Machine learning helps organizations strengthen security, identify inside threats

Data security analytics help speed up attack detection and response

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

The enter­prise secu­ri­ty land­scape can seem like a mine­field, rid­dled with hid­den threats and high­ly dam­ag­ing attacks plant­ed by increas­ing­ly sophis­ti­cat­ed cyber crim­i­nals. With data breach­es cost­ing orga­ni­za­tions upward of $500 bil­lion a year, it’s no sur­prise that IT secu­ri­ty spend­ing is esti­mat­ed to reach $170 bil­lion by 2020.

Ed note_Niara_Sriram RamachandranTo make mat­ters worse, cyber crim­i­nals are more com­mon­ly employ­ing advanced attack tech­niques that tra­di­tion­al secu­ri­ty sys­tems aren’t able to detect. For exam­ple, they’re increas­ing­ly deliv­er­ing mal­ware that bypass­es perime­ter secu­ri­ty, steal­ing cor­po­rate cre­den­tials and com­pro­mis­ing users. This enables cyber crim­i­nals to pose as autho­rized users with unen­cum­bered access to cor­po­rate net­works for weeks or months at a time.

Threats with­in an orga­ni­za­tion man­i­fest them­selves through ever-evolv­ing and com­plex sig­nals that are dif­fi­cult to detect with tra­di­tion­al sig­na­ture-based detec­tion and rule-based mon­i­tor­ing solu­tions. These threats include exter­nal attacks that have evad­ed perime­ter defens­es, inter­nal attacks by mali­cious insid­ers, or just risky behav­iors by neg­li­gent employ­ees who put the orga­ni­za­tion at risk.

Relat­ed sto­ry: Insid­er threats pose major cyber­se­cu­ri­ty exposure

In addi­tion to insuf­fi­cient threat detec­tion, tra­di­tion­al solu­tions can con­tribute to the “alert white noise” prob­lem by exces­sive­ly warn­ing about unusu­al activ­i­ties that may not be indica­tive of a real secu­ri­ty inci­dent. Giv­en the acute short­age of skilled secu­ri­ty pro­fes­sion­als, the pres­sure falls on ana­lysts to iden­ti­fy and inves­ti­gate these alerts.

Machine learn­ing is a method for pro­gram­ming a com­put­er to find pat­terns in data and make auto­mat­ic deci­sions. Apply­ing machine learn­ing tech­niques across a diverse set of data sources helps the sys­tem become increas­ing­ly intel­li­gent as it ingests more and more rel­e­vant data. The results of such sys­tems help opti­mize the effi­cien­cy of secu­ri­ty per­son­nel, enabling orga­ni­za­tions to more effec­tive­ly iden­ti­fy threats on the inside.

When there is no train­ing in advance, this is called “unsu­per­vised” machine learn­ing. When the mod­els are trained ahead of time, we call this “super­vised” machine learn­ing, which is sim­i­lar to the way a per­son learns a new sport by being taught the prop­er form and the rules asso­ci­at­ed with the game. Their skills improve the more they play until it even­tu­al­ly becomes sec­ond nature. After a cer­tain amount of prac­tice and rep­e­ti­tion, the desired result becomes automatic.

By apply­ing mul­ti­ple machine learn­ing-based ana­lyt­ic mod­ules to scru­ti­nize secu­ri­ty data, orga­ni­za­tions can detect and string togeth­er sub­tle secu­ri­ty sig­nals that would oth­er­wise go unno­ticed. More specif­i­cal­ly, orga­ni­za­tions can apply behav­ioral ana­lyt­ics, which base­line nor­mal behav­iors and iden­ti­fy irreg­u­lar­i­ties using unsu­per­vised machine learn­ing, in par­al­lel with super­vised machine learn­ing and oth­er ana­lyt­ics tech­niques to reli­ably link anom­alous and mali­cious behavior.

Machine learn­ing can empow­er ana­lysts of all expe­ri­ence lev­els with pre-ana­lyzed con­text for inci­dent inves­ti­ga­tions, mak­ing it eas­i­er for them to hone in on the threats lit­tered across the secu­ri­ty mine­field. In turn, orga­ni­za­tions can proac­tive­ly com­bat sophis­ti­cat­ed attacks by speed­ing threat hunt­ing efforts and reduc­ing the time for inves­ti­ga­tion and response.

 More sto­ries relat­ed to data security :
JP Mor­gan Chase caper offers frank lessons about insid­er theft
Pre­dic­tive threat intel­li­gence roots out cyber threats before they occur
Biggest iden­ti­ty theft threat? Down­play­ing your risk