New Ranks & Badges For The Community!
Notice something different? The ranks and associated badges have gone "Star Fleet". See what they all mean HERE

Machine Learning in the SOC—Part 3: Best Practices for Success

1 0 2,867

Machine learning has the power to transform your security operations, but as with any powerful technology, it needs to be approached strategically. Through our first-hand experience with helping organizations across the world implement and operationalize machine learning in their SOCs, we have identified four best practices that are critical for achieving success.

Machine Learning in the SOC—Part 3.png1. Don’t fall into a buzzword trap

Terms like artificial intelligence (AI) and machine learning are popular in our industry, but there’s a lot of snake oil with vendors claiming to use these technologies. Do your homework to understand what type of machine learning a vendor uses and whether or not that type of machine learning meets your security team’s needs.

Knowing just a little bit about how machine learning works can help you ask better questions when evaluating a vendor, like “What threats are not covered with existing tools and techniques?” or “Which data feeds contain valuable information but are currently underutilized?”

2. Don’t treat machine learning—or any technology—like a cure-all

Your best defense comes from covering multiple bases and leveraging top technologies in conjunction with each other. Machine learning alone won’t catch and stop the bad guy, so make sure you’re enabling a holistic threat detection solution.

For example, pairing Interset user and entity behavioral analytics (UEBA) with a next-gen security information and event management (SIEM) platform like Micro Focus ArcSight gives you a layered approach to security analytics that enables more visibility, better detection, and easier, quicker avenues for responding to known and unknown threats. ArcSight’s real-time correlation quickly and effectively finds the known threats, while UEBA detects the subtle, unknown threats that would otherwise escape detection via static thresholds and rules. The truth is that real-world threat scenarios often require a mix of both of these approaches.

And remember, technology doesn’t solve the problem on its own.

3. Your SOC team members are more valuable than ever

Technology may give your SOC the competitive edge it needs, but it can’t (and shouldn’t) replace the humans in your SOC. SOC teams are forced to deal with ever-growing feeds of data and constantly evolving threats, which can be better managed by machine learning. The best security posture comes from a strong human-machine team that leverages the strengths of each: faster-than-human analysis by machines to identify leads for investigation and the contextual understanding of SOC analysts and threat hunters.

If you do your homework, apply a layered approach, and empower your SOC team, machine learning can significantly transform your security operations efforts and coverage into a powerful threat defense.

Ready to take a proactive stance on security? Learn how you can better protect your business with machine learning by visiting

Read the previous entries in this blog series:

Machine Learning in the SOC—Part 1: Speed Up Your SecOps
Machine Learning in the SOC—Part 2: Identify Your Use Cases

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.