How close is the reality of self-repairing endpoints?

Acronis Cyber Protect Cloud
for service providers

The concept of self-repairing or self-healing endpoints holds tremendous appeal to any IT pro responsible for an organization’s cyber resiliency because they promise reduced complexity and better-deployed resources. In this article, which originally appeared in Information Security Magazine, Acronis VP of Cyber Protection Research Candid Wüest shows how many managed services providers (MSPs) and corporate sysadmins are already seeing the early benefits of self-repairing endpoints because they have adopted a cyber protection approach.

* * *

Taking the First Steps Toward Self-Repairing Endpoints

Considering the modern business demands for always-on, accessible-anywhere IT, anyone responsible for maintaining their organization’s IT infrastructure already has enough to do. Now that so many organizations accelerated their digital transformation in response to the coronavirus pandemic, many of those tasks have gotten more complicated.

As a result of the dramatically fast transition to remote work, 35% of companies around the world reported connecting new devices to their network. Yet, because many of those devices were employee-purchased, they were not necessarily configured in a way that kept company data secure. Ensuring every new endpoint kept their organization’s data private and secure created a new, more complex challenge for IT teams.

There is a vision of IT’s future that’s been floating around for a few years that could significantly simplify that complexity, while simultaneously cutting the time and effort needed to protect a distributed infrastructure. That concept is self-repairing endpoints.

So how close are we to self-repairing endpoints, really? Depending on your protection strategy, they’re actually closer than you might think.

Benefits of self-repairing endpoints

Sysadmins might think endpoints that can fix themselves in the wake of a data loss event or malware attack might sound too good to be true. After all, any system that could stop an attack, remove malware, restore damaged files and close vulnerabilities – all without the admin’s help – would make life so much easier. Helpdesk tickets would drop, allowing the IT team to focus on other value-added tasks.

Some organizations are starting to see what this promised reality will look like. By adopting a cyber protection approach to their IT strategy, they’re already accessing the kind of integration and automation that will be critical to bringing self-repairing endpoints to life.

Critical nature of integration

The IT discipline of cyber protection is powered by the AI-enhanced integration of traditional data protection with cybersecurity and endpoint management capabilities. Rather than using standalone solutions for each of these IT requirements, an integrated solution enables each of these facets to enhance the others – generating benefits that individual components cannot achieve on their own.

One example is the simple act of backing up regularly. As part of an organization’s regular data protection strategy, it creates numerous clean samples of how an organization’s systems should operate under normal conditions. Analyzing those samples using AI and feeding the results to the integrated cybersecurity capabilities enables the defenses to easily identify suspicious activities or files. Sharing that data also informs the anti-malware to better recognize approved processes, which reduces the number of false-positives that would otherwise waste the IT team’s time and create needless downtime.

The benefits of integration work both ways. During the past year, 31% of companies reported being targeted by cyberattacks every day. Unfortunately, as cybercriminals continue to industrialize their efforts with AI and automation, the frequency and sophistication of malware attacks will only increase. Since experts agree that no cybersecurity solution can block all attacks all of the time, an organization can expect one of the endpoints will eventually be breached. With every unexpected downtime costing between $8,600 and $300,000 per hour, depending on the size of the organization, the question then becomes how quickly that endpoint can be recovered.

With individual solutions, recovering the system from backup is a manual, labor-intensive exercise. An integrated cyber protection solution, however, can pinpoint what files were affected in the attack and restore them automatically – getting the system back more quickly.

Truly integrated cybersecurity also enables the cyber protection solution to scan backups for any existing malware that might be lurking. Removing those infections from a backup file before using it to restore the system eliminates the risk of reinfection and downtime.

Automating patches and self-repair

In addition to more effective anti-malware and automated recoveries, there are other cyber protection capabilities that will help power self-repairing endpoints. In order for an endpoint to heal itself, it must also automatically innoculate itself to prevent the incident from repeating – without requiring intervention from the IT team.

Multiple capabilities are needed to make this happen. One existing example is automated patching.

While regular patching does not always occur for a variety of reasons, the result is the same – using an unpatched backup to restore a system leaves gaps in the defenses. We often hear from admins who tried to restore machines in a compromised network using a full disk image, only to be reinfected because a new worm malware was exploiting an unpatched vulnerability in the operating system.

Incorporating vulnerability assessments and automated patch management is pivotal to making self-repairing endpoints a reality. This capability is already delivering benefits for organizations using cyber protection solutions like Acronis Cyber Protect, which automatically patches the vulnerabilities in the operating system or applications that contributed to an attack’s success.

Fast-tracking the path to self-repairing endpoints

Self-repairing endpoints represent a major security and protection advancement for organizations. For the sysadmins and IT pros that keep those organizations running, they will streamline managing and protecting the entire infrastructure and allow IT resources to be deployed more effectively – increasing productivity and reducing costs.

To benefit from that level of endpoint security, organizations should start embracing cyber protection now, because it is the only approach that makes the integration and automation necessary for self-repairing endpoints available to organizations of all sizes.

Candid Wuest
VP of Cyber Protection Research
Candid Wüest is the VP of Cyber Protection Research at Acronis, where he researches on new threat trends and comprehensive protection methods. Previously he worked for more than sixteen years as the tech lead for Symantec’s global security response team.

About Acronis

A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.