Machine learning helps organizations strengthen security, identify inside threats
Data security analytics help speed up attack detection and response
By Sriram Ramachandran, Special to ThirdCertainty
The enterprise security landscape can seem like a minefield, riddled with hidden threats and highly damaging attacks planted by increasingly sophisticated cyber criminals. With data breaches costing organizations upward of $500 billion a year, it’s no surprise that IT security spending is estimated to reach $170 billion by 2020.
To make matters worse, cyber criminals are more commonly employing advanced attack techniques that traditional security systems aren’t able to detect. For example, they’re increasingly delivering malware that bypasses perimeter security, stealing corporate credentials and compromising users. This enables cyber criminals to pose as authorized users with unencumbered access to corporate networks for weeks or months at a time.
Threats within an organization manifest themselves through ever-evolving and complex signals that are difficult to detect with traditional signature-based detection and rule-based monitoring solutions. These threats include external attacks that have evaded perimeter defenses, internal attacks by malicious insiders, or just risky behaviors by negligent employees who put the organization at risk.
Related story: Insider threats pose major cybersecurity exposure
In addition to insufficient threat detection, traditional solutions can contribute to the “alert white noise” problem by excessively warning about unusual activities that may not be indicative of a real security incident. Given the acute shortage of skilled security professionals, the pressure falls on analysts to identify and investigate these alerts.
Machine learning is a method for programming a computer to find patterns in data and make automatic decisions. Applying machine learning techniques across a diverse set of data sources helps the system become increasingly intelligent as it ingests more and more relevant data. The results of such systems help optimize the efficiency of security personnel, enabling organizations to more effectively identify threats on the inside.
When there is no training in advance, this is called “unsupervised” machine learning. When the models are trained ahead of time, we call this “supervised” machine learning, which is similar to the way a person learns a new sport by being taught the proper form and the rules associated with the game. Their skills improve the more they play until it eventually becomes second nature. After a certain amount of practice and repetition, the desired result becomes automatic.
By applying multiple machine learning-based analytic modules to scrutinize security data, organizations can detect and string together subtle security signals that would otherwise go unnoticed. More specifically, organizations can apply behavioral analytics, which baseline normal behaviors and identify irregularities using unsupervised machine learning, in parallel with supervised machine learning and other analytics techniques to reliably link anomalous and malicious behavior.
Machine learning can empower analysts of all experience levels with pre-analyzed context for incident investigations, making it easier for them to hone in on the threats littered across the security minefield. In turn, organizations can proactively combat sophisticated attacks by speeding threat hunting efforts and reducing the time for investigation and response.
More stories related to data security :
JP Morgan Chase caper offers frank lessons about insider theft
Predictive threat intelligence roots out cyber threats before they occur
Biggest identity theft threat? Downplaying your risk