As CyberRes, we promote the value of solutions that can adapt in near real-time to defend and respond to growing cyberattacks. In essence, there should be a feedback loop to humans defending the organization that leverages analytics to continually analyze protections, then revise their enforcement, governance, and policies dynamically to mitigate risks. By intelligently adapting in this way, customers should be able to evolve and sustain their security posture in the face of the exponentially increasing threat landscape. But we aren’t alone in promoting the advantages of Artificial Intelligence (AI) or machine learning. In fact, there’s lots of noise in the market that makes it difficult to discern real use cases vs. hype.
Fortunately, researchers are delving into this topic to better quantify the value AI brings to cybersecurity. The Center for Security and Emerging Technology (CSET) has a new report: “Machine Learning and Cybersecurity: Hype and Reality.” The report offers four conclusions:
- Machine learning can help defenders more accurately detect and triage potential attacks. However, in many cases these technologies are elaborations on long-standing methods — not fundamentally new approaches — that bring new attack surfaces of their own.
- A wide range of specific tasks could be fully or partially automated with the use of machine learning, including some forms of vulnerability discovery, deception, and attack disruption. But many of the most transformative of these possibilities still require significant machine learning breakthroughs.
- Overall, we anticipate that machine learning will provide incremental advances to cyber defenders, but it is unlikely to fundamentally transform the industry barring additional breakthroughs. Some of the most transformative impacts may come from making previously un- or under-utilized defensive strategies available to more organizations.
- Although machine learning will be neither predominantly offense-biased nor defense-biased, it may subtly alter the threat landscape by making certain types of strategies more appealing to attackers or defenders.
The report authors have no doubt that machine learning can make significant improvements on a variety of cybersecurity technologies. However, they recommend that we need to think about how machine learning can alter specific tasks within cybersecurity, rather than talking in general terms about how machine learning can alter cybersecurity as a whole.
Leveraging Machine Learning
I think the NetIQ Risk Service is a great example of an application of machine learning that provides value. The Risk Service enables administrators to set up and customize policies that effectively measure risk for their environment. The criteria might vary from simple information available about the user’s location or device to leveraging Interset for more powerful behavior heuristics. These context metrics enable you to start out simple and increase context richness where needed. Watch this video, Integrating Machine Learning with NetIQ Risk Service, to learn more about Risk Service.
Another great use case is how ArcSight Intelligence uses machine learning to detect anomalies that may indicate malicious actions. It has a proven track record of detecting insider threats, zero-day attacks, and even aggressive red team attacks. ArcSight Intelligence for CrowdStrike combines the analytical powers of ArcSight Intelligence’s Behavioral Analytics, which uses unsupervised machine learning, with the rich Falcon sensor data from CrowdStrike to enable visibility into hard-to-find threats. Watch the ArcSight Intelligence for CrowdStrike video to learn more.
Stephan Jou (CTO for AI Security at Micro Focus) and Mario Daigle (Senior Director of Analytics at Interset) co-host a podcast, Humans And Machines. Like the CSET report, the podcast explores AI’s potential use vs. the hype. They’ve explored a range of issues, including AI trust issues and AI security. Episode 7, Blockchain & Security, has a blockchain expert on as a guest, Lorne Lantz. Lorne explains how blockchain can be used to revolutionize how we secure and store data, going beyond the typical usage of cryptocurrency.
We need to evolve our cybersecurity capabilities to adapt to rapidly changing and more advanced threats. Machine learning can be applied in specific use cases to help our defenses be more nimble as data volumes grow, computing power increases, Internet bandwidth expands and data scientists enhance their expertise. With the ever increasing cyber threats that businesses face today, machine learning is needed to secure valuable data and keep threat actors out of internal networks.
- Artificial Intelligence and Machine Learning 101
- Elevate your Cyber Resilience with Artificial Intelligence
- From Security Operations to COVID-19: Security AI State of the Nation, 2020
- Essential Guide: AI and the SOC – 5 key takeaways for SecOps Teams
Have technical questions about Security Operations? Visit the ArcSight User Discussion Forum. Keep up with the latest Tips & Info about Security Operations. Do you have an Idea or Product Enhancement Request about ArcSight? Submit it in the Idea Exchange. We’d love to hear your thoughts on this blog. Log in or register to comment below.