Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

4/21/2017
03:57 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

Machine Learning in Security: 4 Factors to Consider

Key factors to consider before adding machine learning to your security strategy.

There's a good chance you've considered the implications of machine learning for your security team. As data increases, the skill gap widens, and hackers' strategies get more complex, businesses struggle to detect and address cyberattacks.

Machine learning enables behavioral analytics and cognitive security to detonate attachments before they arrive in someone's inbox, or correlate types of activity across a network of thousands of users.

The ability to stop attacks before they occur is powerful, but how should security leaders start the process of making their systems smarter with machine learning?

Start With The Basics

Avnet CISO Sean Valcamp advises perfecting your security posture first. Valcamp has been involved with cognitive security in his practice since September 2016, he says. 

"I caution someone to think they can invest in a cognitive foundation without a strong security strategy in place," he says. "Almost immediate gains can be seen in security practices that have a solid foundation.

Since then, he's learned a few other lessons on the still-evolving tech and how it affects employees.

Machine Learning Can Save Time

Overall, the tech landscape has become faster and more consumer-driven, Valcamp explains. People have exponentially more computing power than they once did and generate massive amounts of data.

The importance of timing and accuracy blend together in cognitive security. Information must be legitimized quickly to achieve maximum value from machine learning and stop security threats in any business environment.

"The ability to verify and validate accuracy is the biggest value point associated with the cognitive engineer we have," he says.

Machine Learning May Change Staffing & Skills Needs

Security is "visibility plus action," says Valcamp. Today's security operators are level-one professionals who primarily focus on visibility and pass information to senior engineers to handle problems they find.

The introduction of machine learning to monitor activity could change the role of junior security engineers. Instead of spending their time watching for breaches, they'll be able to take action.

"What we found is, our focus around skill and development of security engineers has moved to more advanced skill sets because the cognitive piece is taking care of the first level," he explains.

This could help companies struggling with the security skill shortage. Cognitive systems can highlight high-risk alerts for senior engineers to tackle, and lower-risk items for junior employees. Ultimately, lower-level employees benefit by building more advanced skill sets.

Machine Learning Won't Automatically Make You More Intelligent 

"Garbage in, garbage out," says Valcamp. "You're really only as smart as the data presented into the cognitive engineer."

Whatever the smart system is processing, it's only valuable if the data is valuable. Businesses behind machine learning platforms need to make sure the information being entered is quality. If not, it increases the risk of fake alerts.

"If we track false positives, we feel like we're chasing our tail," he explains. "We want to make sure we've validated our sources, and are measuring ourselves along the way, so security engineers are spending their time on higher value activities."

[Sean Valcamp will share more of his lessons in machine learning as part of his session "Rise of the Machines: How Machine Learning Can Improve Cyber Security" during Interop ITX, May 15-19, at the MGM Grand in Las Vegas. To learn more about his presentation, other Interop security tracks, or to register click on the live links.]

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JulietteRizkallah
100%
0%
JulietteRizkallah,
User Rank: Ninja
5/5/2017 | 11:29:51 AM
Clean your data
I agree with the points of this article, all fundamental to an efficient use of AI/ML.  In addition i wold suggest corporations start "cleaning" their data.  So much of it is stale, non business related and just noise, it makes sense to classify and clean up the data for which AI may monitor access to prevent or detect a breach.  Here again, the concept of garbage in, garbage out will apply by not focusing on all data but only the one corporations care about.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17230
PUBLISHED: 2020-04-03
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes.
CVE-2019-17231
PUBLISHED: 2020-04-03
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues.
CVE-2020-10689
PUBLISHED: 2020-04-03
A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name ...
CVE-2020-10960
PUBLISHED: 2020-04-03
In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler...
CVE-2020-11500
PUBLISHED: 2020-04-03
Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key.