Skip to main content

Machine Learning – Taking Your Security Team to the Next Level

By: Raj Samani, Head of Strategic Intelligence, McAfee LLC 

Machine learning is all around us, enriching our online lives every day. We see it with our own eyes when search engines accurately predict what we’re looking for after we type only a few letters. We feel it protecting our bank accounts evaluating credit card transactions for signs of fraud. We notice it in selections of articles and ads in online newspapers. We no longer think twice about these conveniences; in fact, it’s hard to imagine online life without machine learning.

In relation to cybersecurity, machine learning has been changing the game as a means of managing the massive amounts of data within corporate environments. However, machine learning lacks the innately human ability to creatively solve problems and intellectually analyse events. It has been said time and again that people are a company’s greatest asset. Machine learning makes security teams better, and vice versa. Human-machine teams deliver the best of both worlds.

Machine learning allows endpoint security to continually evolve to stop new attack tactics

The dark web is driven by intelligent bad actors who are often financially motivated to create new threats with new attack techniques. Security becomes personal when considering the people behind the attacks, making the human-machine team the best sustaining defence. CSOs empower security operations to blend the best elements of art and science, where security team employees provide creative responses and leverage machine learning to provide high-performance scientific responses. While machine learning can detect patterns hidden in the data at rapid speeds, the less obvious value of machine learning is providing enough automation to allow humans the time and focus to initiate creative responses when responses are less obvious. By using a filter for optimization across the best advantages of human and machine elements, it’s easier to evaluate the relationship between them.

Machine learning adds critical capability to security strategies

The process of security researchers analysing malware to develop signatures is still important, but only as a capability to address the large volume of known malware because it cannot be expected to evolve quickly enough to meet the rapid pace of malware being introduced to the wild. Machine learning becomes the fastest way to identify new attacks and to push that information out to endpoint security platforms. The key differentiator in incorporating machine learning into endpoint security is the amount of relevant data consumed by the algorithms.

Machine learning manifests itself in multiple ways in helping save security teams’ time and energy:

User experience is optimized - Machine-learning algorithms feed information to the endpoint about file attributes that indicate the presence of malware. These attributes may be related to type, size and source, as well as header anomalies and detected sequences of operating system calls. A quick scan before execution allows security to perform its preliminary triage without souring the user experience.

Suspicious behaviour flagged automatically - Once the program is running, machine learning on the endpoint monitors behaviour for signs of an attack. This runtime detection is keyed by information on attack tactics again uncovered by machine-learning analysis of malware samples in the datacentre. While pre-execution checks file attributes to make a malware decision, runtime execution requires knowledge of specific actions attackers are likely to use. For example, ransomware can render your files useless in less than a minute. Machine-learning analysis of ransomware attacks may uncover timing and access patterns of file shares that would indicate an attack is underway – allowing endpoint security to stop the threat before all files are encrypted.

Highly valuable investigation and response data available automatically - Helping security teams respond to an incident, machine learning can identify suspicious connects and create alerts based on equations. In this case, security analysts need precise information on the threat such as files touched, registry changes, server connections, etc. Because machine learning looks across multiple dimensions, much of the data that incident response teams require is already available, but has traditionally required extensive manual correlation. Ideally, highly valuable investigation and response data would be available through the already-present endpoint management console. The presence of machine-learning technology results in significant time savings – by a factor of 10 is not uncommon – that can help security teams keep the business running
Elevate security teams with machine learning

People matter the most, but combining human intelligence with machine-learning technology creates strong security teams. The visibility into tactics throughout the entire attack chain that machine learning affords is critical to enhancing the relationship between security teams and technology. Machine learning enables security teams to devise new defences quickly to adapt to attackers’ automated processes and make it more difficult for them to be effective. Remember, machine learning places the time sequence of activity observed between security products. With machine-learning assistance, security teams have greater insight into who the attacker is, the methods being used, where the attacks are coming from and how they are spreading, as well as which security measures are working and which are being defeated.

Most importantly, the presentation of machine-learning results enables people in security teams to do what they do best – create intelligent, innovative and effective solutions to new threats before significant damage is done to the business. If people are the company’s greatest assets, then machine learning helps make them even greater.

To close, machine learning should be a critical component of an enterprise’s endpoint security strategy. Given the volume and evolution of attacks hammering away at endpoints, security must be able to adapt without human intervention, and must provide the visibility and focus to enable humans to make more informed decisions. Machine learning has come of age with big data driving accuracy up and false positives down. The proof of successful human and technology teaming will be seen in the ability to rapidly dismiss alerts and accelerate solutions to thwart new threats. Your users deserve the best that cybersecurity has to offer, and today the best endpoint security products leverage machine learning.


Popular posts from this blog

Cloud Computing powering India’s priority of ‘Digital-first country’

By: Sunil Mahale, India MD and VP, Nutanix
Digital transformation has been recognized as being vital to the growth of our nation. This transformation has enjoyed the unanimous approval and contribution from all stake holders including enterprises, MSMEs, government bodies and citizens. But this level of adoption in a country with a population of over a billion people would need a robust technology base that is capable to collecting and distributing vital data seamlessly.
Digital India envisions creating high speed digital highways, that will impact commerce and create a digital footprint for every individual. Technologies based on mobility, analytics, Internet of things and most importantly, cloud technologies are the building blocks for the digital India missionThere is a growing need to manage huge volumes of data, and making them readily available to public through digital cloud services. Cloud has a pivotal role in enabling this change.
While Data centers have become crucial to th…

RevStart launches its RevItUp Incubation Programme

Underlining its vision of creating a nurturing ecosystem for start-ups to grow in, RevStart, a co-working and incubation centre, has announced the launch of its RevItUp Incubation Programme. The 12-week long programme will be held at RevStart Incubation Centre in Noida from July 1, 2018 onwards. As part of the programme, RevStart will select five high potential start-ups from the ed-tech sector, AI, Consumer Internet, Sustainability, as well as for-profit social impact companies to assist them with developing their business, along with connecting them to global mentors across industries and sectors. In addition, start-ups selected for the programme will receive INR 5 lakh to Rs. 25 lakhs worth of cash and benefits, while RevStart will get an equity stake in the ventures.
The RevItUp Incubation Programme has been created to enhance the founding team’s industry, product, and company building knowledge and capabilities through a world-class curriculum. The programme will focus on tailor…

The Workplace of the Future

By: Arnab Ghosh – Director, Synergy Property Development Services)
Workplaces are undergoing a major transformation today to stay relevant. Conventional space planning and design approach for office space are slowly but steadily changing across the globe. What was a trickle a decade back is snowballing into a movement as we speak? The nature of the work we do and the time we spend in our workplace is driving this change. 
The Social Workplace The original office in the west was originally based on the factory floor design. The Workers occupied the maximum space followed by Managers and the Senior Executives in their glass cabins. The term “productivity” also has industrial roots. There were well-defined tasks and targets for the employees to achieve in their working time. All these have changed drastically over the last few decades and going to change further in the future. The culture of organizations has to adapt to this change to stay ahead and retain talent. Productivity is no long…