It feels like the barbarians are continually at the gate. We can’t seem to go more than a week before a new data breach is in the news, impacting potentially millions of individuals. The targets range from companies like Omni Hotels, who had been breached affecting up to 50,000 customers whose personal and credit card information was exposed, to North Carolina State University, where over 38,000 students personal information, including their SSN’s, were at risk. As I mentioned in a recent blog ‘Internet of Things and Big Data – who owns your data?’, we have been storing our personal and credit card information in a variety of systems, credit card companies, banks, online retailers, hotels- and that’s just naming a few. The information in those systems is more valuable than gold to the hackers. The hacker attacks are constant, creative, and changing frequently.
Preparing to prevent, detect, and respond to these barrage of attacks is a daunting task. This is not meant to be a doom and gloom, the sky is falling discussion. It is just a reality of networked system. Our challenge as technologists is to help the business understand the risks, the tools, and processes needed to help protect and respond. One of the new tools entering the conversation is machine learning. Let’s take a look at the challenges and how machine learning may be a valuable asset in the battle.
Walking the Tightrope Over a Tank of Hungry Sharks
Protecting a business’s data and systems from the barrage of hack attacks is a daunting challenge. It’s always a delicate balance of cost, risk, and benefit. Additionally, we must balance protecting the data while ensuring those that need access, have access. As many who have read my blogs know, one of my favorite phrases is, “Everything is a tradeoff.” There is no one size fits all solution.
Sadly, we have all seen the situation where many companies operate in reactive mode. When a high-profile breach occurs, it’s all hands on deck. Are we at risk? What are our security and response measures? New plans are drawn up for the situation – everyone feels great and the situation is under control. As the memory of the breach fades, the plans are not revisited. That is, until the next high-profile breach.
Part of the challenge is the rapidly changing, disruptive technology environment we work in. Things are moving at breakneck speeds. Connected devices growing at exponential rates. This introduces potential new risks we may not even be aware of. To keep up with that rapid pace requires resources, which are also required to help develop new functionality and provide business value to the company. Striking the balance is not easy. Hackers resources are focused on one thing, and one thing only, finding the holes in that disruptive environment. Hence, the tightrope and the shark tank.
Entering From Stage Right, Machine Learning
One of the new technologies entering the conversation lately is machine learning. Gartner identified machine learning as one of the top 10 technology trends for 2016. It is definitely a hot topic. The goal of machine learning sounds simple: provide systems with the ability to learn based on the information provided them. There are two key things to make the magic happen
- Complex algorithms that allow the system to develop its own analytical models based on inputs. Those models are constantly changing based on the information provided.
- Lots of data to fuel these algorithmic engines and the models they produce. The more data, the more accurate the models developed (i.e. the more the machine learns).
Imagine if you could leverage that capability to help deal with your cyber security risks and challenges. Machine learning tools that are constantly receiving information about changes in your systems, access to your systems, other breach attacks, information about risk points, security patches. The potential benefits could help make sure you are staying on that tightrope.
Machine Learning Is Already in the Cybersecurity Space
While still in its infancy, vendors have already started leveraging machine learning to aid in the hacking wars.
- Cisco introduced StealthWatch at its recent CiscoLive Event. StealthWatch "offers machine learning algorithms for security baked into ISR branch routers."
- Samsung recently invested in UK Startup Darktrace. Darktrace provides "solutions that use machine learning technology to detect and respond to cyber security threats from insider attacks, ransomeware, and machine-based attacks to unknown threat scenarios."
- DARPA has started "a competition to help automate defense and see how artificial intelligence can combat cyber-threats."
- Invincea Labs is looking to leverage machine learning for "Improving attribution and malware detection."
No Technology Is a Silver Bullet
There is no doubt: machine learning technology has amazing potential in the cyber security place. I welcome it as a powerful addition to my tool box. That being said, it is not a silver bullet. It is one of many tools in a toolbox. As technologists, it is our responsibility to understand what the underlying business needs are related to security. What data needs protection and at what level. No technology negates the need for good design and planning, machine learning in the cyber security space is no different. These are exciting times in the technology space. With the right tools, design, and planning, we can help bring value to the business, and provide the level of protection needed in this rapidly changing space.