Machine Learning in Security: 4 Factors to ConsiderKey factors to consider before adding machine learning to your security strategy.
There's a good chance you've considered the implications of machine learning for your security team. As data increases, the skill gap widens, and hackers' strategies get more complex, businesses struggle to detect and address cyberattacks.
Machine learning enables behavioral analytics and cognitive security to detonate attachments before they arrive in someone's inbox, or correlate types of activity across a network of thousands of users.
The ability to stop attacks before they occur is powerful, but how should security leaders start the process of making their systems smarter with machine learning?
Start With The Basics
Avnet CISO Sean Valcamp advises perfecting your security posture first. Valcamp has been involved with cognitive security in his practice since September 2016, he says.
"I caution someone to think they can invest in a cognitive foundation without a strong security strategy in place," he says. "Almost immediate gains can be seen in security practices that have a solid foundation.
Since then, he's learned a few other lessons on the still-evolving tech and how it affects employees.
Machine Learning Can Save Time
Overall, the tech landscape has become faster and more consumer-driven, Valcamp explains. People have exponentially more computing power than they once did and generate massive amounts of data.
The importance of timing and accuracy blend together in cognitive security. Information must be legitimized quickly to achieve maximum value from machine learning and stop security threats in any business environment.
"The ability to verify and validate accuracy is the biggest value point associated with the cognitive engineer we have," he says.
Machine Learning May Change Staffing & Skills Needs
Security is "visibility plus action," says Valcamp. Today's security operators are level-one professionals who primarily focus on visibility and pass information to senior engineers to handle problems they find.
The introduction of machine learning to monitor activity could change the role of junior security engineers. Instead of spending their time watching for breaches, they'll be able to take action.
"What we found is, our focus around skill and development of security engineers has moved to more advanced skill sets because the cognitive piece is taking care of the first level," he explains.
This could help companies struggling with the security skill shortage. Cognitive systems can highlight high-risk alerts for senior engineers to tackle, and lower-risk items for junior employees. Ultimately, lower-level employees benefit by building more advanced skill sets.
Machine Learning Won't Automatically Make You More Intelligent
"Garbage in, garbage out," says Valcamp. "You're really only as smart as the data presented into the cognitive engineer."
Whatever the smart system is processing, it's only valuable if the data is valuable. Businesses behind machine learning platforms need to make sure the information being entered is quality. If not, it increases the risk of fake alerts.
"If we track false positives, we feel like we're chasing our tail," he explains. "We want to make sure we've validated our sources, and are measuring ourselves along the way, so security engineers are spending their time on higher value activities."
[Sean Valcamp will share more of his lessons in machine learning as part of his session "Rise of the Machines: How Machine Learning Can Improve Cyber Security" during Interop ITX, May 15-19, at the MGM Grand in Las Vegas. To learn more about his presentation, other Interop security tracks, or to register click on the live links.]
Kelly Sheridan is Associate Editor at Dark Reading. She started her career in business tech journalism at Insurance & Technology and most recently reported for InformationWeek, where she covered Microsoft and business IT. Sheridan earned her BA at Villanova University. View Full Bio