Machine Learning Transforms Threat Detection

Organisations and business are being swamped by billions of attempted cyber hacks on a daily basis, which is overwhelming human analysis, however, Machine Learning (ML) is now tipping the advantage toward defenders as it can significantly improve cyber threat detection and prevent threats. ML can manage many information sources and super-correlate information in the millions, billions and trillions daily.

ML comprehends threats in real time, understands the infrastructure of a company and its network design and attack vectors, and protects and defends with human talent and machine power. The algorithm is capable of massive amounts of data mining and these machines don’t stop whereas humans need breaks and sleep.

Improved Detection

An algorithm can learn from its mistakes on the fly. This allows it to always be on its A game. It's always the best version of itself because it's always improving its game. A good ML discipline is one that can "see" patterns of behavior, guessing the form of an attack and how to fight back. The algorithm can be trained with different types of attacks, can learn the methods to gain privileged access and lateral movements, and can even adapt in real time to a situation. An excellent ML approach can learn from false positives.

False positives will always exist, but they're reduced with each interaction with an algorithm because the machine is continuously learning. After implementing an ML system, false positives can be reduced by 50% to 90%.

While ML decreases false positives, it can increase the speed at which threats are detected. That can dramatically shrink the window of compromise for a system. ML detect threats quickly known and unknown threats with unsupervised and reinforced learning. That's why in the chess game between adversary and defender, once an attacker makes a move, all the outcomes from that move can be determined through ML and flagged or blocked.

Cyber Criminals Can Use ML Too

Cyber criminals realise that they can use ML to automate their attacks and eliminate most human intervention. They can write an algorithm, train it with a pattern of attack, and, while the machine is running its sorties, can kick back with a martini by the pool.

That's why defenders need to use ML at every attack vector, at the gateways, at the endpoints, in the cloud, because if there's a gap in a system's defenses, an adversary's ML algorithm will find it. The new cyber-criminal isn't some kid in a dark basement with a computer. It's often a criminal group that's using ML to launch large-scale attacks on thousands of companies at the click of a virtual button.

The Human Factor

Skilled human analysts are sill needed to confirm some actions, make final decisions, and identify exceptions. But with over a million cybersecurity jobs vacancies worldwide, there aren't enough analysts to go around. The large majority of tasks security analysts are being saddled with now is triage work, sorting through threats to find those that need further scrutiny. Fortunately, that kind of work can be done with ML in an effective and efficient way, freeing up analysts' time to address serious threats.

The COVID-19 pandemic has accelerated this shift from off-line processes towards on-line across organisational functions, whether they are corporate, government, or non-profit organisations. Consequently, enterprises have witnessed a significant growth in data and information generated during this pandemic period.

Organisations, particularly in the financial services sector, are investing significantly in Blockchain technology to prepare for the future. Blockchain could become one of the game-changers for the entire world.

The implementation of Artificial Intelligence (AI) and Machine Learning (ML) systems may serve as a solution, bringing with them many benefits in helping to prepare the cyber-security workforce of tomorrow. Currently, the technology’s ability is simple, yet is still of great benefit, in that human staff are freed up to focus on more complex threats, with the AI/ML shield in place to deal with the high volume of more low-level attacks.

Splunk:        TechBeacon:       Enterprise Talk:         Enterprise Talk:      Forrester:      

You Might Also Read: 

AI, Machine Learning & Deep Learning… Whats The Difference?:  

 

« Critical Infrastructure And Cyber Security
Cyber Crime Cost UK Businesses £87billion »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Defense Advanced Research Projects Agency (DARPA)

Defense Advanced Research Projects Agency (DARPA)

DARPA's mission is to develop breakthrough technologies for national security. The Information Innovation Office undertakes cyber security activities.

Talend

Talend

Talend is a leader in cloud and big data integration software. Applications include Risk and Compliance management.

AON

AON

Aon is a leading global provider of risk management (including cyber), insurance and reinsurance brokerage, human resources solutions and outsourcing services.

ICSA Labs

ICSA Labs

ICSA Labs provides third-party testing and certification of IT security software and products, as well as network-connected devices.

CodeOne

CodeOne

CodeOne provides solutions for website and web app security.

Greenbone Networks

Greenbone Networks

Greenbone Networks delivers a vulnerability analysis solution for enterprise IT which includes reporting and security change management.

Cymbel

Cymbel

Cymbel provides businesses and government agencies with the tools and expertise they need to manage the most complex security and compliance challenges.

Digital Hands

Digital Hands

Digital Hands is an award-winning managed security services provider.

Boldon James

Boldon James

Boldon James are market leaders in data classification and secure messaging software.

CyBOK - University of Bristol

CyBOK - University of Bristol

CyBOK is a comprehensive Body of Knowledge to inform and underpin education and professional training for the cyber security sector.

Absolute IT Asset Disposals

Absolute IT Asset Disposals

Absolute IT Asset Disposals is an IT asset disposal (ITAD) company providing safe and secure recycling of IT assets.

3Lines Venture Capital

3Lines Venture Capital

3Lines Venture Capital invests in exceptional founders and startups working on broad disruptive themes of Future of Work, AI enabled enterprises, and Industry 4.0.

RedLegg

RedLegg

RedLegg is a master provider of information security services, a boutique, nimble, old-fashioned customer service company that enjoys the technology battlefield.

Teleport

Teleport

Teleport is a remote-first technology company. We enable engineers to quickly access any computing resource anywhere on the planet.

Data Protection Commission (DPC)

Data Protection Commission (DPC)

The Data Protection Commission (DPC) is the national independent authority responsible for upholding the fundamental right of individuals in the EU to have their personal data protected.

Zenity

Zenity

Zenity is the first and only security governance platform for low-code/no-code applications.