Self-Repairing Endpoints: Closer to Reality

Candid Wüest, vice president of cyber threat research, Acronis
Author: Candid Wüest, vice president of cyber protection research, Acronis

Given the always-on and available-from-anywhere demands of modern business, there’s already enough to do for any service provider responsible for keeping a client’s IT infrastructure running – and that was before 2020 accelerated the digital transformation for so many organizations.

During 2020, more than a third of companies (35%) reported having to connect new devices to their network. With so many people working from home during the pandemic, many of those devices were employee-purchased and therefore not configured to ensure the security and privacy of the company’s data. Keeping those new endpoints – and the valuable data they hold – productive and protected adds to the complexity IT service providers must already manage.

One vision of IT’s future that’s been under development could simplify that complexity and reduce the time and effort needed to maintain that dispersed infrastructure – self-repairing endpoints.

The notion that an endpoint could reliably recover on its own following a cyberattack or a data loss event has been the stuff of dreams for managed service providers (MSPs) and sysadmins. A system could purge itself of malware, recover any damaged files, and close the vulnerability that enabled the attack – all without active engagement from the admin. Helpdesk tickets would be dramatically minimized, enabling the MSP to focus on other tasks, other clients, or activities that add value to their organization.

While the concept of self-repairing endpoints may have sounded like some vision of a far-off distant future, MSPs that are deploying cyber protection solutions to their clients are experiencing the early benefits of this next era of IT. That’s because the integration and automation that cyber protection provides are critical to making the vision of self-repairing endpoints a reality.

Integration is key

The core of cyber protection is the AI-enhanced integration of traditional data protection, cybersecurity, and endpoint management capabilities. That integrationg enables each of these facets to enhance and amplify the others – generating benefits that standalone solutions cannot achieve on their own.

Collecting regular backups as part of the data protection capabilities, for example, generates a tremendous number of samples of how an organization’s systems should operate when everything is normal. Using AI to analyze those clean samples enables the integrated cybersecurity technologies can more easily identify files or activities that are suspicious. That sharing of information also reduces the number of false-positives that can otherwise suspend normal operations and waste time for you and your clients.

The benefits of integration work both ways. During the past year, 31% of companies reported being targeted by cyberattacks every day. Unfortunately, as cybercriminals continue to industrialize their efforts with AI and automation, the frequency and sophistication of malware attacks will only increase. Since experts agree that no cybersecurity solution can block all attacks all of the time, inevitably one of the endpoints your reponsible for will be compromised.

At that moment, the question will be how quickly that endpoint can be recovered – because time is literally money, with every unexpected hour of downtime costing between $8,600 and $300,000 per hour, depending on the size of the client’s organization.

With individual solutions, recovering the system from backup is a manual, labor-intensive exercise. An integrated cyber protection solution, however, can pinpoint what files were affected in the attack and restore them automatically – getting the system back more quickly.

In addition, truly integrated cybersecurity capabilities enable a cyber protection solution to scan backup files for malware, ensuring systems are restored from a clean copy and eliminating the risk of reinfection and future downtime.

Smart patching for self-repair

While more effective anti-malware and automatic recoveries can help heal an endpoint, a truly self-repairing endpoint must go further to fix the underlying issue automatically – without requiring intervention from your team – to prevent it from happening again.

There are several strategies that can be employed, but automated patching illustrates how automation can reach that next level.

While there are a variety of reasons why regular patching is not always enacted, the result means that simply restoring a system isn’t enough. Too often, we hear from admins who tried to restore machines in a compromised network using a full disk image, only to be reinfected because a new worm malware was exploiting an unpatched vulnerability in the operating system.

Vulnerability assessments and patch management are important parts of Acronis’ cyber protection proposition, and central to the vision of self-repairing endpoints. To ensure safe recoveries, Acronis Cyber Protect automatically patches the vulnerabilities in the operating system or applications that enabled the attack to be successful.

Building on that integration, all protected systems benefit when one endpoint encounters an issue. If one device encounters new malware, all of the other protected endpoints are repaired – establishing instant immunity to the threat.

Moving toward self-repairing endpoints

Deliver on the promise of self-repairing endpoints is a major game-changer for the IT service providers that organizations rely on. In the end, they will reduce the complexity of managing and protecting the entire infrastructure while ensuring the MSP can deploy its IT resources optimally – increasing productivity and profitability.

Reaching that next level of endpoint security, however, requires embracing the IT discipline of cyber protection – because that is the only approach that makes the integration and automation necessary for self-repairing endpoints available to organizations of all sizes.

Author Candid Wüest is the VP of cyber protection research at Acronis. Read more guest blogs from Acronis here.