Post Published On: November 14, 2017
In relation to cybersecurity, machine learning has been changing the game as a means of managing the massive amounts of data within corporate environments. However, machine learning lacks the innately human ability to creatively solve problems and intellectually analyse events. It has been said time and again that people are a company’s greatest asset. Machine learning makes security teams better, and vice versa. Human-machine teams deliver the best of both worlds.
Machine learning allows endpoint security to continually evolve to stop new attack tactics
The dark web is driven by intelligent bad actors who are often financially motivated to create new threats with new attack techniques. Security becomes personal when considering the people behind the attacks, making the human-machine team the best sustaining defence. While machine learning can detect patterns hidden in the data at rapid speeds, the less obvious value of machine learning is providing enough automation to allow humans the time and focus to initiate creative responses when responses are less obvious. By using a filter for optimization across the best advantages of human and machine elements, it’s easier to evaluate the relationship between them.
Machine learning adds critical capability to security strategies.
The process of security researchers analysing malware to develop signatures is still important, but only as a capability to address the large volume of known malware because it cannot be expected to evolve quickly enough to meet the rapid pace of malware being introduced to the wild.
Machine learning becomes the fastest way to identify new attacks and to push that information out to endpoint security platforms. The key differentiator in incorporating machine learning into endpoint security is the amount of relevant data consumed by the algorithms. Machine learning manifests itself in multiple ways in helping save security teams’ time and energy:
User experience is optimized – Machine learning algorithms feed information to the endpoint about file attributes that indicate the presence of malware. These attributes may be related to type, size and source, as well as header anomalies and detected sequences of operating system calls. A quick scan before execution allows security to perform its preliminary triage without souring the user experience.
Suspicious behaviour flagged automatically – Once the program is running, machine learning on the endpoint monitors behaviour for signs of an attack. This runtime detection is keyed by information on attack tactics again uncovered by machine-learning analysis of malware samples in the datacentre. While pre-execution checks file attributes to make a malware decision, runtime execution requires knowledge of specific actions attackers are likely to use. For example, ransomware can render your files useless in less than a minute.
Machine-learning analysis of ransomware attacks may uncover timing and access patterns of file shares that would indicate an attack is underway – allowing endpoint security to stop the threat before all files are encrypted.
Highly valuable investigation and response data available automatically – Helping security teams respond to an incident, machine learning can identify suspicious connects and create alerts based on equations. In this case, security analysts need precise information on the threat such as files touched, registry changes, server connections, etc.
Because machine learning looks across multiple dimensions, much of the data that incident response teams require is already available, but has traditionally required extensive manual correlation. Ideally, highly valuable investigation and response data would be available through the already-present endpoint management console. The presence of machinelearning technology results in significant time savings – by a factor of 10 is not uncommon – that can help security teams keep the business running.
Elevate security teams with machine learning: People matter the most, but combining human intelligence with machine-learning technology creates strong security teams. With machine learning assistance, security teams have greater insight into who the attacker is, the methods being used, where the attacks are coming from and how they are spreading, as well as which security measures are working and which are being defeated.
To conclude, machine learning should be a critical component of an enterprise’s endpoint security strategy. Given the volume and evolution of attacks hammering away at endpoints, security must be able to adapt without human intervention, and must provide the visibility and focus to enable humans to make more informed decisions. Machine learning has come of age with big data driving accuracy up and false positives down.
The proof of successful human and technology teaming will be seen in the ability to rapidly dismiss alerts and accelerate solutions to thwart new threats. Your users deserve the best that cyber security has to offer, and today the best endpoint security products leverage machine learning.