Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Three Things to Consider Before Incorporating Machine Learning into Your Security Efforts

We have been hearing a lot of buzz about artificial intelligence (AI) for years, but more recently, the discussion within the cybersecurity industry has centered around machine learning (ML), an approach to AI that focuses on using algorithms to sift through data, learn from it and inform action based on the analytics, such as automatically preventing an unknown threat. 

We have been hearing a lot of buzz about artificial intelligence (AI) for years, but more recently, the discussion within the cybersecurity industry has centered around machine learning (ML), an approach to AI that focuses on using algorithms to sift through data, learn from it and inform action based on the analytics, such as automatically preventing an unknown threat. 

When you unpack the history of AI/ML, you quickly realize the science behind it has been in development since the 1950s, or earlier, with Alan Turing’s seminal paper posing the simple question in 1951, “Can machines think?” But, if the methodology has been around for decades, the natural question is, why now?

Since a ML system can evaluate new data and behavior while operating unsupervised, every company wants to hurry and adopt this cutting-edge approach for many applications. However, the real value of machine learning is the ability to make decisions based on what it has learned from the past, not just what it is currently seeing and analyzing. A machine learning system needs to be trained, and it cannot be trained without a large amount of previous data and intelligence.

In order to maximize the effectiveness of ML in your security efforts, it is helpful to first understand what you need to do before adopting it. I would recommend that security practitioners focus on the following criteria when considering adding a capability that includes machine learning:

1) Collect high-quality data – Having access to massive store of high quality data is the basis for training a machine learning system. When you adopt a product that includes ML, you will want to augment the things you have done in the past, like signature collection and automated malware analysis, so you can combine those things with the machine’s capability to determine new, malicious content. In addition to looking at bad data, you also need to have a large collection of good data, so that when it comes time to train the machine, it can accurately distinguish between what is dangerous and what is benign.

2) Establish consistency in your security – Ultimately, you will need to ensure ML algorithms can run at multiple levels including network traffic, user behavior and endpoint. For example, if today you are only looking at anomalous behavior in your network traffic but not on your endpoint or in your user behavior, you won’t be able to accurately correlate and determine whether something is truly malicious so you can make the most sound decisions. 

3) Ask the right questions for vendors – Many companies claim their solutions incorporate ML, but oftentimes capabilities are overstated. The questions you ask these vendors should focus on how accurate, fast and efficient their systems are. Where does the analyzed data come from, and how often is it collected? How quickly can the solution make a decision that leads to an action? Developing and asking a comprehensive list of questions like these will help you select the system best suited for your company’s needs.

When you consider the value of machine learning, the ultimate goal is simple: use software to automatically take an action. While the area of study has existed for decades, the industry has reached a place where it can be effectively applied to improve our ability to prevent successful attacks. As attackers continue to increase the volume of attacks they launch, often automating their entire operations, organizations typically apply manual processes to their response efforts, which do not scale. As we seek to require less manual effort and automate as much prevention as possible, machine learning is one way to provide powerful leverage to Cybersecurity professionals.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

CISO Conversations

SecurityWeek speaks with two leading CISOs in the aviation industry – Mitch Cyrus of Honda Aircraft, and Mark Ferguson of Bombardier.