Story image

A quick guide to machine learning in cybersecurity

14 Aug 18

You may have seen the words ‘artificial intelligence’ and ‘machine learning’ widely used in the technology industry at the moment, and their appearances are no less prominent in cybersecurity.

ABI Research predicts that machine learning in cybersecurity will help boost intelligence, analytics, and big data spending to US$96 billion by 2021.

“We are in the midst of an artificial intelligence (AI) security revolution,” says ABI Research analyst Dimitrios Pavlakis.

“This will drive machine learning solutions to soon emerge as the new norm beyond security information and event management (SIEM) and ultimately displace a large portion of traditional AV, heuristics, and signature-based systems within the next five years.”

Beyond the numbers and the terminology, there is a simple question: What does machine learning do for cybersecurity, anyway?

“Machine learning is not AI. Machine learning still requires some human intervention and engineering but the technology uses algorithms and predictive models to sift through and monitor the security noise in real-time and flag up things that might need investigating by the organisation's security team,” explains LogRhythm’s Andy McCue.

In association with LogRhythm, we look at four ways machine learning is used in cybersecurity today.

Malware detection

There are so many malware types and variants that security teams and many of the technologies they use can’t keep up. According to AV-Test statistics, there are more than 350,000 new specimens of malware every day.

Because machine learning uses algorithms to rapidly analyse, detect, and classify files and behaviour, it is able to identify those that may be suspicious. The files can then be analysed by a human data analyst.

Monitoring threats and risks in real time

Through real-time monitoring, machine learning is able to use big data analytics to sift through data and guide security teams to the most important threats through actionable and accurate threat intelligence.

User behaviour analysis and insider threats

Machine learning powers many User and Entity Behavioural Analytics (UEBA) security solutions for the simple reason that it is able to build a pattern of ‘normal’ behaviour from historical data.

If something happens on an organisation’s network that doesn’t quite fit with that normal behaviour pattern, it is rapidly classified as an anomaly. Anomalies can often be the result of insider threats, including data theft and privilege abuse by employees, or it could also signal that employees’ accounts have been compromised in some way.

Deep learning

This could be the next frontier for machine learning, although there is a lot of development to go before the technology is mature.

Deep learning leverages neural networks that mimic the human brain and in time, machine learning algorithms may be able to learn without any human intervention or input, and early tests show that this could be a more effective way to detect unknown malware and advanced threats.

Why should your organisation look for security solutions that use machine learning technology?

As we’ve seen, machine learning can transform threat detection and monitoring beyond a time-consuming manual process. It can not only detect malware, but also suspicious user behaviour.

A robust security solution that uses machine learning should provide actionable threat intelligence without overburdening security teams with false alerts.

LogRhythm’s experts are on call to explain how machine learning can benefit your organisation’s security.

Download the Employing Machine Learning in a Security Environment whitepaper to learn more.

McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
Forcepoint and Chillisoft - “a powerful combination”
Following Chillisoft’s portfolio expansion by signing on Forcepoint, the companies’ execs explain how this is a match made in cybersecurity heaven.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.