Automating Threat Detection: The Importance of Machine Learning
Source – csoonline.com
Cybersecurity professionals and the organizations they attempt to protect are drowning in data about threats and false-positives, with more than250,000 new malicious programs registered every day. Organizations are seeing anywhere from 500 to 200,000 security alerts per day, yet often don’t investigate them. One study shows thatfewer than 1% are investigated.
“Most organizations are dealing with 10 to 25 technologies ranging from SIEM [Security Information and Event Management], vulnerability assessment, endpoint detection, threat intelligence and user behavior to incident response,” said cybersecurity guru Jon Oltsik, senior principal analyst, ESG. This is driving a shift in focus from threat detection to incident response, with 92% having deployed, plan to deploy or are interested in deploying machine learningtechnology to support automation and orchestration, he noted.
ABI Research forecasts that machine learning in cybersecurity will boost big data, intelligence, and analytics spending to $96 billion by 2021. “We are in the midst of an artificial intelligence security revolution,” says Dimitrios Pavlakis, industry analyst at ABI Research. “This will drive machine learning solutions to soon emerge as the new norm beyond SIEM, and ultimately displace a large portion of traditional AV, heuristics, and signature-based systems within the next five years.”
Machine learning “is in its infancy and not well understood,” said Oltsik, or what Kevin Walker, Juniper Networks’ security chief technology and strategy officer, calls generation 1.5 from a security perspective. “But there are some very good examples out there where they really have figured out the right algorithms where you can just basically give this to machines, have them crunch like crazy and come back with not so much artifacts but indicators. And that’s what we’re looking for. It’s a matured discipline, but it’s still maturing within security.”
The networking vendor believes machine learning is essential if organizations want to be able to detect and resolve new threats which are being launched at an accelerating pace. “It’s a cybersecurity gamechanger,” says Walker.
Juniper has created a cloud-based malware detection solution called Sky Advanced Threat Prevention (Sky ATP) that leverages automation and machine learning so that it can be rapidy updated, retained, and applied to the constantly changing threat landscape. It uses layered analysis of known and unknown malware to stop new threats. Building a machine learning pipeline from the ground up allows the company to learn directly from sample data, as well as enable it to be integrated across all threat prevention products so they can all benefit from classification-optimized algorithms.
This approach means systems can continually and dynamically learn what’s “normal” in software structure, software behavior, and network traffic patterns and usage, and thus become more effective in finding and thwarting new attacks before they can cause significant harm. With machine learning, millions of variables and data points can be analyzed at once to identify anomalies that could indicate an attack.
The threat environment will continue to grow and evolve as more and more information proliferates in the 24×7 digital world. Machine learning won’t stop all this by itself, but it “fundamentally changes the security equation by dramatically improving the accuracy of malware detection and risk classification,” says Walker at Juniper.