Security MEA speaks with Rajesh Gopinath, VP – Sales Engineering, MEA at Paladion about the significance of Machine Learning in cybersecurity and how it can be leveraged to take on repetitive tasks, and allow experts to focus on security issues that require human insight.
Machine Learning in cyber security seems to be catching up, how real is it and which areas of Cyber Security does Machine Learning contribute to?
How real Machine Learning currently is depends on where you look. It’s an unfortunate reality that some vendors are attempting to sell stand-alone, off-the-shelf Machine Learning security products that simply won’t deliver results. Similarly, many MSSPs are layering similar Machine Learning products over their traditional services in order to claim “Machine Learning” within their service offerings—without actually upgrading their security approach in any meaningful way.
That being said, for us Machine Learning is very real and is applicable in several areas. As an example, we deploy machine learning algorithms as an integral element throughout our AI-driven MDR program. It is also applied in multiple statistical models and learning algorithms to detect abnormalities, outliers, suspicious patterns, and behavior deviations. Such Machine Learning models are an integral element of Paladion’s threat hunting and triaging activities, allowing us to discover unknown threats by mapping them to cyber kill chains, and to identify previously unseen relationships throughout the entire organization’s IT stack and data pools.
What are the key advantages that Machine Learning offers?
Machine Learning offers one key advantage: the ability to process massive quantities of data. Now, this one advantage can be deployed in multiple ways to produce multiple secondary advantages.
One big secondary advantage Machine Learning offers is the ability to replicate many menial cybersecurity tasks much faster and more accurately than a human expert could. Given the world’s critical shortage of cybersecurity experts, it’s essential for Machine Learning to take on repetitive tasks, and allow experts to focus on security issues that require human insight (which machines cannot replicate).
Machine Learning has another big, important secondary advantage—it can not only process past data, but can learn from that data and create new knowledge, instead of simply repeating known rules endlessly. Given the complexity of the modern threat landscape, the ability to create new models, and not be a slave to our existing, finite set of rules is also essential.
What changes does a customer need to incorporate to adopt Machine Learning capabilities?
The first challenge is to forget the idea that Machine Learning is a stand-alone “magic bullet” solution to cybersecurity. Machine Learning cannot deliver results if it’s simply layered over an existing, ineffective security solution. It needs to be incorporated as one element of a full security solution.
When we say a “full security solution”, we mean a solution that combines a multi-functional AI platform (which includes Machine Learning), with a full staff of cybersecurity experts, that protects you at each stage of a threat’s lifecycle.
For this reason, many organizations need to make substantial changes to their cybersecurity approach before they can adopt Machine Learning. Most organizations lack sufficient cybersecurity staff, and are working with traditional MSSPs who maintain a last-generation approach to security. For most organizations, the only solution to adopt Machine Learning is to choose a better partner who covers their staffing and technology gaps, and who offers comprehensive services.
My advice to enterprises adopting Machine Learning is to look for a cyber security partner that can employ algorithms customized to their business, and not accept a blanket approach that is used across the board. This is paramount because every business is different and needs a tailored approach for optimal protection against today’s sophisticated cyber threats.
Why in your opinion enterprises should adopt this model and what extra edge does it provide them in enhancing their protection levels?
It isn’t only our opinion but a number of experts have voiced how Machine Learning can identify cybersecurity vulnerabilities. Enterprises are already adopting this model and top security experts and firms are constantly making the case for it. An ABI Research recently predicted that machine learning in cybersecurity will boost big data, intelligence, and analytics spending to $96 billion by 2021.
Machine Learning—especially as part of a full, AI-driven MDR program—provides multiple advantages over existing, traditional cybersecurity models. It accelerates an organization’s ability to identify, and protect against, emerging global threats. It makes Threat Hunting a viable activity, as it can mine and hunt through terabytes of data, across thousands of devices, in near real-time, not weeks, increasing the speed of detection and reducing an advanced attack’s dwell time from months to minutes.
What is the future for Machine Learning in cyber security and where do you think it will lead us?
The need for Machine Learning will increase until it becomes a standard element of cybersecurity.
Now, we argue Machine Learning already needs to be a standard element of cybersecurity, for two reasons. First, the previously mentioned explosion in threat data. Organizations already need Machine Learning to effectively process this data, and the reasons for this explosion in threat data will only escalate in coming years. Second, because cybercriminals are already using Machine Learning to superpower and accelerate their attacks.
Our only defense: we need to bring greater Machine Learning to our defense.
And we are putting our money where our mouth is. Our full MDR service is already driven by our AI platform—AI.saac—which utilizes Machine Learning at every stage of our full left-to-right-of-hack security services.