Empowering MSPs: How Acronis uses AI in its products and our plans for the future

In the dynamic and ever-evolving digital landscape, the importance of cybersecurity cannot be overstated. With cyberthreats becoming more sophisticated, traditional security measures are often inadequate in safeguarding sensitive information. The integration of artificial intelligence (AI) in cybersecurity has ushered in a new era, offering advanced tools to detect, prevent and respond to cyberthreats.

Acronis has already integrated AI into a lot of functionality within its corporate and consumer products, but AI can be used in more areas of security to make them even more effective and easier to use. Let's take a look at where Acronis uses the machine learning (ML) models now and our plans for 2024 to expand the application of AI and ML to make Acronis products even more appealing for MSPs.

Acronis started to apply AI for anomaly detection in 2017 when we started to work on stack trace analysis to predict injections of malicious modules into any type of processes running in Windows OSs. That proved to work well. Soon after, we released AI-based Static File Analyzer — an engine that detects unseen variations of known malware samples. We expanded the usage of AI and ML technologies to behavior engine logs detection, which allows Acronis products to detect a wider range of suspicious activity based on behavior.

The AI also was helping to deal with other functionality that is not purely security-focused. With the help of AI, we are now checking that the backup was restored properly and was bootable. We also implemented disk health analysis to predict HDD and SSD failures in advance. An extension of it is AI-based monitoring that tracks a lot of metrics for anomalies to inform the admin if the system has any issues. It helps not only detect failing hardware, but also other various issues.  

With the development of generative AI, we introduced a Tech Support ChatBot as well as AI-based EDR incident summary generation. Instead of grappling with technical jargon, users and administrators receive clear and concise explanations of incidents, facilitating faster and more effective decision making. Both features were praised by our customers.

Not every company in the security industry possesses such an AI-enabled stack of functionality, but the Acronis stack continues to grow, and new functionality will be released in 2024. Let's take a look at the most interesting features we will deliver to our customers.

One of the most significant releases to come in 2024 is Acronis Copilot, a generative AI-based assistant that will make the lives of MSP admins easier and their work more efficient.

The main focus of AI in our Advanced Security solution is assistance with various parts of cybersecurity, including incident investigation, threat hunting and remediation. One significant advantage of integrating Conversation AI into EDR solutions is the improvement in incident response capabilities. AI-powered chatbots can engage in dynamic conversations with security analysts, helping to contextualize incidents and provide prompt, relevant information. This not only accelerates the decision-making process but also assists in devising effective strategies to mitigate and remediate security incidents in a timely manner.

For example, an admin can provide prompts or ask questions such as:

·       Show recent alerts for tenant User_XYZ in the past week.

·       Show graph of alerts by type.

·       Do any machines have unpatched vulnerabilities used in the wild now?

·       Where are there any unusual login attempts on User_XYZ machine?

·       What remediation actions should I perform for this incident?

In the case of remediation, Acronis Copilot will analyze the incident and propose suitable actions, e.g., delete file, add it to the blocklist, isolate the machine, and patch the workload (if there is a patch). The recommendations will have hyperlinks in the text that enable the admin to click to activate the suggested remediation. There will be an "Apply all suggested remediation" option as well, which will run all the above remediation actions.

Acronis generative AI will also assist with threat hunting later by helping to generate threat hunting queries based on natural language requests.

For example, instead of learning query language to perform a request such as WinProcCreate | where host_name == 'BNi-Kub' | group with [count() as new_count] | order new_count, a user can simply prompt: Write me a query to display all the WinProcCreate processes on 'BNi-Kub', order and count all the number of rows returned.

Day-to-day operations, like onboarding new customers, configuring products and providing support can be done more effectively with the help of AI. Thus, Acronis Copilot enables automation of tasks and operations related to managed services using natural language.

An admin’s life is made significantly easier with the use of scripts for routine operations. While Acronis already provides dozens in Acronis Cyber Protect, we plan to expand it exponentially by integrating AI into our Cyber Scripting engine. With the help of generative AI, an admin or user can simply describe what he needs in his native language and get a working script as a result. He can then immediately test the result in the product, easily add the newly generated script to the library of scripts, and distribute as needed. To generate a new script, a technician provides the instructions on what the script is supposed to perform when run. 

For more complex scripts, such as those in which some lines of code are already in the script body, AI-driven recommendations enable users to complete their work by providing a set of intricate instructions. As a result, MSPs can produce robust scripts in record time, with minimal effort.  

If a security incident is detected in the system, a technician can take quick action to mitigate it by generating a customized, AI-driven script directly from the Advanced Security + EDR console. For example, an admin can prompt:

Write me a script to collect all Windows events and output as a CSV file.

Or,

Isolate all the machines with these particular detection characteristics.

The main benefit here is timesaving: For example, as shared in Reddit Powershell community: “… I have a scheduled task script that disables users after 30 days of inactivity and writes those users to a Excel file that (to write a script) took about 1 hour total.” This is an easy case, but some scripts take weeks and months to complete. With Acronis AI Copilot, it will take minutes and maybe hours to polish and address some difficult cases.

For our Acronis Advanced Automation, we plan to save support time with AI-based semantic search of past tickets that feature descriptions that are similar to new tickets. It will enable the AI assistant to recommend resolutions based on already resolved tickets. Trials show that it is working well. Similar issues will be grouped by AI automatically and root cause analysis will be provided. AI also can identify the main reason for time-consuming issues and recommend a fix. AI will start analysis based on a defined list of different actions that can be done.

Incorporating AI into cybersecurity practices is not just a technological upgrade; it is a paradigm shift that fortifies organizations against an ever-evolving threat landscape. As security products become more complex, vendors like Acronis need to make them easier to use to increase productivity and reduce possible mistakes.

With the ability to learn, adapt and respond in real time, AI is proving to be an indispensable ally in the ongoing battle against cyberthreats. As organizations embrace AI-driven cybersecurity solutions, they pave the way for a more secure and resilient digital future. The fusion of human expertise with the power of AI marks a new era in cybersecurity in which proactive defense and adaptive strategies become the cornerstone of digital protection.