Story image

A quick guide to machine learning in cybersecurity

14 Aug 18

You may have seen the words ‘artificial intelligence’ and ‘machine learning’ widely used in the technology industry at the moment, and their appearances are no less prominent in cybersecurity.

ABI Research predicts that machine learning in cybersecurity will help boost intelligence, analytics, and big data spending to US$96 billion by 2021.

“We are in the midst of an artificial intelligence (AI) security revolution,” says ABI Research analyst Dimitrios Pavlakis.

“This will drive machine learning solutions to soon emerge as the new norm beyond security information and event management (SIEM) and ultimately displace a large portion of traditional AV, heuristics, and signature-based systems within the next five years.”

Beyond the numbers and the terminology, there is a simple question: What does machine learning do for cybersecurity, anyway?

“Machine learning is not AI. Machine learning still requires some human intervention and engineering but the technology uses algorithms and predictive models to sift through and monitor the security noise in real-time and flag up things that might need investigating by the organisation's security team,” explains LogRhythm’s Andy McCue.

In association with LogRhythm, we look at four ways machine learning is used in cybersecurity today.

Malware detection

There are so many malware types and variants that security teams and many of the technologies they use can’t keep up. According to AV-Test statistics, there are more than 350,000 new specimens of malware every day.

Because machine learning uses algorithms to rapidly analyse, detect, and classify files and behaviour, it is able to identify those that may be suspicious. The files can then be analysed by a human data analyst.

Monitoring threats and risks in real time

Through real-time monitoring, machine learning is able to use big data analytics to sift through data and guide security teams to the most important threats through actionable and accurate threat intelligence.

User behaviour analysis and insider threats

Machine learning powers many User and Entity Behavioural Analytics (UEBA) security solutions for the simple reason that it is able to build a pattern of ‘normal’ behaviour from historical data.

If something happens on an organisation’s network that doesn’t quite fit with that normal behaviour pattern, it is rapidly classified as an anomaly. Anomalies can often be the result of insider threats, including data theft and privilege abuse by employees, or it could also signal that employees’ accounts have been compromised in some way.

Deep learning

This could be the next frontier for machine learning, although there is a lot of development to go before the technology is mature.

Deep learning leverages neural networks that mimic the human brain and in time, machine learning algorithms may be able to learn without any human intervention or input, and early tests show that this could be a more effective way to detect unknown malware and advanced threats.

Why should your organisation look for security solutions that use machine learning technology?

As we’ve seen, machine learning can transform threat detection and monitoring beyond a time-consuming manual process. It can not only detect malware, but also suspicious user behaviour.

A robust security solution that uses machine learning should provide actionable threat intelligence without overburdening security teams with false alerts.

LogRhythm’s experts are on call to explain how machine learning can benefit your organisation’s security.

Download the Employing Machine Learning in a Security Environment whitepaper to learn more.

How healthcare can prepare for My Health Record roll-out - Proofpoint
Australia’s healthcare sector is the continent’s biggest cybercrime target, according to a July report from the Australian Information Commissioner.
How DEX aims to guide process-enabled automation strategies
"Although automation is gaining a lot of momentum, there are many instances where early adopters have failed to achieve their business transformation and ROI goals."
Penten & Cyber Security CRC to research 'advanced cyber traps'
The research centres on how advanced cyber traps, which are used to identify data breaches as they happen, can be used in conjunction with tools such as artificial intelligence.
Achieving cyber resilience in the telco industry - Accenture
Whether hackers are motivated by greed, or a curiosity to assess a telco’s weaknesses; the interconnected nature of the industry places it in a position of increased threat
The CISO view on DevOps: How to protect privileged access in the cloud
While security strategies should address privileged access and the risk of unsecured secrets and credentials, they should also closely align with DevOps culture and methods.
Nasuni receives AWS competency status for primary storage
The recognition certifies that Nasuni Cloud File Services meet AWS's strict technical proficiency requirements for primary storage.
How mass data fragmentation impacts business growth and compliance readiness
"About 44% of Australian businesses use six or more solutions to try to manage fragmented data sources and repositories."
LogicMonitor launches container monitoring solutions
Kubernetes monitoring and LM Service Insight provide performance analytics and data retention for microservices and containerised applications.