Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

4/21/2017
03:57 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

Machine Learning in Security: 4 Factors to Consider

Key factors to consider before adding machine learning to your security strategy.

There's a good chance you've considered the implications of machine learning for your security team. As data increases, the skill gap widens, and hackers' strategies get more complex, businesses struggle to detect and address cyberattacks.

Machine learning enables behavioral analytics and cognitive security to detonate attachments before they arrive in someone's inbox, or correlate types of activity across a network of thousands of users.

The ability to stop attacks before they occur is powerful, but how should security leaders start the process of making their systems smarter with machine learning?

Start With The Basics

Avnet CISO Sean Valcamp advises perfecting your security posture first. Valcamp has been involved with cognitive security in his practice since September 2016, he says. 

"I caution someone to think they can invest in a cognitive foundation without a strong security strategy in place," he says. "Almost immediate gains can be seen in security practices that have a solid foundation.

Since then, he's learned a few other lessons on the still-evolving tech and how it affects employees.

Machine Learning Can Save Time

Overall, the tech landscape has become faster and more consumer-driven, Valcamp explains. People have exponentially more computing power than they once did and generate massive amounts of data.

The importance of timing and accuracy blend together in cognitive security. Information must be legitimized quickly to achieve maximum value from machine learning and stop security threats in any business environment.

"The ability to verify and validate accuracy is the biggest value point associated with the cognitive engineer we have," he says.

Machine Learning May Change Staffing & Skills Needs

Security is "visibility plus action," says Valcamp. Today's security operators are level-one professionals who primarily focus on visibility and pass information to senior engineers to handle problems they find.

The introduction of machine learning to monitor activity could change the role of junior security engineers. Instead of spending their time watching for breaches, they'll be able to take action.

"What we found is, our focus around skill and development of security engineers has moved to more advanced skill sets because the cognitive piece is taking care of the first level," he explains.

This could help companies struggling with the security skill shortage. Cognitive systems can highlight high-risk alerts for senior engineers to tackle, and lower-risk items for junior employees. Ultimately, lower-level employees benefit by building more advanced skill sets.

Machine Learning Won't Automatically Make You More Intelligent 

"Garbage in, garbage out," says Valcamp. "You're really only as smart as the data presented into the cognitive engineer."

Whatever the smart system is processing, it's only valuable if the data is valuable. Businesses behind machine learning platforms need to make sure the information being entered is quality. If not, it increases the risk of fake alerts.

"If we track false positives, we feel like we're chasing our tail," he explains. "We want to make sure we've validated our sources, and are measuring ourselves along the way, so security engineers are spending their time on higher value activities."

[Sean Valcamp will share more of his lessons in machine learning as part of his session "Rise of the Machines: How Machine Learning Can Improve Cyber Security" during Interop ITX, May 15-19, at the MGM Grand in Las Vegas. To learn more about his presentation, other Interop security tracks, or to register click on the live links.]

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JulietteRizkallah
100%
0%
JulietteRizkallah,
User Rank: Ninja
5/5/2017 | 11:29:51 AM
Clean your data
I agree with the points of this article, all fundamental to an efficient use of AI/ML.  In addition i wold suggest corporations start "cleaning" their data.  So much of it is stale, non business related and just noise, it makes sense to classify and clean up the data for which AI may monitor access to prevent or detect a breach.  Here again, the concept of garbage in, garbage out will apply by not focusing on all data but only the one corporations care about.
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Cognitive Bias Can Hamper Security Decisions
Kelly Sheridan, Staff Editor, Dark Reading,  6/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7472
PUBLISHED: 2019-06-15
The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.
CVE-2019-12839
PUBLISHED: 2019-06-15
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
CVE-2019-12840
PUBLISHED: 2019-06-15
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
CVE-2019-12835
PUBLISHED: 2019-06-15
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.
CVE-2019-12830
PUBLISHED: 2019-06-15
In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.