As cyber threats continue to evolve, big data and machine learning are increasingly necessary for a strong cyber security strategy. Will Cappelli, vice president of research at Gartner, says that companies are combining big data and machine learning capabilities as part of a more powerful approach to cyber security.
The idea is to deploy a platform that aggregates and manages big data, and to combine this with a machine learning algorithm that analyzes this data to uncover hidden patterns and detect threats.
Keeping Up With Hackers
As cyber security strategies evolve to protect against hackers, hackers are developing increasingly sophisticated strategies to bypass these protections. Using machine learning to automate their attacks, hackers are making breaches more and more difficult to detect.
Malicious actors can use machine learning to automate the selection of the victims most vulnerable to their threats. They can also use machine learning to find weak points of cyber defense systems or to develop new technologies that bypass security software.
The endless battle between hackers and defense systems is only getting more complex, with artificial intelligence fighting against itself. Just last year, a team of researchers showed how hackers could feasibly use AI to change malware code and bypass cyber security systems as a result. In order to stay ahead, cyber defense systems need to deploy machine learning algorithms that are just as or even more powerful and complex.
Identifying Security Events
The fundamental ingredient for machine learning is big data. Sensitive data is often exposed to the risk of being stolen by attackers, which makes it necessary for companies to deploy cyber security applications such as WAFs (Web Application Firewalls) which are able to detect attacks by aggregating information such as directories, URLs, parameters, and acceptable user inputs.
Machine learning, meanwhile, analyzes this information to find patterns, correlations, and anomalies within the data. In the field of cyber security, this means processing massive amounts of security data and distilling it into something more readable for security teams.
It's important to keep in mind that the simple detection of security events isn't useful unless it's understandable to human beings. When machine learning technology processes and organizes data, security teams are able to assess threats within the context of comprehensive, well-organized narratives, rather than being inundated with an overwhelming amount of information. This is critical in helping teams focus their investigations on genuine threats rather than on false positives. Machine learning-driven analysis also ensures that any attacks that are obscured by the flood of security events don't go unnoticed.
Natural Language Processing
Much of the information about security events isn't immediately apparent. On the contrary, it tends to be in the form of unstructured text that is distributed across millions of websites and sometimes even buried within the dark web. Interpreting this text is an impossible task for human beings, but it's easily accomplished using big data analytics and machine learning.
Platforms with natural language processing capabilities, such as Recorded Future, are able find this unstructured text and gather the relevant data. Machine learning tools can be so sophisticated that they make sense of the text regardless of language, punctuation, format, or even jargon and turn it into something readable for security professionals.
Big Data, Machine Learning, and the Human Mind
Big data and machine learning are part of a single architecture, a powerful duo that together can protect against even the most complex threats. A strong cyber security platform requires an inbuilt data management platform that collects and organizes big data, in combination with machine learning algorithms that analyze this data, respond to threats, and prevent against new attacks. Without big data analytics and machine learning, it would be impossible for security professionals to gather and organize the heaps of security events and to interpret all potential threats. While security professionals will always have an important role to play in deciding how to act on these events, the role of machine learning is to distill the large amounts of data into information these professionals can act on in the first place.
Using machine learning to automate attack detection and response, companies can have a quick and robust cyber defense system, one where security professionals work side-by-side sophisticated automated tools.