The Role of Machine Learning in Cybersecurity
There is no doubt that artificial intelligence (AI) and machine learning (ML) offer major advantages for modern cybersecurity applications compared to older, automated versions. The ability for applications to learn based on experience and use the knowledge to inform their behavior when confronted with similar issues in the future delivers a significant benefit compared to more traditional passive applications.
ML is not a panacea for cybersecurity, but it does introduce intelligence to an organization’s first level of defense against cyberthreats. And it enables organizations to deploy that intelligence across all the major categories of security tasks: prediction, prevention, detection, response and monitoring.
People still matter
But for all its advantages, ML is still heavily reliant on the human element to be successful. Human monitoring and continuous input are required if ML software is to successfully learn and adapt. Without it, there is no way to guarantee ML is using the correct data to arrive at the right conclusions. Human monitoring makes it possible to detect whether the data sets used by ML are becoming corrupted, to test whether the conclusions produced by ML are correct and to help guarantee compliance.
And ML is only as good as the humans who program the software to ask the right questions and ensure it is presented with the right data to learn.
No silver bullet
ML is not the silver bullet that will defend against all cybersecurity threats. The biggest reason for this is both sides of the cybersecurity landscape, good and bad, are adopting the technology. So while it’s true that organizations can gain much from using ML, they also face a greater threat from hackers and criminals using the technology against them.
This is yet another reason why it will be some time, if ever, before the human element is completely eradicated from the security process. With cybercriminals using ML to overcome ML-based defenses, people will remain a vital component in combating the threat by helping identify the technologies hackers could be deploying and how to counter them. Humans can identify the policies, procedures, processes and countermeasures that need to be put in place to keep the organization safe and get the benefit from their investment in ML.
How to use ML
ML is expected to play a role in helping to improve the capability of organizations across all five categories of security tasks: prediction, prevention, detection, response and monitoring.
For example, ML can learn from existing data to make decisions when confronted with new data in areas such as network traffic analysis, fraud detection and user behavior. This enables it to identify different types of attacks across security layers, from the network to the application to the endpoint and down to the user level.
ML can also help a system to learn what response it should recommend to a particular incident and automatically assign risk values for vulnerabilities or misconfigurations based on their description.
Who’s the boss?
ML and AI have frequently given rise to fears that machines would take over jobs from their human counterparts, but there are strong reasons for disputing those concerns. Few, if any, enterprises are seeking to cede human control of their security systems to ML software. The truth is that, for most organizations, there will be an even greater requirement for security experts and data scientists to operate or ‘teach’ the software.
In adopting ML, organizations need to maintain their human capacity to oversee and manage AI and ML technology. They cannot abdicate responsibility for the outcomes produced by ML software to machines, so they need people to be aware of issues around ML transparency, trustworthiness and interoperability.
A learning process
It’s incumbent on them to stay abreast of ML-based cybersecurity technologies, products and services because some will turn out to be significant turning points in the industry. As AI and ML begin to play more direct and obvious roles in IT infrastructures, it’s vital for people to keep their knowledge current and relevant. Only by continuing to learn can people ensure they are prepared for a future where ML plays an increasingly influential role.