Not all AI-based cybersecurity is created equal. Organizations today need smarter AI-EDR.

According to industry findings and research, the shortage of cybersecurity workers has grown to 2.93m globally, with 2.14m in Asia Pacific.

Organizations worldwide were short-handed during the global shift to a distributed workforce, and cybercriminals are leveraging automation to mount attacks faster and with greater ease.

Even organizations with sufficient IT personnel are feeling the heat. The increase in cyber threats has meant that their endpoint security stack is more complex and difficult to manage than ever. The average organization may maintain up to seven different software agents on their endpoints.

As a result, even well-staffed IT teams are forced to wade through a burgeoning thicket of binary bloat and false alerts, diverting their attention from more critical enterprise pursuits. In fact, roughly one-third of analysts’ time is being spent on processing alerts that have already been reviewed, a huge drain on overall efficiency.

AI to the rescue? Not so fast

To address these issues, advanced endpoint detection and response software solutions have incorporated artificial intelligence, reducing the need for slow and error-prone manual vigilance over the endpoints.

AI-driven EDR offers organizations dramatic increases in cyberattack-fighting capabilities while allowing organizations to free up IT team resources from manual tasks.

Yet, the rules-based AI training process is not foolproof. Machine learning can yield false positives, depending on configuration, further straining IT efforts. Organizations must strive for a balance that minimizes false alerts while ensuring the detection of malicious activity.

Therefore, the advantages of typical AI-EDR are often predicated on strong data availability for proper training and human intervention to fine-tune the learning algorithms. And when things go wrong, all that speed and automation in detection and response can mean next to nothing.

Towards a smarter AI-EDR era

Clearly, rules-based AI for EDR is proving to be insufficient for certain use cases. Considering that cybercriminals have also worked hard using AI to develop new TTPs to defeat legacy signature-based AI-EDR, the good guys will need to up the ante.

This is where the paradigm of AI-driven detection and response can be modified to a ‘predictive prevention’ model. Instead of using AI for just dynamic detection and response, we can use that intelligence toward predictive prevention.

How?

 By approaching cybersecurity through a continuum of prepare, prevent, detect and respond, AI can be improved and focused on each area of defense. One company that has adopted this holistic approach is BlackBerry. It offers advanced solutions covering mobile and desktop protection, behavior and risk analytics, threat detection and hunting, and zero-trust network access. These tools can be combined to provide a powerful and complete suite of cyber protection.

• BlackBerry® Protect
  An AI-driven endpoint protection and mobile threat defense solution that does not require malware signatures, sandboxes, cloud connections or human intervention. As alightweight and lightning-fast agent, this module uses only a fraction of the CPU’s power compared to conventional AV solutions. Yet, it offers prevention of zero day vulnerabilities by inspecting all applications and files before execution. It runs on the endpoint without needing a network connection or signatures, it integrates well into the other solutions described here.
  
• BlackBerry® Optics
  BlackBerry Opticsis an EDR solution that extendsthe threat protection delivered by BlackBerry Protect. Using AI, the agent automatically detects and prevents security incidents through real-time threat detection. Rules governing the detection and reporting of suspicious activity can be customized, curated, or a mixture of both.
  
  Not only does BlackBerry Optics detect threats, it can also analyze how they entered the environment, and decide on the corrective actions needed. This on-demand root cause analysis is also part of the predictive AI defense strategy that is not available in conventional antivirus tools. In its latest revision, BlackBerry Optics also offers unique features such as advanced search capabilities for improved threat hunting, and flexible options for data retention.

• BlackBerry® Persona
  This AI-driven solution focuses on behavioral, location, access, and other non-file-based anomalies. By analyzing and learning each authorized user’s behaviour, this solution can detect unusual activity and increase vigilance. As needed, it can prompt for re-authentication, limit access to resources or systems, and learn new behaviors.
  
  In this way, BlackBerry Persona can provide protection that adapts to each user’s working style. It performs continuous authentication without disrupting workflow. When unusual activity is detected, it leverages learned data to weigh situational risks and takes proactive steps to protect the environment.

• BlackBerry® Gateway
  This solution monitors and guards network access with a modern zero trust approach that provides finer security control, improved user experience and enhanced functions for distributed workforces to access the office network.
  
  Being highly configurable, BlackBerry Gateway offers granular network access controls at an app level with built-in endpoint security. It allows administrators to set flexible policies that separate work apps from personal apps in remote-working situations.

These four solutions work in concert to provide a prevention-first, zero trust cybersecurity suite that is smarter, more secure and more intuitive. Compared to traditional AI-based EDR solutions, BlackBerry’s intelligent cybersecurity solution minimizes user frustration, maximizes flexibility with autonomous learning, and outperforms outdated signature-based solutions.