If you were to believe all the marketing buzz about machine learning, you would think it the answer to all security teams’ prayers. But it isn’t. At least not yet. Even so, machine learning is pretty powerful tech and there are places it can be helpful to your security measures right now. Here are six of them.
Finding Insider Threats
Behavioral analytics are very helpful in sorting routine behaviors and work patterns from activities that may indicate either a tendency toward bad behavior on the job or an insider threat in progress.
Machine learning coupled with behavioral analytics and associated data means the machine can recognize nuanced behaviors even earlier than behavioral analytics and experienced security personnel alone could.
Once employees are flagged as a potential problem or engaged in suspicious activity, actions can be taken to prevent problems or clear the employee.
Detecting Fake Accounts
Sometimes thieves create fake accounts to provide a necessary identity to gain authorization for access to data or to fraudulently use someone else’s credit card to make a purchase in the system. Fake accounts on social media can even be used to sway political elections around the world. Whatever they are used for, it is important to detect and delete them early before harm is done. Machine learning has already proven helpful in identifying fake accounts at scale.
“For example, cybersecurity experts uncovered a botnet of 350,000 automated Twitter accounts,” said Dr. Vahid Heydari, director, Center for Cybersecurity Education and Research, and assistant professor, Department of Computer Science at Rowan University. “Recognizing fake profiles on Facebook is also another example of new research topics that leverage machine-learning techniques in cybersecurity.”
Machine learning can assist in distinguishing malicious software from useful software and prevent it from being downloaded or launched.
Network Traffic Analytics
Machine learning can find and sometimes even predict network intrusions from network traffic analysis. It’s particularly good at that when it has been trained to recognize common irregularities and use deviancies which lowers or eliminates alert fatigue caused by frequent false alarms common to other alert systems.
Machine learning can greatly assist in securing robotics. Think of it as behavioral analytics for machines. ML can determine when a command for robotics is out of character for that machine’s typical use and stop the action before harm is done or until a human in charge issues an exception.
The same is true of many internet of things (IoT). ML can detect early or faint aberrations that indicate an unauthorized use or user and stop the action pending human review.
“On the endpoint side of things, machine learning is by now a common technique among the more established products for evaluating unknown binaries or other executables,” said Fernando Montenegro, senior analyst in Information Security at 451 Research.
“There’s variations about the algorithms used – SVMs, random forests, even deep learning – but in essence there’s a well-understood pipeline of: gather data from multiple places, remotely train ML models based on this data, publish updated model to endpoints, run predictions on endpoints,” Montenegro added.
While machine learning still has a long way to go, it has already proven it can handle many tasks at scale. You can expect the machine and human relationship to continue and strengthen in security work.