Advanced machine learning lends a helping hand to network security

 

The enterprise's absolute reliance on its network to run its business puts the onus on IT to ensure the availability, reliability, and security of that infrastructure. 

But defending the network against what is an increasingly virulent and sophisticated threat environment can be an extreme challenge. 

IT has a wealth of tools to use in this fight, including those that capture volumes of data that can point to any number of potential threats. 

However, huge volumes of data can completely overwhelm an IT staff, making it difficult to discern the real threats from a harmless anomaly. 

That's where advanced machine learning can help.

------------------------

The Ponemon Institute estimated, in total, security analysts waste 21,000 hours a year researching false positives that lead them nowhere. 

These are hours that would be far better used thwarting actual attacks. 

However, manually trying to distinguish between actual threats and unusual patterns, when so much information exists, can be nearly impossible.

 For this reason, more organizations are beginning to explore the use of machine learning as a means to more quickly and accurately identify threats.

Machine learning -- a discipline that emerged from research into pattern recognition and computational learning theory -- applies algorithms to data culled from systems and networks to make predictions about potential outcomes. 

In network security, it's used to profile traffic to recognize potentially dangerous threats.

Machine learning has been around for decades, but it has been prohibitively expensive because of its intensive computational requirements. 

However, the relative decline in processing costs and vast improvements in the algorithms used to spot trends are making it a much more viable option for businesses.

-----------------------------

Applied science

A number of security vendors -- including Cylance Inc., FireEye Inc. and Carbon Black Inc., as well as managed service providers such as Masergy Communications -- are leveraging advanced machine learning as a the mechanism to accelerate threat identification for a number of use cases beyond network traffic profiling and anomaly detection. 

Advanced machine learning can be applied to analyze user behavior and detect insider threats.

 The technology can also be used for spam filtering, malware identification, and detection.

Clearly, there is enough progress -- and promise -- in using advanced machine learning to find the proverbial needle in the network haystack.

With respect to network profiling, advanced machine learning can be used to recognize patterns in network flow, dig through historical data to identify trends and spot issues indicative of a potential threat. 

The most comprehensive tools ingest data from multiple sources, including network flow, log analysis, signature detection, vulnerability analysis, and threat intelligence.

Conceptually, one of the major advantages of using advanced machine learning for security is its ability to process and analyze huge volumes of data collected over time -- much faster than humanly possible. 

In an era where almost all businesses suffer from a shortage of human security resources, this can be a tremendous help in ferreting out the issues that should command the highest-priority attention.