Connect with us

Hi, what are you looking for?


Artificial Intelligence

Cybersecurity and Teaching The Machine

If you attended RSA Conference this year, you probably heard many vendors talk about machine learning for cybersecurity.

If you attended RSA Conference this year, you probably heard many vendors talk about machine learning for cybersecurity. Or if you missed RSA, you may have caught some of the articles on artificial intelligence to detect insider threats with terms like user behavior analytics. You may have then started to think about how these algorithms work and the difference between supervised vs. un-supervised models. You may have even started to look into k-means and dig into the differences between dynamic Bayes vs. empirical Bayes. And you may have even suddenly felt your job as a security professional required new data science skills. Well, today I would like to focus this article on one important piece of that puzzle: Teaching The Machine.

What is teaching the machine?

While teaching the machine is not a formal term that I am aware of, what I mean by that is the process that people — data scientists — go through to convert their expertise of detecting anomalies in patterns of data to something that machines understand and learn. It’s a process by which machines learn how to detect these cybersecurity patterns on their own. And although a data scientist is not typically a subject matter expert on teaching cybersecurity, that person can be a great resource to convert human interpretations to computer algorithms. 

Crawl, walk, run

Humans don’t get up and walk on the same day they are born, unlike some creatures that remarkably can. There is a process through which children learn to crawl, stand, walk and run. This process usually goes in parallel with other learnings, gestures like “bye-bye,” “give me,” and “no-no.” Gestures then get converted to words, and words into phrases. Teaching a machine is not that different; there is a process over iterations to teach, observe, teach more, observe more, with the goal that the machine can get to the point where it “runs” on its own.

Group learning

If I have not lost you so far, this is where things start to get more interesting. Most of us went to some type of school for group learning. We sat next to peers, then listened and learned as the teacher addressed all students. This is also where the analogy starts to fade away. Clearly, we don’t send our machines off to school.  So why shouldn’t we build a “school” for group machine learning? Why shouldn’t we apply the learnings from one machine and clone them to another machine?

Advertisement. Scroll to continue reading.

While we can’t just connect a wire between two kids and transfer all the knowledge from one to the other, we can do this with machines and we should. What if we could share everything our machine has learned about detecting cybersecurity threats with other machines. Wouldn’t that be great? What if there was an open source initiative to share machine algorithms and open machine data models? Thankfully there is such an initiative and it’s named Apache Spot. And one of its goals is to tackle the challenge of group machine learning. 

Apache Spot, collaboration between the good guys

Apache Spot is in its early stages yet it already has all the potential to be the platform where the good guys collaborate, sharing models and algorithms to find the bad actors. Think of it as a foundation for detecting and preventing cybersecurity threats. And the good news is not everyone who collaborates on Apache Spot needs to be a data scientist. In fact, one of the best ways to support the effort is to download, install and run the platform on your own, then use the predefined algorithms and models to provide feedback on your results.

You can be a force for change without having to learn how Latent Dirichlet Allocation or other algorithms work. Of course we already know the bad guys collaborate, share code, and share secrets. The good guys need to unite and do the same, and Apache Spot wants to — and can —be that uniting force.

One Large Distributed System

Cybersecurity should not be a competitive differentiator between organizations and services. Why should you be forced to choose Bank A instead of Bank B only because Bank A is more secure? Wouldn’t it be great if all banks, healthcare providers, telecommunication systems, and governments shared a common platform for cybersecurity with built-in and continually improving cybersecurity machine models? We should, in fact, be able to expect the best security processes and services regardless of the industry.

When you think in these terms of collaboration at such a grand scale, we are then no longer teaching individual machines. Rather, we are effectively teaching one large distributed system. This is where I see Teaching The Machine as one of the most important pieces — if not the most important — of the cybersecurity puzzle. It is the common thread that ties all industries together in the critical effort of doing business securely.

Please join me in my next contribution where I will dive into more details on cybersecurity using Machine Learning.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...