Machine learning is currently one of the biggest buzzwords in cybersecurity and the tech industry in general, but the phrase is often overused and misapplied, leaving many with their own, incorrect definition.
So, how do you cut through all the noise to separate fact from fiction? And how can this tool be best applied to security operations?
What is machine learning?
Machine learning (ML) is an algorithm that gives the software applications it is applied to the ability to autonomously learn from its own environment, then improve operations based on the data collected. It does this without much human supervision or being specifically programmed to do so.
The technology makes it possible to analyze terabytes of data and discern patterns that would otherwise be missed. People often think that machine learning stops at summarizing data and finding patterns for humans to extrapolate from those patterns, but that’s not correct. ML goes beyond just summaries and rather uses the data to make predictions for the future.
Some examples of machine learning are more obvious than others. When Netflix recommends a new show for you to watch, that suggestion is based on data it collected from what you previously watched.
Machine learning is used for much more than human convenience, though. For example, global energy giants General Electric (GE) and Beyond Petroleum (BP) announced a partnership to deploy machine learning across their wells and oil rigs, stating, “the oil well software will harvest information from sensors monitoring vibrations, temperature, pressure and other well properties. It will store, contextualize and visualize the data, and provide the right BP workers with real-time insights.”
Machine learning and artificial intelligence aren’t synonymous
One of the biggest misconceptions regarding machine learning is that it can be referred to interchangeably with artificial intelligence (AI). While the idea of machine learning is a subset of AI, the two are different. AI is a blanket term for the simulation of human intelligence processes by machines, while machine learning is a way to use the concept of AI, but requires very little guidance from humans, aside from the initial algorithm.
Machine learning and security operations
Many are concerned about the malicious use of machine learning and some studies predict an “arms race” of sorts when it comes to this technology. While no one can accurately predict the future of machine learning and its use by both good and bad actors, there are two major areas where security operations teams should apply it today.
First and foremost, machine learning can significantly improve a security operations center’s (SOC’s) detection abilities. Much like the Netflix example, machine learning can help detect new threats based on past malicious activity. While it may take an analyst several hours to manually go through logs to identify a potential threat and cross-reference it with past incidents, machine learning can enable your systems to do this in an instant, leaving the analyst with more time to spend on investigation and remediation activities.
The second major benefit is in the realm of prioritization. Most security teams are inundated with far more alerts than they can reasonably manage and investigate. Wading through rows of data to determine which alerts are most pressing is tedious and time-consuming. By learning from past alerts and events, machine learning can prioritize alerts for security analysts, illuminating those that are most critical and putting them at the top of the queue for triage and remediation.
This same principle can also be applied in prioritizing resources within the SOC. Let’s say you have an analyst that is hyper-efficient at addressing malware alerts. Utilizing machine learning, your systems can learn to automatically assign the most critical malware alerts to this particular analyst, ensuring that they will be addressed as quickly and effectively as possible. In this way, machine learning becomes a powerful operations enabler, streamlining resource and people management for maximum efficiency and impact.
Analysts’ secret weapon
Machine learning is an analyst’s secret weapon and an increasingly essential asset to have in your toolkit. Machine learning provides SOC analysts with the focus and insights to work smarter, not harder. At the end of the day, security operations are all about preventing threats and neutralizing them as fast as possible. Machine learning uses data to better enable teams to do just that.