How Machine Learning is Making for Better IT Security

Print Friendly, PDF & Email

Cecilia PizzurroIn this special guest feature, Cecilia Pizzurro, Senior Director, Strategic Data Projects at LOGICnow, discusses the convergence of data/machine learning and cybersecurity, and the idea that these two are playing off of each other in a more meaningful way than ever before. Cecilia leads a team of data scientists and software engineers in Cambridge (US) and Newcastle (UK). These teams use machine learning and big data analytics to find business value in the vast amount of customer data gathered from LOGICnow’s products. She was also the co-founder and CTO of the The Dolomite Group, a South American mining consortium, pioneering machine learning and big data analyses to improve mining efficiency and reduce environmental impact in Peru. This company is currently finalizing its acquisition by a Chilean mining company. Prior to her role at LOGICnow, Cecilia held senior leadership positions at major data companies like Microsoft and startups that were acquired by IBM and Motorola. Cecilia is a product manager by trade and a serial mentor by heart. She is a large supporter of female mentorship and volunteer programs.

Recent threats to the U.S. government and major hospital networks have made it clear that no industry is immune from cyber crime. As data breaches continue to rise to the forefront for businesses small and large, more investments are being made in tools and software to defend against attacks. As a result, more data is being generated from these tools about businesses and their security posture, presenting enterprises with the opportunity to reevaluate IT management strategies. Machine learning and cyber security tools are now working in tandem like never before to provide companies with the best proactive, detective and reactive security strategies possible. With the ability to identify threats before they happen, organizations are changing their cybersecurity strategy from reactive to proactive.

According to this year’s Verizon DBIR Report, 89 percent of breaches had a financial or espionage motive. Cyber criminals are seeking new ways to steal money and identities on a daily basis, and organizations are faced with protecting critical personal and corporate data. Hackers are penetrating networks through malware, ransomware, phishing attacks, false logins and more, and organizations are struggling to keep up with the vast quantity and speed of these attacks. With a shortage of cyber analysts, manually coding and configuring alerts to counter these attacks is not an efficient or realistic method of protecting networks. Automation through machine learning allows companies to make the most of their security data in the following ways:

  1. Eliminating the cyber security data analyst skills gap – Machine learning reduces the need to hire additional data analysts and brings insights to the right decision makers at the right time. According to a recent CompTIA report, the security workforce is in high demand, with available careers growing nearly 50 percent year over year. In addition, training has become more important as technology usage has outpaced security literacy. Nearly half of all IT security professionals believe there are skills gaps within their organization. By automating the process of recognizing valuable patterns in security data, businesses can focus on making better business and hiring decisions with data that is readily available to them. Machine learning is ideal for small and medium sized businesses as it is a cost effective way to keep security data controlled, and it eliminates the need to hire additional team members for data analysis.
  1. Fighting Ransomware – According to 451 Research, a lot of security incidents like ransomware, a type of malicious software that restricts access to files until a ransom is paid, are done by the time big data analysis even begins. So the key to machine learning success is turning a big-data problem (profile creation) into a ‘little data’ problem (anomaly detection), to be able to react quicker. Manual processes are unrealistic when it comes to discovering security anomalies in the middle of large corporate networks. Organizations can use machine learning-based behavioral analytics techniques to track suspicious behavior on company networks. These tools help overwhelmed IT staffs monitor network traffic and help spot ransomware before attackers penetrate IT infrastructure and encrypt mission-critical data.
  1. Identifying Breaches Faster – Machine learning algorithms and statistical analyses for abnormality detection can be used to help identify security breaches. These breaches are usually identified as outliers in established distributions of metrics related to user activities and behavior. Machine learning distributions describe normal vs. unusual behavior including logins at unusual times or locations, suspicious or multiple IP addresses and failed login attempts. This data comes from an organization’s own clients, technology vendors’ customer bases and more. It might include information on security threats, software patches, device failures or even larger infrastructure insights such as ISP bandwidth or data center capacities. All of these data streams can be combined to show high level or granular industry intelligence, resulting in organizations suddenly being able to predict – not just react to – hardware deficiencies, software update requirements or weaknesses in IT security.

Gartner estimates  that organizations around the world will invest $101 billion in information security by 2018, up from $77 billion last year. Businesses large and small have the opportunity to take their security investments to the next level with machine learning. By adopting IT solutions with machine learning capabilities and creating algorithms within pre-existing security data, businesses can capitalize on information security investments and become proactive about their organization’s safety.

 

Sign up for the free insideBIGDATA newsletter.

Speak Your Mind

*