacking us at machine speed. And we are responding by throwing more and more interns and graduates at this problem, which is not I, however little you decide to pay an intern. They still won't work at machine speed. They still work at human speed. So I think that the introduction of AI and ML into any kind of endpoint protection is an inevitability and a good one. And it's the way to go. It is not a panacea, but it is absolutely a significant weapon within our arsenal in the fights against criminals. Okay.
Cast so brief interaction of yours and your perspective. Yeah, my name's cast, I'm a physicist and I, it happened that I also worked for the voter economic forum and the virtual economic forums. They have the theme of this fast industrial revolution, which is fusion of technologies, machine learning, AI, cryptography, blockchain, IOT, cyber-physical systems, all kind of things. I think the problem Thomas describing is even getting worse because now we fusion of technology.
Tsunami of new technologies was blended with all kind of digital agents and the forcedness solutions defined as fusion of technologies. We have to deal with this and then bridging the physical, biological and digital spheres. Everything is connected with everything else in the, in the cyber physical world. And when everything is connected with everything else, I think the problem gets even worse because in traditional endpoint security identity and access management. So we are thinking more from a closed system perspective.
Like I have a system, I have a IM system and can provide access talking. And then my employees, my, my vendors, they get access to something. But now in this, in this first industrial solutions cyber-physical systems, endpoint security is much, much more important. And now we're even moving from open from, from, from, from closed systems to open systems. And Gartner is describing this from a different perspective as dynamically defined cyber-physical value chains. Yeah. They have dynamically defined cyber-physical value chains and open systems.
I need, we need to bring the endpoint security to an entire new level. Okay. A lot of passwords in this one term at the end, but I think you're bringing in two, brought up to interesting perspectives. The one is the perspective of complexity from you, Carson. So we were not thinking in, in a traditional world anymore. And I think this is something which is happening everywhere around identity and security. So it's a trust, had a conversation. Traditional privileged access management was, well, we have to server. We secure that server right now.
We, we have the workloads in the cloud, which are dynamically changing. The things are different relations are complex and you, some of you brought up this point of it's about speed. It's about not a human doing something in a stable manner. That's also where these things come together, but it's, it's permanently changing and, and we need to need to bring speed. So the question, and this is, I think the theme of this panel is AI and ML the solution, or is it part of the solution, which are, I believe two, two different things. And if it's only part of the solution, what else does it need?
Do you wanna start? Yeah. So I think that, I think it's a good, good, good opening statement or question because what can an AI or machine learning algorithm do? I think the machine learning algorithm needs also some information about authenticity and integrity of data that the machine learning algorithm is processing. Yeah. For example, is my counterparty. I would like to provide access to an API to service or to data. So who's my counterparty. Can the counterpart prove who it is? Is the machine maybe a machine wants to access my, my EIP system. Yeah.
So how do I know it's a machine of a Bosch subsidiary? How do I know the Bosch subsidiary is part of Bosch and who sets that Bosch's Bosch? Yeah.
From, from this perspective. So we have to work with a lot of task chains and the machine learning algorithms should be able kind of to process a trust chain and to check the authenticity and integrity of, of data, especially of authentication and authorization credentials. And I think that's, that's entirely new perspective. Yeah.
That's, that's relevant. And I think coming from machine learning perspective, when, when, when I get a lot of data from my counterparty, I can get identity, data, authorization, data. I can lifecycle provenance data, all kind of data. Then as machine learning algorithm and have to have the tools to check authenticity and integrative of the data, and then to work with a lot of probabilities because each of these, yeah, trust frameworks, that's kind of providing some information about the counterparty can be hacked, can be manipulated at one, one part of the anti trust framework.
And for that reason, I have to work with a lot of probabilities and then make an informed decision as a yeah. As a machine learning algorithm that then providing access to a machine or to a, to a service. Okay.
So Yeah, so I, it, it, isn't the panacea to the problem. AI and ML is a, like I said earlier, a very important tool in the arsenal to have, I think it can address vast amounts of noise that the sock has to deal with.
So, and, and anybody who's worked in a sock knows that it's a godless soulless place. They're normally dark loads of screens. If you're unlucky enough, you've got a wall of glass behind you where visitors can go at, you possibly even feed you occasionally.
But it's, and like I said, staffed by very junior people who work awful hours and have to do, you know, chase down so many false positives that it becomes incredibly difficult to actually do the job. And I think what AI and ML can do within this kind of environment is empower people to do more of what they're employed to do.
They're, they're employed to investigate, to make, you know, deductive leaps in wondering where something started and where something finished or what happens next. AI and ML can do a lot. It can cover 80% of the challenges we face and can also also remediate as well, or, you know, autonomously. It can take away all of that crap and allow humans to do what they do best help them actually do more for the business and deliver security in whatever form that might be, but deliver security for the benefits of the business, rather than just chasing down false positives Everywhere.
And I like this, by the way, the, the visitor who feeds you is called pizza delivery service. Yeah. That's right. Yeah. Or a client Or a client. Yeah. But the client usually doesn't bring in the food.
No, that's true. That's true. That's true. And anyway, I think there are some, some interesting points on that. And the one is the value of AI and MLS in, in helping you reducing the noise in filtering and reducing what you need to look at. And I think this aligns well with, with a picture I've used quite a couple of times where I say this is a pyramid at topics, black events, and we have CRA events and we have wider ones. I don't care much about why and black events, black events, if you know, it's bad, we can deal with it.
The problem is the gray area, and this is where AI and ML really must help you. I think the other point, which I found very interesting is, is the authenticity discussion. We also have a, a question that, that soon and the point, which might be worse to look at is, do we also need to bring in these things together with, with other types of the Delta help of us around authentic city. So with some, I've been sitting in a discussion around decentralized identities and stuff like that.
And, and also organizational identifiers, like the G L E I F life foundation, which, which issues globally identifiers for organizations and, and the third thing isn't, this goes, I think also to, into authenticity and into security is, is clearly also because authenticity we need, because there's also the risk. So for understanding, in fact, also because there's the risk that someone tries to fake DMI, the AI to, to deliver wrong things.
So what, what are your thoughts on that? So we, we have done, I think I fully agree. You mentioned the gly and so verifiable legal entity, identifier, GS one is kind of jumping on the same BEWA they have GNS and party GNS, and then we have a trust domain, a gly trust domain, a GS one trust domain, maybe some domain specific trust domains, a company has credentials and can, can share these credentials with some API endpoint control plane. So that's the control plane can make decisions.
Whether a system really belongs to a company with the V I, so I Tru believe this is kind of an intersection of the endpoint securities machine learning with all the trust frameworks and that's especially what, what also guy exists about kind of to blend this technology together. And, yeah. Coming back to a question, maybe I ask the question again, cause want to say something. The question was, the question was very long. I have to admit, Say, yes, Sorry for that. Sometimes this happens and, and two or three who know me are arriving in the room.
I think I have a, have a name for a long reputation. No, no about Anyway, but I think that the point is bringing together. And the other thing is, do we need the authentic city to sure that the AI isn't, But what, what we see in us, and that's also recurring theme on your conference is zero test architecture that people blend endpoint security with zero test architecture principles with all the identity and task frameworks, and very verify with credentials. I think that's, that's what people are actually doing right now to kind of, to try to solve these problems for open systems.
And I wanted to say something, I think we, we have, we've done something with BMW and this was Providence of machine learning labels. So something very, very simple setup. I have a car and then I have a machine learning algorithm, I, as a consumer of machine learning algorithm, output labels. Yeah. I would like to, for example, for dangerous driving event, dangerous driving events are important because these information are fed into driver assistance systems are fed into auto.
Autonomous driving backend are fed into traffic controlled systems, even insurance, insurance, propositions, whatever they are. But when I would like to consume a dangerous driving event, I must know, can I trust the machine learning algorithm who deployed it? Was it benchmarked? So who developed it? So I need some Providence about the machine learning AISM because even the machine learning algorithm could, could have been kind of manipulated in addition. So it gets work best dangerous driving event data for machine learning algorithm.
But then I need to know who fed the machine learning algorithm was the BMW of fake BMW. And that's, that's what people call data Providence.
And so we, we, we have seen a couple of these, let's say initial prototypes field tests where people are combining the, the IOT data machine learning algorithm. So trust framework to really have the Providence, because especially as you said, so how, how do I trust the machine learning algorithm?
I, I need to have some, some tools and instruments in place to make sure it's authentic. And this there's another point.
So we, we, we are just having couple of discussions with some telcos and they're preparing now for six G. Yeah. And in six GS there's ship, shipload of more software defined network network function, virtualization. So which means the entire security network architecture is more and more software deployed in the cloud, deployed in the edge and so on. Okay. Maybe we make a short break here and give thumb an opportunity to say also something after my long question, your long answer, it's up To you right now for an even longer answer.
So to pick up on a point in a Caston said earlier, you know, we talk about zero trust. It's also here today, et cetera.
It's, it's almost like there isn't one single thing that's going to fix all of our security problems. Despite what many vendors will tell you, right? It's almost like we have to put a whole bunch of things in. We have to have some, some element of AI and ML. We have to have zero trust. We have to have, I dunno, a, a strong vulnerability and patch management program. We have to have a strong education awareness program. All of these things, plus a hundred other things come together into, into making probably imperfect security, but hopefully good enough security.
And I think, you know, we, we are putting a lot of emphasis on AI and ML right now because AI is, and I'm gonna get shot by my marketing people for saying this. But AI is a marketing term, at least in the terms that we are talking about. We're not about to have to bow down to our robot over Lords. Although if we are, you know, I I'd like to say I'm, you know, definitely an advocate, but we're not about to bad our, our AI overloads because the AI we are talking about is AI within a very, very specific area.
It's an intelligence within the area of finding false positives of, you know, actually ascertaining what is bad traffic on the network, cetera, cetera, cetera, very isolated. Yeah. Maybe we should call it augment augmenting intelligence instead of Absolute intelligence. Absolutely. Unfortunately much like the term cyber it's been accepted by the global, the, the globe. You ask any security professional, they hate the term cyber, but frankly, everybody else knows what it is.
So we are going to have to cyber all the things after all, and we're gonna have to AI all the things and the other thing that AI, and to come back to AI again, and I wanted to pick up on an earlier point was criminals are using ransomware as a service more and more and more and more. That means they can just push these, these attacks out in an automated fashion. We need to be able to respond in that automated fashion because otherwise we just get overwhelmed.
So it, this is to, to, to take a, an American term, this is the basic blocking and tackling, as they say, this is getting the fundamentals out of the way so that we can look at the edge cases and the stuff that's going to really do us harm. Okay. We have one question here from, from our online audience, which goes back also to the thing we, we were discussing, which is, and I'd like to get brief answers from the two of you is true content authenticity possible without the use of another press word, confidential computing who wants to start Again? Okay.
Carl, I'm not sure I understand the question. Okay. I don't know. Okay. Confidential computing at the end is this term used for, at the end, having stuff always encrypted also when it's processed. So like MOIC encryption and things like that Computation. So basically I think, yeah, in terms of, so what I think there are couple of security researchers such as Avast and the hypothesis is, and when we would like to fix the identity problem, you know, then we probably need to blend a couple of technologies and multiparty computation is one of it. And I can give you one example.
You can use multiparty computation for protecting private keys for key management. And if I have three party multiparty computation, I only need to trust one of the node. I can put one of the node in my, on premise data center and protected. But then if I do this, I can move around the software cloud and edge. And multipart competition helps me to do this. I think I personally think, yes, this is, this is probably tools. This brings security to the next level where having said this, it's still early days. Yeah. To really balance this technology here.
And the only people who use it right now as a crypto exchanges to protect private keys of big cook wallet. But at least to see that technology is adopted there. So it is something which will help us in the future. But now any questions from the audience in the room. Okay. We can take one.
I have to, okay. Yeah. Caston it's of a car first. When are you coming over for drinks? Second question though, to the whole panel is we're dehumanizing the process. And as Tom was saying, this is probably a good thing, but how do we make that acceptable to our users? Very slowly and very carefully. You're absolutely right. But we've seen this throughout the decades of machinery, replacing humans, all that sort of thing.
Even, you know, back from the printing press and even before then. And certainly in the seventies and eighties, when I grew up watching car manufacturers move to robots and thought it was the coolest thing ever, and didn't really worry about the human cost. But I think what it allows us to do is to just focus on the important things and let the noise be dealt with.
And I think if we, to our users, if we emphasize the fact that actually we can spend less be more effective and allow you to do your jobs more effectively with less, less interruptive processes, less chance of your machine having to be rolled back or even deleted and started again, less chance of you giving money to your boss on holiday, you know, transferring 40,000 pounds, cuz they sent you an email saying, send me some money. There's less chance of that. I think they almost won't care And it's it's body augmentation. So custom some and all the audience. Thank you very much for already.
At the end of the time we had.
