Story image

A quick guide to machine learning in cybersecurity

14 Aug 18

You may have seen the words ‘artificial intelligence’ and ‘machine learning’ widely used in the technology industry at the moment, and their appearances are no less prominent in cybersecurity.

ABI Research predicts that machine learning in cybersecurity will help boost intelligence, analytics, and big data spending to US$96 billion by 2021.

“We are in the midst of an artificial intelligence (AI) security revolution,” says ABI Research analyst Dimitrios Pavlakis.

“This will drive machine learning solutions to soon emerge as the new norm beyond security information and event management (SIEM) and ultimately displace a large portion of traditional AV, heuristics, and signature-based systems within the next five years.”

Beyond the numbers and the terminology, there is a simple question: What does machine learning do for cybersecurity, anyway?

“Machine learning is not AI. Machine learning still requires some human intervention and engineering but the technology uses algorithms and predictive models to sift through and monitor the security noise in real-time and flag up things that might need investigating by the organisation's security team,” explains LogRhythm’s Andy McCue.

In association with LogRhythm, we look at four ways machine learning is used in cybersecurity today.

Malware detection

There are so many malware types and variants that security teams and many of the technologies they use can’t keep up. According to AV-Test statistics, there are more than 350,000 new specimens of malware every day.

Because machine learning uses algorithms to rapidly analyse, detect, and classify files and behaviour, it is able to identify those that may be suspicious. The files can then be analysed by a human data analyst.

Monitoring threats and risks in real time

Through real-time monitoring, machine learning is able to use big data analytics to sift through data and guide security teams to the most important threats through actionable and accurate threat intelligence.

User behaviour analysis and insider threats

Machine learning powers many User and Entity Behavioural Analytics (UEBA) security solutions for the simple reason that it is able to build a pattern of ‘normal’ behaviour from historical data.

If something happens on an organisation’s network that doesn’t quite fit with that normal behaviour pattern, it is rapidly classified as an anomaly. Anomalies can often be the result of insider threats, including data theft and privilege abuse by employees, or it could also signal that employees’ accounts have been compromised in some way.

Deep learning

This could be the next frontier for machine learning, although there is a lot of development to go before the technology is mature.

Deep learning leverages neural networks that mimic the human brain and in time, machine learning algorithms may be able to learn without any human intervention or input, and early tests show that this could be a more effective way to detect unknown malware and advanced threats.

Why should your organisation look for security solutions that use machine learning technology?

As we’ve seen, machine learning can transform threat detection and monitoring beyond a time-consuming manual process. It can not only detect malware, but also suspicious user behaviour.

A robust security solution that uses machine learning should provide actionable threat intelligence without overburdening security teams with false alerts.

LogRhythm’s experts are on call to explain how machine learning can benefit your organisation’s security.

Download the Employing Machine Learning in a Security Environment whitepaper to learn more.

A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.
How to keep network infrastructure secure and available
Two OVH executives have weighed in on how network infrastructure and the challenges in that space will be evolving in the coming year.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.