Machine Learning Helps IT and Security Leaders Stay Ahead of Cyber Threats

Cyber security executives are always looking for ways to keep a step ahead of the bad actors and the latest threats. Emerging technologies such as machine learning (ML) are providing a way to do that, and some IT and security leaders have begun taking advantage of tools that leverage these automated capabilities.

Earlier this year, consulting firm KPMG and database provider Oracle surveyed 450 global IT and security professionals, and found that 29% are using ML on a limited basis, 18% do so extensively, and another 24% are now adding ML capabilities to existing security tools.

These organizations need all the help they can get. The same report shows that organizations are struggling to protect their data amidst a growing number of security breaches. A large majority of respondents (90%) classify more than half of their cloud data as sensitive. And while 97% have defined cloud-approval policies, 82% said they are concerned about employees following these policies.

Additional issues companies are facing make security more challenging. Other key findings of the study that indicate this: only 14% of those surveyed are able to effectively analyze and respond to the vast majority of their security event data; 26% cited a lack of unified policies across disparate infrastructure as a top challenge; the new General Data Protection Regulation (GDPR) will impact cloud strategies and service provider choices, according to 95% of respondents who must comply; and 36% of the respondents said mobile device and application use make identity and access management (IAM) controls and monitoring more difficult.

For organizations storing sensitive data in the cloud, an enhanced security strategy is key to monitoring and protecting that data, the report noted. In fact, 40% of respondents indicates that detecting and responding to cloud security incidents is now their top cyber security challenge. As part of efforts to address this challenge, 40% have hired dedicated cloud security architects, while 84% are committed to using more automation to effectively defend against sophisticated attackers.

Cyber security spending on the rise, according to the report, with 89% of those surveyed expecting their organization to increase cyber security investments in the next fiscal year. It’s quite likely some of that spending will go toward ML capabilities.

A recent article on CSO Online identified the top nine uses of ML for enterprise security:

1. Detecting and helping to thwart cyber attacks in progress. While ML is not going to close the door before an attack happens, it might find the indicators before humans would and then suggest possible actions. 

2. Threat intelligence. ML excels at poring over mountains of data and categorizing the behaviors it finds, and when it sees something out of the ordinary it can alert a human analyst. 

3. Identifying, prioritizing, and helping to remediate existing vulnerabilities. An ML-based system might help organizations carry out these activities every day and make unpatched vulnerabilities less of a concern. 

4. Security monitoring. When properly programmed, ML can consume large pools of data to look for anomalies, and might be able to juggle log files and error messages from a range of products. 

5. Detecting malware, including ransomware phishing attacks. ML might be the only tool available that isn't backward facing in the form of signatures that detect yesterday's ransomware, CSO said. The ability to check for anomalous behaviors is being put to work chasing ransomware, to good effect.

6. Examining code for vulnerabilities. Developers need to know how to code for security concerns, but ML can help automate that process by analyzing code for common loopholes and vulnerabilities that can be exploited.

7. Data categorization. To meet data privacy and protection regulations, organizations need to know the characteristics of the data they're protecting, the article noted. ML can be harnessed to scan newly arriving data and classify it to levels of sensitivity, so systems can protect it accordingly. 

8. Honeypots. By deploying honeypots in enterprise networks, companies can gather data that they can label as malicious. If there are enough honeypots and data, deep neural networks can be used to create a model that can detect attacks with strong accuracy. 

9. Predict and adapt to future threats. Predictive security analytics shows some promise for business intelligence, CSO said. It’s possible that similar ML technology can be harnessed to project vulnerabilities and breaches in the future. 

Clearly there are plenty of actual or potential use cases for ML within cyber security programs. To protect themselves against the latest attacks, organizations need to begin looking into these if they haven’t already.