Why Machine Learning Matters

Past the hype, there's a goldmine of potential in how AI-powered security analytics will transform your business strategy

When considering the direction security is headed, it sometimes makes sense to look back before you look forward.

In cybersecurity’s recent incarnation, companies embraced the omnipresent SIEM platform as a silver bullet that aggregates data feeds. It did deliver on that promise—until they learned the hard way that imprecise correlations exposed an Achilles heel: false-positive alerts.

Companies had to budget in the extra manpower to monitor these alerts and were paralyzed by delayed incident-response times. Those hit by breaches found themselves saddled with a protracted forensics process upsetting executives, shareholders, customers, and even the government.

As a result, analytics emerged, sharpening correlations by baselining behavior through various entities (people, machines, files). This was more effective, but required manually fine-tuning thresholds, which likewise took time and money.

That’s why machine learning, a type of artificial intelligence, became the most popular buzzword at last month’s RSA festival. Analytics are still valuable. But security architects have noticed that solutions which pair analytics with machine learning yield the depth of knowledge and enhanced visibility never witnessed before.

This should be a godsend to anyone concerned with the business of security. Machine learning quickly and more accurately surfaces threats, sparing a company of a costly forensics process. Plus, it can optimize an expensive SIEM system.

So why has machine learning elicited post-RSA skepticism? The industry-noise cycle, casting it as a new technology, carries much of that blame.

In reality, true machine learning has been time-tested, which is a good thing. The innovation here has been applying machine-learning algorithms to a new industry: cybersecurity. While the AI may feel like it’s in a growth spurt, the science itself is not—making analytics imbued with machine learning a low-risk investment.

Additionally, IT staff won’t require a specific skill set to operate this platform. So in lieu of a learning curve, they can divert their attention towards a “data in, intelligence out” experience that helps streamline smarter business and HR decisions.

“At present, the cybersecurity industry is…demonstrating the kind of success that machine learning has achieved in some other industries,” Interset CTO Stephan Jou wrote in the ISSA Journal. “But with rapidly growing volumes of data and better behavioral monitoring aimed at leveraging data, big data, and data lakes, machine learning and security clearly will achieve more breakthroughs.”

We are already seeing that change. Since breaches cannot be prevented—but can be quickly stopped—the automated, shapeshifting nature of machine learning is often breathtaking. In particular, it reacts to business changes, and it notices seemingly invisible inside threats. Those who question that potential are often fatigued by companies making theoretical claims.

In reality, effective machine learning should be rooted in an expanse of analytic models where it will iteratively grow. Because machine learning thrives on data, the platform it lives on must scale to even large and complex environments, while being extensible enough to accommodate custom use cases. In other words: As your company grows, a healthy security platform will unconditionally grow with you.

Interset’s CTO likes to say that math isn’t magic, it’s magical. The bandying about of machine-learning, big-data, and analytics terminology must ultimately add up to practical business strategy. Know that machine-learning analytics validated by researchers and customers do exist—you just need to break out of the hype cycle to find them.