There's lot of buzz around machine learning. The days aren't far when the machine learned data will be like other commoditized security products such as Antivirus, firewalls, etc.
What we largely see in today’s landscape allows enterprises to collaborate with various environments through grid computing and on-demand/on-the-fly platforms. While we're enhancing the business productivity, this is simultaneously creating lot of puzzles and flaws. Traditional tools and technologies never:
That’s where machine learning comes into the picture. It can handle the velocity, variety and volume of data.
- consumed data from various and multiple data lakes
- collaborated data with just-in-time techniques
- analyzed, monitored or performed forensic investigations
Machine data is not just logs, but comprehensive records of behavior of end-users, server, networks, applications, transactions and mobile devices. It's not limited to API data, machine configurations, message queues, events, CDR (call detail records), IoT (Internet of Things) data, sensor data from industrial machines, automation and many others. Consequently, in cyber security, machine data is useful for fraud detection, artificial intelligence and recommendations. Therefore, various use cases can be developed.Recently, it's been observed that manual cyber security practices are no longer enough to protect the environment. There are various reasons for this, including:
- Security related data is coming from wide range of connected network devices.
- There's a lack of skilled manpower who know how to feed the machine data into SIEM tool and thus contribute to failure of whole ecosystem and pave the path to intruder.
The impact is thrilling: Cyber risk has been ranked third among the Top 10 global business risks in 2016, according to the Allianz Risk Barometer Survey
. However, this might sound absurd, but the hard fact is that your organization might be next victim of an attack or may be currently under an undetected attack. In these cases, you may be contacted by a third party that your data has been compromised.These attacks are slow and steady and most often conducted by professional cyber criminals with ultimate the objective of stealing data. These international cyber criminals use various types of tools and technologies including:
- viz. bot attacks,
- APT (Advanced Persistent Threats) attacks,
- root kit etc.
Attackers constantly look to escalate access privilege to gather more data. In the near future, advanced detection and mitigation techniques/tools will be used to counter attack - rather than the traditional manual cyber security solutions. The new techniques and tools will include volumetric DDOS, APT and Bot attacks. The biggest advantage with machine learning is that it can, indeed, assist security analysts in detecting actual
threats more quickly and allow organizations to act proactively. This is achieved through in-depth historical analyses of security data. The analyses show how attacks look, based on hidden objects and their associations to each other. If the data is used properly, organizations can defend against attacks more effectively in the future.Moreover, analyses can be done on big data and then used to analyze network behavior to understand appropriate activity. While there are various players in the market to address machine learning capabilities, we need to be extra cautious with any decision. Many of them take a one-size-fits-all approach, as their solutions work on anomalies based on data they've received. This can be ineffective and could miss threats that a previous single approach has missed. Also, single approach methodologies are unable to record the individual objects of a company’s network, with its own unique patterns of operation and supported devices. The other best approach is to go with a multistage machine-learning model, which comprises actual data along with it. This helps enterprises determine which machine learning model will work best for detecting real security events on any particular network. It can also detect changes over time that render network behavioral profiles of normal vs. abnormal traffic without manual intervention.This is a gathering of various data streams from various systems using a variety of machine learning models. It compares the gathered data to the original raw data. On the backend, it runs the gamut of machine learning models such as knowledge-based systems, fuzzy logic, automatic knowledge acquisition, neural networks, genetic algorithms, case-based reasoning and ambient-intelligence.
We're at the cusp of applying machine learning models to the rapidly-growing cyber security challenges of detecting and mitigating APT’s. We'll start to see how Artificial Intelligence (AI) of one data set will serve as input to others and be used to protect networks against cyber threats.