Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Artificial Intelligence

Three Things to Consider Before Incorporating Machine Learning into Your Security Efforts

We have been hearing a lot of buzz about artificial intelligence (AI) for years, but more recently, the discussion within the cybersecurity industry has centered around machine learning (ML), an approach to AI that focuses on using algorithms to sift through data, learn from it and inform action based on the analytics, such as automatically preventing an unknown threat. 

We have been hearing a lot of buzz about artificial intelligence (AI) for years, but more recently, the discussion within the cybersecurity industry has centered around machine learning (ML), an approach to AI that focuses on using algorithms to sift through data, learn from it and inform action based on the analytics, such as automatically preventing an unknown threat. 

When you unpack the history of AI/ML, you quickly realize the science behind it has been in development since the 1950s, or earlier, with Alan Turing’s seminal paper posing the simple question in 1951, “Can machines think?” But, if the methodology has been around for decades, the natural question is, why now?

Since a ML system can evaluate new data and behavior while operating unsupervised, every company wants to hurry and adopt this cutting-edge approach for many applications. However, the real value of machine learning is the ability to make decisions based on what it has learned from the past, not just what it is currently seeing and analyzing. A machine learning system needs to be trained, and it cannot be trained without a large amount of previous data and intelligence.

In order to maximize the effectiveness of ML in your security efforts, it is helpful to first understand what you need to do before adopting it. I would recommend that security practitioners focus on the following criteria when considering adding a capability that includes machine learning:

1) Collect high-quality data – Having access to massive store of high quality data is the basis for training a machine learning system. When you adopt a product that includes ML, you will want to augment the things you have done in the past, like signature collection and automated malware analysis, so you can combine those things with the machine’s capability to determine new, malicious content. In addition to looking at bad data, you also need to have a large collection of good data, so that when it comes time to train the machine, it can accurately distinguish between what is dangerous and what is benign.

2) Establish consistency in your security – Ultimately, you will need to ensure ML algorithms can run at multiple levels including network traffic, user behavior and endpoint. For example, if today you are only looking at anomalous behavior in your network traffic but not on your endpoint or in your user behavior, you won’t be able to accurately correlate and determine whether something is truly malicious so you can make the most sound decisions. 

3) Ask the right questions for vendors – Many companies claim their solutions incorporate ML, but oftentimes capabilities are overstated. The questions you ask these vendors should focus on how accurate, fast and efficient their systems are. Where does the analyzed data come from, and how often is it collected? How quickly can the solution make a decision that leads to an action? Developing and asking a comprehensive list of questions like these will help you select the system best suited for your company’s needs.

When you consider the value of machine learning, the ultimate goal is simple: use software to automatically take an action. While the area of study has existed for decades, the industry has reached a place where it can be effectively applied to improve our ability to prevent successful attacks. As attackers continue to increase the volume of attacks they launch, often automating their entire operations, organizations typically apply manual processes to their response efforts, which do not scale. As we seek to require less manual effort and automate as much prevention as possible, machine learning is one way to provide powerful leverage to Cybersecurity professionals.

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.