Gartner currently lists machine learning at the top of its hype cycle. The market is awash with products that claim to have built a better mousetrap, that better solve common problems. While the promise of machine learning is proven, what does this new approach hold for cybersecurity? Is this a silver bullet or just more lead? Even today, spam detection via machine learning keeps Nigerian Princes, tragedy scammers, or suspicious password change emails away from your inbox. The challenge now is to transform early success into broader applicability in cybersecurity.
What is Machine Learning?
Machine learning is a type of artificial intelligence (AI) that provides computers with the ability to learn without being programmed. Machine learning comes to life by the data flowing through its algorithms. In theory, the richer the quality of data the better results. In practice, traditional machine learning requires two special ingredients, human intuition, and experience, to build features and high-quality training data sets to teach algorithms. Building and maintaining data features is expensive and complicated. Current practices need specialized data scientists to clean and transform data into an insightful entity.
An evolutionary concept is Deep Learning. Deep learning is a branch of machine learning that reduces the human dependency to build features. Deep learning algorithms attempt to mimic functions of the human brain to observe, analyze, learn and make decisions. The promise of deep learning lies in its ability to reduce human dependency to learn and infer from data.
Machine Learning and Cybersecurity
So how has Machine Learning impacted cybersecurity? With the increased awareness of machine learning technologies, security buyers are keen to test if the sales talk can match the product walk. Can machine learning deliver on the promise of faster and accurate detection while reducing TCO?
Understanding the impact of machine learning starts off with analyzing the impact to cybersecurity tools and security practitioners. Let’s look at tools first.
Can machine learning be a silver bullet to reduce dwell time? The first step to building accurate tools for threat detection is to train machine learning programs with known good behavior. For example, when a corporate citizen accesses corporate files from a company-issued laptop at their usual office location. You would also need to account for unusual yet normal patterns. Travel days when corporate assets need to be accessed from the airport cafe on a personal phone. Multiply these scenarios across your user base to build a baseline understanding of your users. A good threat detection tool will have to have extensive knowledge of your workforce to flag suspicious behavior. The lack of credible datasets will increase false positives and in fact hinder your ability to detect threats. Without good training data, existing non-machine-learning vendors will outperform machine learning vendors.
An area of promise for machine learning is adaptive authentication. Adaptive authentication understands your authentication patterns to either reduce or increase your login friction. Login signals such as device, time, location, frequency can feed into machine learning algorithms to build risk scores or drive adaptive policies. Low-risk scores can result in experiences such as reduced friction logins etc., while high-risk logins can result in deployment of smart multi-factor authentication (MFA) policies. When powered with good training data, adaptive authentication can reduce the workload of security and IT teams while empowering your users.
Current machine learning-based cybersecurity solutions can be augmentative signals to a human-driven security approach. In typical security operations center investigations where security analysts need to sift through volumes of data to find a meaningful indicator of compromise, machine learning can reduce the data set of form volumes of structured and unstructured data to a few hundred useful data points. Human intelligence can then kick in to apply context and determine the best course of action.
The Risks of Leaning on Machine Learning for Cybersecurity
The promise of machine learning comes with a number of associated risks. Training data itself can represent a valuable target for attackers. Biases in the training and evaluation datasets can increase cybersecurity blind spots. Cold starts during early phases of deployment require extensive human hand holding. While this initial hand-holding can reduce true TCO, its lack can result in increased cybersecurity risks. Finally, machine learning solutions are prone to the problem of high false positives.
It is not far-fetched to say we are in the early stages in realizing the potential for cybersecurity. Algorithmic improvements, better libraries, and faster computing will drive the next generation of cybersecurity products. Till we reach the promised land, we will see evolutionary changes to incorporate machine learning in the SoC. For the moment, the security posture continues to be a human-driven experience with able guidance from machine learning systems.
To learn about Okta’s adaptive technology and how it can help you secure your users, check out our adaptive multifactor authentication product page or sign-up for a free 30-day trial. As always, we love to hear back from you.