Machine learning helps detect real-time network threats

Platform software does heavy lifting and sifting of data for humans

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

No matter how robust a company’s cyber defenses, the bad guys seem to find a way to get in. And when—not if—they do, it could take weeks, even months, to detect them and to assess the damage.

Ed note_Vectra NetworksBuilding off the premise that spending a lot of money “trying to prevent the bad guys from getting in” is an imperfect approach, Vectra Networks wants to help cybersecurity teams track down and stop attackers once they’re inside the network, not before they get there.

“The core problem is that all the sensors the company has invested in—firewalls, sandboxes, AV—act as a good filter, but they don’t stop everything from getting in,” says Vectra’s chief technology officer, Oliver Tavakoli. “We’re single-mindedly focused on finding that intruder inside your network before the FBI calls you and tells you about it.”

Using machine learning—and some of the same techniques used to sequence DNA and improve search engines—the San Jose, California, company has developed a platform that looks at patterns to detect anomalies and trigger a mitigation response.

Vectra isn’t advocating forgoing the traditional filters like firewalls and reputation lists—it’s still important to practice good cyber hygiene, Tavakoli says. But that’s no longer enough.

“Presuming the filters are 100 percent perfect is a recipe for the kind of breaches we see in the news,” he says.

So Vectra’s product, platform software called X-series, picks up where those traditional security tools stop and provides real-time detection of an attack that’s in process. Instead of signature- and reputation-based methods, Vectra uses machine learning, data science and behavior analysis—an approach that’s much more effective in stopping the types of high-profile breaches that have dominated headlines of late.

Related story: Machine learning helps organizations strengthen security, identify inside threats

The platform, which was launched in 2014, is typically deployed with an on-premises appliance that sits within the data center and monitors packet traffic. Customers also can opt for a virtual appliance, using another product, S-series sensors. The service is subscription-based, based on the amount of traffic that’s being processed.

Günter Ollmann, Vectra Networks chief security officer
Günter Ollmann, Vectra Networks chief security officer

Vectra’s chief security officer Günter Ollmann says traditional tools in the past relied on blacklists, two-dimensional signatures and behavioral analytics, which are all driven by human decisions. But the threats develop so fast that those techniques don’t keep up with the bad guys.

“Machine learning is doing a much better job of … creating multidimensional signatures for detecting what’s going bad,” he says.

Machine learning works in two ways: supervised and unsupervised. With supervised learning, humans tell the machines which behaviors are good and which are bad, and the machines figure out the commonalities to develop multidimensional signatures.

In the past, Tavakoli explains, humans had to look at large sets of data to try to distinguish the good characteristics from the bad ones. With machine learning, it’s essentially about training the computer to find those differences, but much faster.

“Supervised machine learning involves the machine doing 95 percent of the work and the data scientists doing the 5 percent,” he says.

With unsupervised learning, the machines develop the algorithms without having the data labeled—so they analyze the clusters to figure out what’s normal and what’s an anomaly.

Oliver Tavakoli, Vectra Networks chief technology officer
Oliver Tavakoli, Vectra Networks chief technology officer

“That’s a slower detection, but it detects things that humans and those high-fidelity signatures would never be able to see,” Tavakoli says.

Founded in 2012, Vectra set its sights on machine learning when the concept was still novel. The company, which came out of stealth mode in March 2014, immediately focused on a broad range of sectors. Now in what Tavakoli calls its “adolescent stage,” Vectra has gone through several phases of funding—for a total of about $75 million—and has grown to 125 employees as well as sales offices in Europe.

“We believe the market is not limited to a few verticals because it’s a broad problem,” he says.

That means for the next year or so, the company’s energies are focused on gaining sales momentum and scaling all its processes and operational capacity as the organization matures.

The timing seems fortuitous, now that machine learning as well as automation are becoming the new frontiers for cybersecurity. And that’s what’s given the platform a broad appeal, according to Tavakoli—the ability to do the heavy lifting for humans, especially as the industry is experiencing a shortage of human resources.

“You see a real renaissance nowadays when you hear about machine learning in all types of markets, and those techniques are being applied to a much broader set of problems than they were historically,” Tavakoli says.

It’s the machine learning that will fulfill the promise that big data holds, he believes—yet not through complete autonomy, but rather as a leveraging point.

“The whole world is swimming in a large amount of data being collected from all sorts of things, and people are struggling to pull value out of that data,” he says. “Machine learning and data science are at the vanguard of unlocking the information that’s hidden inside the data—and cybersecurity is just one such application.”

More stories related to data security :
JP Morgan Chase caper offers frank lessons about insider theft
Predictive threat intelligence roots out cyber threats before they occur
Biggest identity theft threat? Downplaying your risk