Taking the First Steps Toward Self-Repairing Endpoints

Considering the modern business demands for always-on, accessible-anywhere IT, anyone responsible for maintaining their organization’s IT infrastructure already has enough to do. Now that so many organizations accelerated their digital transformation in response to the coronavirus pandemic, many of those tasks have gotten more complicated.

As a result of the dramatically fast transition to remote work, 35% of companies around the world reported connecting new devices to their network. Yet, because many of those devices were employee-purchased, they were not necessarily configured in a way that kept company data secure. Ensuring every new endpoint kept their organization’s data private and secure created a new, more complex challenge for IT teams.

There is a vision of IT’s future that’s been floating around for a few years that could significantly simplify that complexity, while simultaneously cutting the time and effort needed to protect a distributed infrastructure. That concept is self-repairing endpoints.

So how close are we to self-repairing endpoints, really? Depending on your protection strategy, they’re actually closer than you might think.

Benefits of Self-Repairing Endpoints

Sysadmins might think endpoints that can fix themselves in the wake of a data loss event or malware attack might sound too good to be true. After all, any system that could stop an attack, remove malware, restore damaged files and close vulnerabilities – all without the admin’s help – would make life so much easier. Helpdesk tickets would drop, allowing the IT team to focus on other value-added tasks.

Some organizations are starting to see what this promised reality will look like. By adopting a cyber-protection approach to their IT strategy, they’re already accessing the kind of integration and automation that will be critical to bringing self-repairing endpoints to life.

Critical Nature of Integration

The IT discipline of cyber-protection is powered by the AI-enhanced integration of traditional data protection with cybersecurity and endpoint management capabilities. Rather than using standalone solutions for each of these IT requirements, an integrated solution enables each of these facets to enhance the others – generating benefits that individual components cannot achieve on their own.

One example is the simple act of backing up regularly. As part of an organization’s regular data protection strategy, it creates numerous clean samples of how an organization’s systems should operate under normal conditions. Analyzing those samples using AI and feeding the results to the integrated cybersecurity capabilities enables the defenses to easily identify suspicious activities or files. Sharing that data also informs the anti-malware to better recognize approved processes, which reduces the number of false-positives that would otherwise waste the IT team’s time and create needless downtime.

The benefits of integration work both ways. During the past year, 31% of companies reported being targeted by cyber-attacks every day. Unfortunately, as cyber-criminals continue to industrialize their efforts with AI and automation, the frequency and sophistication of malware attacks will only increase. Since experts agree that no cybersecurity solution can block all attacks all of the time, an organization can expect one of the endpoints will eventually be breached. With every unexpected downtime costing between $8600 and $300,000 per hour, depending on the size of the organization, the question then becomes how quickly that endpoint can be recovered.

With individual solutions, recovering the system from backup is a manual, labor-intensive exercise. An integrated cyber-protection solution, however, can pinpoint what files were affected in the attack and restore them automatically – getting the system back more quickly.

Truly integrated cybersecurity also enables the cyber-protection solution to scan backups for any existing malware that might be lurking. Removing those infections from a backup file before using it to restore the system eliminates the risk of reinfection and downtime.

Automating Patches and Self-Repair

In addition to more effective anti-malware and automated recoveries, there are other cyber-protection capabilities that will help power self-repairing endpoints. In order for an endpoint to heal itself, it must also automatically innoculate itself to prevent the incident from repeating – without requiring intervention from the IT team.

Multiple capabilities are needed to make this happen. One existing example is automated patching.

While regular patching does not always occur for a variety of reasons, the result is the same – using an unpatched backup to restore a system leaves gaps in the defenses. We often hear from admins who tried to restore machines in a compromised network using a full disk image, only to be reinfected because a new worm malware was exploiting an unpatched vulnerability in the operating system.

Incorporating vulnerability assessments and automated patch management is pivotal to making self-repairing endpoints a reality. This capability is already delivering benefits for organizations using cyber-protection solutions like Acronis Cyber Protect, which automatically patches the vulnerabilities in the operating system or applications that contributed to an attack’s success.

Fast-Tracking the Path to Self-Repairing Endpoints

Self-repairing endpoints represent a major security and protection advancement for organizations. For the sysadmins and IT pros that keep those organizations running, they will streamline managing and protecting the entire infrastructure and allow IT resources to be deployed more effectively – increasing productivity and reducing costs.

To benefit from that level of endpoint security, organizations should start embracing cyber-protection now, because it is the only approach that makes the integration and automation necessary for self-repairing endpoints available to organizations of all sizes.

Brought to You by

What’s Hot on Infosecurity Magazine?