Advertisement

http://insurancethoughtleadership.com/wp-content/uploads/2014/04/bg-h1.png

facebooktwittergoogle_plusredditpinterestlinkedinmail Print

January 3, 2017

Machine Learning May Tip Balance on Cyber

Summary:

Machine learning can shift the focus from recovery, after a cyber incident, to intelligence that can head off threats.

Photo Courtesy of Pixabay

Smart CSOs and CISOs are moving from post-incident to pre-incident threat intelligence. Instead of signature and reputation-based detection methods, they are looking at artificial intelligence innovations that use machine learning algorithms to drive superior forensics results.

In the past, humans had to look at large sets of data to distinguish the good characteristics from the bad ones. But organizational threats increasingly manifest themselves through changing and complex signals that are difficult to detect with traditional signature-based and rule-based monitoring solutions.

See also: What You Must Know on Machine Learning  

What’s more, traditional tools can contribute to “alert fatigue” by excessively warning about activities that may not be indicative of a real security incident. This requires skilled security analysts to identify and investigate these alerts when there already is a shortage of these skilled professionals.

With machine learning, the computer is trained to distinguish the good characteristics from the bad ones, using multidimensional signatures that can examine patterns to identify anomalies and detect problems. A mitigation response can then be triggered.

Two types of learning

Machine learning generally works in two ways: supervised and unsupervised. With the former, humans tell the machines which behaviors are good and bad. The machines then figure out the commonalities to develop multidimensional signatures. With unsupervised learning, the machines develop the algorithms without having the data labeled, analyzing clusters to figure out what’s normal and what’s an anomaly.

Unsupervised machine learning can be used as part of a layered defense approach, serving as a scalable safety net across an organization’s information ecosystem. This can help identify rogue uses in all types of networks, distributed or centralized, local or global, cloud or on-premise.

Sophisticated security

By applying machine learning techniques across a diverse set of data sources, systems can absorb more and more relevant data and become increasingly intelligent. These systems can then help optimize the efficiency of security personnel, enabling organizations to more effectively identify threats. With multiple machine learning modules to scrutinize security data, organizations can identify and connect otherwise unnoticeable, subtle security signals.

See also: How Machine Learning Changes the Game  

Machine learning also can produce pre-analyzed context for investigations, making it easier for security analysts of all experience levels to discover threats. This approach enables CISOs to accelerate detection efforts and reduce time expended on investigations.

This article was written by Santosh Varughese. It originally appeared on ThirdCertainty.

description_here

About the Author

Byron Acohido, one of the nation’s most respected cybersecurity and privacy experts, has stepped into a new role: editor-in-chief at IDT911. Acohido first began paying close attention to cybersecurity and privacy in 2004 as a technology reporter and web producer at USA Today.

+ READ MORE about this author ...

To subscribe to articles by other authors or in other topic areas, or to manage your existing subscriptions, click here.
Like this Post? Share it!

Add a Comment or Ask a Question

blog comments powered by Disqus