Today, it’s nearly impossible to ignore the avalanche of cybersecurity noise competing for your attention. For many of us (even those of us in the industry), just getting a grasp on the ever-expanding terminology can be frustrating. You can’t help but notice the deluge of terms such as “artificial intelligence,” “machine learning” and “expert systems.” Simply put, these phrases refer to technologies and approaches at the core of the new cyberworld battleground. When I’m engaging with our customers or audiences during speaking sessions at industry events, they frequently ask about these confusing terms. What do these technologies mean? How can they be used? How useful will they be in helping to protect my business?
In this column, along with helping to clarify those terms, I will address five unique ways machines, using advanced technology, are working against cyber threats and how they can help you and your team protect your organization, both today and in the future.
Playing The Game: AI, ML, B-I-N-G-O
Don’t worry -- I’m not going to bore you with a dissertation on artificial intelligence (AI), or machine learning (ML), or other segments of these fields in computer science. Most people have the right intuition on what these terms entail. Essentially, it is the ability for software and hardware (the machine) to emulate the thinking and decision making we do as humans, especially the learn-as-you-go part. As Steve Dyer -- CTO at my company, Respond Software -- stated in his recent blog post, “AI must be able to react to its environment, make intelligent decisions based on goals, and not just simply process data.”
What makes this terminology confusing is that AI and ML are kicked around as if we know precisely an author’s or speaker’s specific application of this technology to cybersecurity. In reality, there are dozens of machine learning techniques and all sorts of AI applications. My assertion is this: Focusing on the outcome, regardless of the technique, will reap far greater benefits. With that in mind, here are five ways this broad technology can help protect your business from cyber threats.
1. Handling The High Volume
Business data volume and scope are far outstripping a security team’s capacity to review the information for security threats. In addition, the very technologies deployed to stop threats all generate their own signals. In the security field, it is common knowledge that every security operation center (SOC) averages 40-60 installed security vendor products. For these reasons, SOCs have a lot of tooling. However, since these machines were created to generate alerts when something seems suspect, they both help and can be a hindrance to the SOC’s ability to meet its objectives. Machine processing is far superior to people in its ability to handle large amounts of data. Machines don't just help in this capacity -- they may be our only option.
2. Expert Checks
In today’s competitive labor market, you can’t always hire an expert or even a mediocre analyst. Often, you are settling for an unskilled, junior person. You must ask yourself if that approach is what’s best for the security of your enterprise. A second way machines help is by codifying expertise into their algorithms. The term “expert system” means what it says -- it can emulate the decision making of an expert. And, as mentioned above, these machines can perform hundreds of checks in almost real time.
Machines are reliably consistent. Aside from what machines check, they will perform the check every time without question. Doggedly, in fact. Unlike humans, machines do not forget anything, and they will not get distracted by a text message or something that's going on in their lives. Machines really do shine in this aspect. However, while machines are great at repeatability, at least today, they fall way behind when it comes to creativity. And this creative shortcoming is why cybersecurity professionals are and will remain, essential components to the success of an organization and, ultimately, this industry. For well-understood use cases that primarily need consistent checking, however, machines rule.
4. Maintaining Tribal Knowledge
Context plays a huge role in a security team’s decision process and is often overlooked in security environments. Two of the same types of security alerts can have wildly different meanings given their context. For example, a malware detection alert on a server is more meaningful if that server processes financial transactions versus running calendar scheduling software for a company’s meeting rooms. Machines collect and use these contextual factors to help determine which security alerts demand action and in what priority. That machine won’t take its talents to another company or take another internal job, so the tribal knowledge can become institutional knowledge.
Even expert systems might get things wrong at the start. Today’s new systems take in feedback and adjust as necessary. So, making use of this intelligence, machines learn and adapt their priorities accordingly. This means machines won’t become obsolete as soon as they are purchased and will become more effective as they adjust to their surroundings.
It’s clear for business leaders who need to protect their organizations in the face of the new cyberworld battleground: Machines must be integrated to win. Artificial intelligence, machine learning, and expert systems are advanced technologies that deliver significant, relevant and meaningful results to assist an organization’s current security team -- something humans can't do on their own. The combination of man plus machine greatly increases an organization’s security capabilities. More importantly, man plus machine exponentially expands a security team’s capacity to analyze the overwhelming amounts of data from intruders while lowering cost by employing automation for key security use cases.
by Mike Armistead, Co-Founder and CEO of Respond Software
Originally published on December 15, 2017 by Forbes.com. Click here to view the article.