Analytics

4/21/2017
03:57 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

Machine Learning in Security: 4 Factors to Consider

Key factors to consider before adding machine learning to your security strategy.

There's a good chance you've considered the implications of machine learning for your security team. As data increases, the skill gap widens, and hackers' strategies get more complex, businesses struggle to detect and address cyberattacks.

Machine learning enables behavioral analytics and cognitive security to detonate attachments before they arrive in someone's inbox, or correlate types of activity across a network of thousands of users.

The ability to stop attacks before they occur is powerful, but how should security leaders start the process of making their systems smarter with machine learning?

Start With The Basics

Avnet CISO Sean Valcamp advises perfecting your security posture first. Valcamp has been involved with cognitive security in his practice since September 2016, he says. 

"I caution someone to think they can invest in a cognitive foundation without a strong security strategy in place," he says. "Almost immediate gains can be seen in security practices that have a solid foundation.

Since then, he's learned a few other lessons on the still-evolving tech and how it affects employees.

Machine Learning Can Save Time

Overall, the tech landscape has become faster and more consumer-driven, Valcamp explains. People have exponentially more computing power than they once did and generate massive amounts of data.

The importance of timing and accuracy blend together in cognitive security. Information must be legitimized quickly to achieve maximum value from machine learning and stop security threats in any business environment.

"The ability to verify and validate accuracy is the biggest value point associated with the cognitive engineer we have," he says.

Machine Learning May Change Staffing & Skills Needs

Security is "visibility plus action," says Valcamp. Today's security operators are level-one professionals who primarily focus on visibility and pass information to senior engineers to handle problems they find.

The introduction of machine learning to monitor activity could change the role of junior security engineers. Instead of spending their time watching for breaches, they'll be able to take action.

"What we found is, our focus around skill and development of security engineers has moved to more advanced skill sets because the cognitive piece is taking care of the first level," he explains.

This could help companies struggling with the security skill shortage. Cognitive systems can highlight high-risk alerts for senior engineers to tackle, and lower-risk items for junior employees. Ultimately, lower-level employees benefit by building more advanced skill sets.

Machine Learning Won't Automatically Make You More Intelligent 

"Garbage in, garbage out," says Valcamp. "You're really only as smart as the data presented into the cognitive engineer."

Whatever the smart system is processing, it's only valuable if the data is valuable. Businesses behind machine learning platforms need to make sure the information being entered is quality. If not, it increases the risk of fake alerts.

"If we track false positives, we feel like we're chasing our tail," he explains. "We want to make sure we've validated our sources, and are measuring ourselves along the way, so security engineers are spending their time on higher value activities."

[Sean Valcamp will share more of his lessons in machine learning as part of his session "Rise of the Machines: How Machine Learning Can Improve Cyber Security" during Interop ITX, May 15-19, at the MGM Grand in Las Vegas. To learn more about his presentation, other Interop security tracks, or to register click on the live links.]

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JulietteRizkallah
100%
0%
JulietteRizkallah,
User Rank: Ninja
5/5/2017 | 11:29:51 AM
Clean your data
I agree with the points of this article, all fundamental to an efficient use of AI/ML.  In addition i wold suggest corporations start "cleaning" their data.  So much of it is stale, non business related and just noise, it makes sense to classify and clean up the data for which AI may monitor access to prevent or detect a breach.  Here again, the concept of garbage in, garbage out will apply by not focusing on all data but only the one corporations care about.
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
Getting Up to Speed with "Always-On SSL"
Tim Callan, Senior Fellow, Comodo CA,  10/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Too funny!
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.