Story image

A quick guide to machine learning in cybersecurity

14 Aug 2018

You may have seen the words ‘artificial intelligence’ and ‘machine learning’ widely used in the technology industry at the moment, and their appearances are no less prominent in cybersecurity.

ABI Research predicts that machine learning in cybersecurity will help boost intelligence, analytics, and big data spending to US$96 billion by 2021.

“We are in the midst of an artificial intelligence (AI) security revolution,” says ABI Research analyst Dimitrios Pavlakis.

“This will drive machine learning solutions to soon emerge as the new norm beyond security information and event management (SIEM) and ultimately displace a large portion of traditional AV, heuristics, and signature-based systems within the next five years.”

Beyond the numbers and the terminology, there is a simple question: What does machine learning do for cybersecurity, anyway?

“Machine learning is not AI. Machine learning still requires some human intervention and engineering but the technology uses algorithms and predictive models to sift through and monitor the security noise in real-time and flag up things that might need investigating by the organisation's security team,” explains LogRhythm’s Andy McCue.

In association with LogRhythm, we look at four ways machine learning is used in cybersecurity today.

Malware detection

There are so many malware types and variants that security teams and many of the technologies they use can’t keep up. According to AV-Test statistics, there are more than 350,000 new specimens of malware every day.

Because machine learning uses algorithms to rapidly analyse, detect, and classify files and behaviour, it is able to identify those that may be suspicious. The files can then be analysed by a human data analyst.

Monitoring threats and risks in real time

Through real-time monitoring, machine learning is able to use big data analytics to sift through data and guide security teams to the most important threats through actionable and accurate threat intelligence.

User behaviour analysis and insider threats

Machine learning powers many User and Entity Behavioural Analytics (UEBA) security solutions for the simple reason that it is able to build a pattern of ‘normal’ behaviour from historical data.

If something happens on an organisation’s network that doesn’t quite fit with that normal behaviour pattern, it is rapidly classified as an anomaly. Anomalies can often be the result of insider threats, including data theft and privilege abuse by employees, or it could also signal that employees’ accounts have been compromised in some way.

Deep learning

This could be the next frontier for machine learning, although there is a lot of development to go before the technology is mature.

Deep learning leverages neural networks that mimic the human brain and in time, machine learning algorithms may be able to learn without any human intervention or input, and early tests show that this could be a more effective way to detect unknown malware and advanced threats.

Why should your organisation look for security solutions that use machine learning technology?

As we’ve seen, machine learning can transform threat detection and monitoring beyond a time-consuming manual process. It can not only detect malware, but also suspicious user behaviour.

A robust security solution that uses machine learning should provide actionable threat intelligence without overburdening security teams with false alerts.

LogRhythm’s experts are on call to explain how machine learning can benefit your organisation’s security.

Download the Employing Machine Learning in a Security Environment whitepaper to learn more.

Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nozomi and RIoT to deliver advanced ICS security solutions to Australia
''As a specialised integrator of robust and resilient ICT and IoT solutions within Australia, we are delighted to be partnering with Nozomi Networks."
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
SIS announces a partnership with Platform 4
“We are looking forward to a strong future in the New Zealand security industry with this global giant as our strategic partner."
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”