Machine Learning Transforms Threat Detection

Uploaded on 2020-07-28 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Developments

Organisations and business are being swamped by billions of attempted cyber hacks on a daily basis, which is overwhelming human analysis, however, Machine Learning (ML) is now tipping the advantage toward defenders as it can significantly improve cyber threat detection and prevent threats. ML can manage many information sources and super-correlate information in the millions, billions and trillions daily.

ML comprehends threats in real time, understands the infrastructure of a company and its network design and attack vectors, and protects and defends with human talent and machine power. The algorithm is capable of massive amounts of data mining and these machines don’t stop whereas humans need breaks and sleep.

Improved Detection

An algorithm can learn from its mistakes on the fly. This allows it to always be on its A game. It's always the best version of itself because it's always improving its game. A good ML discipline is one that can "see" patterns of behavior, guessing the form of an attack and how to fight back. The algorithm can be trained with different types of attacks, can learn the methods to gain privileged access and lateral movements, and can even adapt in real time to a situation. An excellent ML approach can learn from false positives.

False positives will always exist, but they're reduced with each interaction with an algorithm because the machine is continuously learning. After implementing an ML system, false positives can be reduced by 50% to 90%.

While ML decreases false positives, it can increase the speed at which threats are detected. That can dramatically shrink the window of compromise for a system. ML detect threats quickly known and unknown threats with unsupervised and reinforced learning. That's why in the chess game between adversary and defender, once an attacker makes a move, all the outcomes from that move can be determined through ML and flagged or blocked.

Cyber Criminals Can Use ML Too

Cyber criminals realise that they can use ML to automate their attacks and eliminate most human intervention. They can write an algorithm, train it with a pattern of attack, and, while the machine is running its sorties, can kick back with a martini by the pool.

That's why defenders need to use ML at every attack vector, at the gateways, at the endpoints, in the cloud, because if there's a gap in a system's defenses, an adversary's ML algorithm will find it. The new cyber-criminal isn't some kid in a dark basement with a computer. It's often a criminal group that's using ML to launch large-scale attacks on thousands of companies at the click of a virtual button.

The Human Factor

Skilled human analysts are sill needed to confirm some actions, make final decisions, and identify exceptions. But with over a million cybersecurity jobs vacancies worldwide, there aren't enough analysts to go around. The large majority of tasks security analysts are being saddled with now is triage work, sorting through threats to find those that need further scrutiny. Fortunately, that kind of work can be done with ML in an effective and efficient way, freeing up analysts' time to address serious threats.

The COVID-19 pandemic has accelerated this shift from off-line processes towards on-line across organisational functions, whether they are corporate, government, or non-profit organisations. Consequently, enterprises have witnessed a significant growth in data and information generated during this pandemic period.

Organisations, particularly in the financial services sector, are investing significantly in Blockchain technology to prepare for the future. Blockchain could become one of the game-changers for the entire world.

The implementation of Artificial Intelligence (AI) and Machine Learning (ML) systems may serve as a solution, bringing with them many benefits in helping to prepare the cyber-security workforce of tomorrow. Currently, the technology’s ability is simple, yet is still of great benefit, in that human staff are freed up to focus on more complex threats, with the AI/ML shield in place to deal with the high volume of more low-level attacks.

Splunk:        TechBeacon:       Enterprise Talk:         Enterprise Talk:      Forrester:      

You Might Also Read: 

AI, Machine Learning & Deep Learning… Whats The Difference?:  

 

« Critical Infrastructure And Cyber Security
Cyber Crime Cost UK Businesses £87billion »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Berkman Klein Center for Internet & Society

Berkman Klein Center for Internet & Society

The Berkman Klein Center for Internet & Society is a research center at Harvard University that focuses on the study of cyberspace.

BruCERT

BruCERT

BruCERT is the referral agency for dealing with computer-related and internet-related security incidents in Brunei Darussalam.

ClickDatos

ClickDatos

ClickDatos specializes in consulting, auditing, data protection training, accredited by ISO/IEC 27001 certification.

Cyberint

Cyberint

Cyberint, the Impactful Intelligence company, fuses open-deep-and darkweb Threat Intelligence with Attack Surface Management to deliver maximum protection from external threats.

Clearswift

Clearswift

Clearswift is trusted by businesses, governments and defense organizations globally for its Adaptive Cyber Security and Data Loss Prevention solutions.

FoxGuard Solutions

FoxGuard Solutions

FoxGuard Solutions develops customized cyber security, compliance and industrial computing solutions for critical infrastructure entities and control system vendors.

Cryptsoft

Cryptsoft

Cryptsoft provides key management and security software development toolkits based around open standards such as OASIS KMIP and PKCS#11.

Risk Based Security (RBS)

Risk Based Security (RBS)

Risk Based Security provide the most comprehensive and timely vulnerability intelligence, breach data and risk ratings.

Immuta

Immuta

Immuta empowers data engineering and operations teams to automate data governance, security, access control & privacy protection.

Netpoleon Group

Netpoleon Group

Netpoleon is a leading provider of integrated security, networking solutions and value added services.

Wabbi

Wabbi

Wabbi’s continuous security platform centralizes, automates and orchestrates security governance and vulnerability management to empower development teams to own appsec.

iVision

iVision

iVision is a technology integration and management firm that engineers success for clients through objective recommendations, process and technology expertise and best-of-breed guidance.

Eurotech

Eurotech

Eurotech provides Edge Computers and IoT solutions. We help to connect your assets and make them smarter through secure and agnostic hardware and software technologies.

TeKnowledge

TeKnowledge

TeKnowledge enables governments and enterprises around the world to navigate the challenges with digital transformation today and tomorrow with elite cybersecurity protection and managed services.

BlackSignal Technologies

BlackSignal Technologies

BlackSignal Technologies provides cybersecurity, digital signal processing and electronic warfare products to help DOD and IC agency customers counter near-peer threats and security challenges.

New Relic

New Relic

After inventing application performance monitoring (APM), New Relic stands at the forefront of observability with the most advanced platform for eliminating digital interruptions.