A quick guide to machine learning in cybersecurity
You may have seen the words ‘artificial intelligence’ and ‘machine learning’ widely used in the technology industry at the moment, and their appearances are no less prominent in cybersecurity.
ABI Research predicts that machine learning in cybersecurity will help boost intelligence, analytics, and big data spending to US$96 billion by 2021.
“We are in the midst of an artificial intelligence (AI) security revolution,” says ABI Research analyst Dimitrios Pavlakis.
“This will drive machine learning solutions to soon emerge as the new norm beyond security information and event management (SIEM) and ultimately displace a large portion of traditional AV, heuristics, and signature-based systems within the next five years.”
Beyond the numbers and the terminology, there is a simple question: What does machine learning do for cybersecurity, anyway?
“Machine learning is not AI. Machine learning still requires some human intervention and engineering but the technology uses algorithms and predictive models to sift through and monitor the security noise in real-time and flag up things that might need investigating by the organisation's security team,” explains LogRhythm’s Andy McCue.
In association with LogRhythm, we look at four ways machine learning is used in cybersecurity today.
There are so many malware types and variants that security teams and many of the technologies they use can’t keep up. According to AV-Test statistics, there are more than 350,000 new specimens of malware every day.
Because machine learning uses algorithms to rapidly analyse, detect, and classify files and behaviour, it is able to identify those that may be suspicious. The files can then be analysed by a human data analyst.
Monitoring threats and risks in real time
Through real-time monitoring, machine learning is able to use big data analytics to sift through data and guide security teams to the most important threats through actionable and accurate threat intelligence.
User behaviour analysis and insider threats
Machine learning powers many User and Entity Behavioural Analytics (UEBA) security solutions for the simple reason that it is able to build a pattern of ‘normal’ behaviour from historical data.
If something happens on an organisation’s network that doesn’t quite fit with that normal behaviour pattern, it is rapidly classified as an anomaly. Anomalies can often be the result of insider threats, including data theft and privilege abuse by employees, or it could also signal that employees’ accounts have been compromised in some way.
This could be the next frontier for machine learning, although there is a lot of development to go before the technology is mature.
Deep learning leverages neural networks that mimic the human brain and in time, machine learning algorithms may be able to learn without any human intervention or input, and early tests show that this could be a more effective way to detect unknown malware and advanced threats.
Why should your organisation look for security solutions that use machine learning technology?
As we’ve seen, machine learning can transform threat detection and monitoring beyond a time-consuming manual process. It can not only detect malware, but also suspicious user behaviour.
A robust security solution that uses machine learning should provide actionable threat intelligence without overburdening security teams with false alerts.