Machine learning can shift the focus from recovery, after a cyber incident, to intelligence that can head off threats.
Smart CSOs and CISOs are moving from post-incident to pre-incident threat intelligence. Instead of signature and reputation-based detection methods, they are looking at artificial intelligence innovations that use machine learning algorithms to drive superior forensics results.
In the past, humans had to look at large sets of data to distinguish the good characteristics from the bad ones. But organizational threats increasingly manifest themselves through changing and complex signals that are difficult to detect with traditional signature-based and rule-based monitoring solutions.
See also: What You Must Know on Machine Learning
What’s more, traditional tools can contribute to “alert fatigue” by excessively warning about activities that may not be indicative of a real security incident. This requires skilled security analysts to identify and investigate these alerts when there already is a shortage of these skilled professionals.
With machine learning, the computer is trained to distinguish the good characteristics from the bad ones, using multidimensional signatures that can examine patterns to identify anomalies and detect problems. A mitigation response can then be triggered.
Two types of learning
Machine learning generally works in two ways: supervised and unsupervised. With the former, humans tell the machines which behaviors are good and bad. The machines then figure out the commonalities to develop multidimensional signatures. With unsupervised learning, the machines develop the algorithms without having the data labeled, analyzing clusters to figure out what’s normal and what’s an anomaly.
Unsupervised machine learning can be used as part of a layered defense approach, serving as a scalable safety net across an organization’s information ecosystem. This can help identify rogue uses in all types of networks, distributed or centralized, local or global, cloud or on-premise.
By applying machine learning techniques across a diverse set of data sources, systems can absorb more and more relevant data and become increasingly intelligent. These systems can then help optimize the efficiency of security personnel, enabling organizations to more effectively identify threats. With multiple machine learning modules to scrutinize security data, organizations can identify and connect otherwise unnoticeable, subtle security signals.
See also: How Machine Learning Changes the Game
Machine learning also can produce pre-analyzed context for investigations, making it easier for security analysts of all experience levels to discover threats. This approach enables CISOs to accelerate detection efforts and reduce time expended on investigations.
This article was written by Santosh Varughese. It originally appeared on ThirdCertainty.