Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

What Machine Learning Can Bring to IT Security

Last week, Amazon announced a new AWS service called Amazon Machine Learning, designed to “make it easy for developers of all skill levels to use machine learning (ML) technology.” The service is based on the same ML technology Amazon uses to anticipate efficiencies in supply chain management or detect fraudulent transactions, and is a counter-punch to the Microsoft Azure Machine Learning service announced last February.

Last week, Amazon announced a new AWS service called Amazon Machine Learning, designed to “make it easy for developers of all skill levels to use machine learning (ML) technology.” The service is based on the same ML technology Amazon uses to anticipate efficiencies in supply chain management or detect fraudulent transactions, and is a counter-punch to the Microsoft Azure Machine Learning service announced last February.

Amazon’s claim is that, “The service uses powerful algorithms to create ML models by finding patterns in your existing data. Then, Amazon Machine Learning uses these models to process new data and generate predictions for your application.”

ML is something that the financial industry has utilized for decades to spot fraud. For example, many of us have had experiences when our credit card provider has contacted us to confirm the legitimacy of a recent purchase.

Machine Learning ImageIn IT security, we have relied heavily on static rules to detect threats based on known attack patterns. But if the steady revelation of new victims is any indication, that approach has long ago reached its limits. The recent development of the democratization of ML is an indication that it’s time to consider adding it to our security arsenal.

What machine learning can bring to IT security

The intersection of ML and IT Security focuses on analytics – an emerging buzzword in security that implies more than just reporting. It encompasses an automated analysis of data that ideally elevates the proverbial needle in the haystack that represents a real threat above the typical noise in the system.

Threats have multiplied and become more sophisticated in the last ten years, while infrastructure and applications have expanded as well. We don’t lack security information – on the contrary, we are overwhelmed with data that, given time, could produce meaningful threat disruption. It’s the time, particularly of qualified security professionals, that is lacking.

So the automated analysis of security data, or analytics, is critical to regaining some semblance of control over the ocean of data that is generated and dumped into SIEM tools daily.

Not just any analytics

The most important aspect of analytics in the context of IT security today is user behavior analytics. Based on what has been reported, many of the recent and largest breaches, including Anthem and Sony Pictures, can be attributed to the theft of insider credentials, particularly those of privileged users. So understanding what behavior is normal for users and being able to identify behavior that is abnormal is a critical component of finding threats.

But in order to support user behavior analytics, we must know who our users are. Identity and Access Management (IAM) systems can supply identity context with attributes such as role, entitlements and organizational structure, to enhance the information necessary to determine risk.

Identity and Access Management needs machine learning too

IAM has been evolving to use risk information to become more intelligent. For example, risk-based authentication (RBA) considers parameters such as location, device, IP address and history, sensitivity of information accessed and certain user attributes to determine a risk score before allowing access to a user. Based on that score, step-up authentication can be required, including multi-factor authentication if necessary. Adaptive certifications are another example of the use of risk data in IAM.

But these risk scores are, once again, based on static rules. ML offers an opportunity to more dynamically measure risk.

Will this actually work?

It remains to be seen whether Amazon or Microsoft’s approach to ML can be applied to IT security (or IAM). While machine learning as a service (MLaaS) is the latest iteration, there are certainly other approaches, such as Apache Spark and their Spark ML library. Regardless of the approach, the time for applying machine learning to IT security has come. The financial fraud industry, who started this in the 1970s, is wondering what took us so long.

Written By

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...