A smarter, more secure enterprise

Machine learning is making its move into virtually every realm that uses computer technology, and it’s easy to see why. The artificial intelligence that drives machine learning doesn’t need to be specifically programmed to perform a certain job. Instead, algorithms analyze real-time data and use patterns to control computer functions. Perhaps one of the best known examples of machine learning is the self-driving car, but it is used to allow businesses to predict customer purchasing behavior and may soon assist TSA in passenger screening.

There is little doubt that machine learning will revolutionize business and everyday life. However, many in the IT profession also see machine learning as a way to improve cybersecurity. The reason, according to Security Week, is because there is so much security information to decipher, it is nearly impossible for humans or our current security tools to handle it all effectively. Security professionals, the article added, simply do not have enough hours in a day to address today’s threat landscape.

“Imagine you have thousands and thousands of Terabytes of data that you want to analyze already split into smaller blocks and pre-sorted into categories, while you have new data continuously being added,” explained Filip Chytry, Manager, Threat Intelligence, from Avast. “You can leave it up to a machine to learn certain vectors from predefined categories and then allow it to decide how it is going to handle new and unknown data.”

Avast has been using machine learning for several years now, and it is how the security software company stays up to date and able to rapidly respond to new threats. “Currently, new threats are developing way too quickly for humans to keep up with. Some malware samples even use machine learning to prevent antivirus detections,” said Chytry.

Go phish, cybercriminals

Machine learning is becoming a popular tool for cybercriminals who are always looking to generate new and complicated-to-detect threats, says Chytry. In order for businesses to keep up, it makes sense to consider how machine learning can improve internal security efforts.

James Simpson, Head of Marketing Analytics and Business Development at Maluuba, a machine learning start up in Canada, points to how machine learning can help companies handle phishing attacks, which remain a popular tool for cybercriminals. Machine learning analytics examines the millions of inter-office emails a Fortune 500 company sends to learn how employees write and discuss topics via email.

“It would then have no trouble picking out a phishing email of a corporate vice president, since the phishing email wouldn’t likely match the style and way an executive writes,” said Simpson.

Supervised machine learning vs. unsupervised machine learning

Machine learning for security purposes can be approached in two ways, according to Liz Goldberg, Product Marketing Manager with SAS Cybersecurity Practice: supervised and unsupervised. Supervised learning algorithms are trained using labeled examples, such as an input where the desired output is known. The strength of this approach, said Goldberg, is in its potential to reduce the overall number of security alerts generated by more basic anomaly detection techniques. Unsupervised learning is used against data that has no historical labels. Instead, the algorithm must figure out what is being shown. The benefit of using this approach is that it can potentially find new patterns in the data that were not previously known and use them as basis for future detections.

“It’s easy to see why machine learning is being embraced to drive security applications,” said Goldberg. “Given the right data upon which to build the analytic baseline, machine learning combined with other data analysis tools have tremendous potential to revolutionize the industry.”

Does this mean 2016 is the year machine learning makes a real impact in cybersecurity? That will depend on whether or not companies are willing to make the investment. For those that do, Avast’s Chytry thinks it could be what sets those organizations apart from others.

“If each company has its own specifics and behavior, machines can independently adjust their security based on different internal networks,” Chytry said. “Essentially, many new-generation security systems have the ability to learn from each specific network.”