Security Experts:

Connect with us

Hi, what are you looking for?


Endpoint Security

Self-Healing Cybersecurity Systems: A Pipe Dream or Reality?

Cybersecurity has been a priority for organizations for many years. According to Gartner, organizations are expected to spend $150.4 million on IT security and risk management technologies in 2021, which would reflect a 12.4 percent increase compared to 2020. Yet, despite these investments in security controls, cyber-attacks keep coming.

Cybersecurity has been a priority for organizations for many years. According to Gartner, organizations are expected to spend $150.4 million on IT security and risk management technologies in 2021, which would reflect a 12.4 percent increase compared to 2020. Yet, despite these investments in security controls, cyber-attacks keep coming. In fact, cyber criminals took advantage of the shift to a pandemic-defined work environment by launching a wave of new cyber-attacks, leveraging tactics such as phishing, ransomware, and credential stuffing. Their primary target for their attacks – remote workers and their endpoint devices, which serve as an access point to an enterprise’s network. 

Ensuring that the increased number of remote endpoints are kept secure and avoid becoming an entry point for hackers to compromise the network, is overwhelming for many IT teams. They are often allocated to big-ticket items such as servers and cloud-based databases to protect. Thus, it is not surprising that the concept of self-healing cybersecurity systems is appealing to many IT and security professionals, as they are seeking ways to cut the time and effort needed to protect distributed infrastructures. So how close are we to self-healing cybersecurity systems? 

When establishing visibility and security controls across endpoints, IT and security professionals need to understand that each endpoint bears some or all responsibility for its own security. This is different from the traditional network security approach, in which case established security measures apply to the entire network rather than individual devices and servers. At a minimum, organizations therefore should deploy simple forms of endpoint security like anti-virus or anti-malware software across their entire fleet of devices. Many organizations are going beyond these simple measures and nowadays leverage modern endpoint security technology that encompasses encryption, intrusion detection, and behavior-blocking elements to identify and block threats and risky behavior, either by end users or intruders.

Self-Healing Cybersecurity Systems Defined

However, human error, malicious actions, and decayed, insecure software, often impede the efficacy of these security controls. Thus, Forrester Research recommends taking a pro-active approach to endpoint security by leveraging self-healing capabilities for endpoint devices, mission-critical security controls, and productivity applications. According to the 2021 Absolute Endpoint Risk Report (PDF), in organizations without these self-healing capabilities in place, one in four endpoint devices reported unhealthy applications at any given time, including critical protections.

Self-healing cybersecurity systems are devices or software components that can sense they are not operating optimally and, without human intervention, make the adjustments needed to resume normal operations. This can be achieved through pro-active monitoring to quickly gauge deviations from standard configuration settings and either repair or re-install the impeded component to revert the system back to a steady-state. This is at least the promise of self-healing cybersecurity systems that is being promised by many security vendors to appeal to their buyer’s needs for automation. Unfortunately, reality does not always match the hype. Therefore, IT and security teams should conduct due diligence before investing in a self-healing technology.  

Beware the Different Flavors of Self-Healing

Nowadays, many security vendors offer solutions that scan the endpoint and/or installed software components for any signs of decay, software collision, and potential or actual breach. Anomalies are discovered based on comparative analysis with a prior established baseline or behavior-based detection to trigger automated remediation actions. Obviously, these self-healing capabilities offer tremendous benefits to IT and security teams when it comes to improving their help desk services, asset management, or security control efficacy. 

However, what ultimately differentiates self-healing cybersecurity systems is their relative level of ability to prevent the same factors that they are built to protect against – human error, decay, software collision, and malicious activities. In the end, they are just another software application. It is therefore important to select solutions that can persist in the face of hostile external factors. To achieve this state of hardening, self-healing capabilities should be embedded in the firmware of the endpoint, shielding it from any intentional or unintentional manipulation. In turn, whenever an end user starts their endpoint, the self-healing technology should validate the integrity of the BIOS code to safeguard the computer from external compromise, making it undeletable and therefore superior to self-healing technologies that are not rooted in the firmware of the endpoint. The device’s firmware is a relatively privileged location that requires close partnerships with device manufacturers to gain access to. Few vendors will have this privilege. 


Making each endpoint resilient is paramount to implementing a successful defense strategy. In this context, self-healing cybersecurity systems represent a major security and IT productivity advancement, allowing organizations to streamline the management and protection of today’s highly distributed infrastructures. However, not all self-healing cybersecurity systems are built equally. Organizations should insist that their vendor of choice demonstrates persistence capabilities before making a final purchase decision.

Written By

Torsten George is a cybersecurity evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Endpoint Security

The Zero Day Dilemma

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Less than a week after patching critical security defects affecting multiple enterprise-facing products, VMware is warning that one of the flaws is being exploited...