Analytics

4/21/2017
03:57 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

Machine Learning in Security: 4 Factors to Consider

Key factors to consider before adding machine learning to your security strategy.

There's a good chance you've considered the implications of machine learning for your security team. As data increases, the skill gap widens, and hackers' strategies get more complex, businesses struggle to detect and address cyberattacks.

Machine learning enables behavioral analytics and cognitive security to detonate attachments before they arrive in someone's inbox, or correlate types of activity across a network of thousands of users.

The ability to stop attacks before they occur is powerful, but how should security leaders start the process of making their systems smarter with machine learning?

Start With The Basics

Avnet CISO Sean Valcamp advises perfecting your security posture first. Valcamp has been involved with cognitive security in his practice since September 2016, he says. 

"I caution someone to think they can invest in a cognitive foundation without a strong security strategy in place," he says. "Almost immediate gains can be seen in security practices that have a solid foundation.

Since then, he's learned a few other lessons on the still-evolving tech and how it affects employees.

Machine Learning Can Save Time

Overall, the tech landscape has become faster and more consumer-driven, Valcamp explains. People have exponentially more computing power than they once did and generate massive amounts of data.

The importance of timing and accuracy blend together in cognitive security. Information must be legitimized quickly to achieve maximum value from machine learning and stop security threats in any business environment.

"The ability to verify and validate accuracy is the biggest value point associated with the cognitive engineer we have," he says.

Machine Learning May Change Staffing & Skills Needs

Security is "visibility plus action," says Valcamp. Today's security operators are level-one professionals who primarily focus on visibility and pass information to senior engineers to handle problems they find.

The introduction of machine learning to monitor activity could change the role of junior security engineers. Instead of spending their time watching for breaches, they'll be able to take action.

"What we found is, our focus around skill and development of security engineers has moved to more advanced skill sets because the cognitive piece is taking care of the first level," he explains.

This could help companies struggling with the security skill shortage. Cognitive systems can highlight high-risk alerts for senior engineers to tackle, and lower-risk items for junior employees. Ultimately, lower-level employees benefit by building more advanced skill sets.

Machine Learning Won't Automatically Make You More Intelligent 

"Garbage in, garbage out," says Valcamp. "You're really only as smart as the data presented into the cognitive engineer."

Whatever the smart system is processing, it's only valuable if the data is valuable. Businesses behind machine learning platforms need to make sure the information being entered is quality. If not, it increases the risk of fake alerts.

"If we track false positives, we feel like we're chasing our tail," he explains. "We want to make sure we've validated our sources, and are measuring ourselves along the way, so security engineers are spending their time on higher value activities."

[Sean Valcamp will share more of his lessons in machine learning as part of his session "Rise of the Machines: How Machine Learning Can Improve Cyber Security" during Interop ITX, May 15-19, at the MGM Grand in Las Vegas. To learn more about his presentation, other Interop security tracks, or to register click on the live links.]

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JulietteRizkallah
100%
0%
JulietteRizkallah,
User Rank: Ninja
5/5/2017 | 11:29:51 AM
Clean your data
I agree with the points of this article, all fundamental to an efficient use of AI/ML.  In addition i wold suggest corporations start "cleaning" their data.  So much of it is stale, non business related and just noise, it makes sense to classify and clean up the data for which AI may monitor access to prevent or detect a breach.  Here again, the concept of garbage in, garbage out will apply by not focusing on all data but only the one corporations care about.
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
New Free Tool Scans for Chrome Extension Safety
Dark Reading Staff 2/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1944
PUBLISHED: 2019-02-21
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-For...
CVE-2018-1945
PUBLISHED: 2019-02-21
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click act...
CVE-2018-1946
PUBLISHED: 2019-02-21
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the stronges...
CVE-2018-1947
PUBLISHED: 2019-02-21
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure withi...
CVE-2018-1948
PUBLISHED: 2019-02-21
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to...