Machine learning picks up where traditional threat detection ends
Artificial intelligence gives security analysts a leg up on banishing malware gloom quickly, effectively
By Santosh Varughese, Special to ThirdCertainty
Smart CSOs and CISOs are moving from post-incident to pre-incident threat intelligence. Instead of signature and reputation-based detection methods, they are looking at artificial intelligence innovations that use machine learning algorithms to drive superior forensics results.
In the past, humans had to look at large sets of data to distinguish the good characteristics from the bad ones. But organizational threats increasingly manifest themselves through changing and complex signals that are difficult to detect with traditional signature-based and rule-based monitoring solutions.
Related podcast: How machine learning keeps malware from seeping through cracks
What’s more, traditional tools can contribute to “alert fatigue” by excessively warning about activities that may not be indicative of a real security incident. This requires skilled security analysts to identify and investigate these alerts when there already is a shortage of these skilled professionals.
With machine learning, the computer is trained to distinguish the good characteristics from the bad ones, using multidimensional signatures that can examine patterns to identify anomalies and detect problems. A mitigation response can then be triggered.
Two types of learning
Machine learning generally works in two ways: supervised and unsupervised. With the former, humans tell the machines which behaviors are good and bad. The machines then figure out the commonalities to develop multidimensional signatures. With unsupervised learning, the machines develop the algorithms without having the data labeled, analyzing clusters to figure out what’s normal and what’s an anomaly.
Unsupervised machine learning can be used as part of a layered defense approach, serving as a scalable safety net across an organization’s information ecosystem. This can help identify rogue uses in all types of networks, distributed or centralized, local or global, cloud or on-premise.
By applying machine learning techniques across a diverse set of data sources, systems can absorb more and more relevant data and become increasingly intelligent. These systems can then help optimize the efficiency of security personnel, enabling organizations to more effectively identify threats. With multiple machine learning modules to scrutinize security data, organizations can identify and connect otherwise unnoticeable, subtle security signals.
Machine learning also can produce pre-analyzed context for investigations, making it easier for security analysts of all experience levels to discover threats. This is a proactive approach for combating sophisticated attacks. It enables CISOs to accelerate detection efforts and reduce time expended on investigations.
More stories related to machine learning:
Machine learning helps detect real-time network threats
Machine learning combined with behavioral analytics can make big impact on security
Virtual analysts leverage human knowledge to help solve cybersecurity challenges