Why Machine Learning will Boost Cyber Security Defenses amid Talent Shortfall

Written by

The demand for cybersecurity professionals already outpaces supply and it’s only going to get worse. ISACA predicts there will be a global shortage of two million cyber security professionals by 2019.

How can security professionals keep up? We need to enlist the service of our most powerful creations: machines. Machine learning is our best hope for securing the exponential growth of technology. Imagine systems designed to learn the behavior of its users.

You typically access your applications and data from common physical locations and devices. Let’s say you log onto one of your applications from your tablet, which happens to be connected to a coffee shop’s wi-fi network in your hometown. You do a bit of work, close your application, and move on to something else. Ten minutes later, an attacker using something that appears just like your device accesses the same application you were just working in, and logs on with credentials stolen by a listener that was set up your coffee shop. However, the attacking device is connected to an internet hub located in Tanzania.

Instead of granting access and logging the attacker into the application, the application’s behavioral analysis engine would recognize that an improbable travel event has occurred. There is no way anyone could have gotten from where you are to Tanzania in ten minutes, so the access to the application is denied and an alert is triggered. Only a few applications support this level of behavioral analysis today, and the sophistication of the analysis engines are still basic. Sure, this concept is a little Big Brother for some, but in the end it will help keep us secure.

Our application example leads us directly into the most dangerous and disruptive aspect of modern tech: data. Data is what every hooded shadow-faced hacker on the planet is after. Information is the currency of our age and is surprisingly unprotected in most scenarios. Look at the multitude of breaches, leaks and ransoms of the past ten years and the picture becomes clear.

Efficient data protection needs machine learning. Should your users be able to copy files from a corporate network to a thumb drive? What about a privileged user who can access multiple data repositories with sensitive information? This is a trusted user, but suddenly they begin copying files from places they have never visited before. What about printing documents with sensitive information or trade secrets?

Using humans to monitor the quotidian behavior of employees daily makes it difficult to identify anomalous patterns. It’s a different story with machine learning. This all leads us back to the shortage of security professionals. With the right policies and analysis techniques in place, AI will do the job of hundreds of humans, whether it’s monitoring active leakers like Ed Snowden or Reality Winner, or protecting sensitive data when a company mistakenly leaves it on an unsecured server. Don’t think of this as job replacement, but job augmentation.

Innovative organizations are blazing the way through the tech jungle and helping connect many of the necessary components for truly automated security. The old way of doing security isn't working anymore; putting up a firewall between the internet and your network can no longer protect you holistically. Viruses and malware have evolved to evade traditional anti-virus and anti-malware protection mechanisms. Patching your servers and workstations is too slow with rapidly emerging zero day threats.

Security, however, is not all doom and gloom. Innovation is the key to truly connected security. Machine learning can augment our firewalls and include behavior intrusion detection and prevention with geographical awareness. AI can protect our endpoints by not only looking at the payload of threats but also the behavior of the application. Patching will continue to be a necessity, but micro-segmentation changes the way many applications are run in a “server less” architecture.

We do indeed live in an exponential age of technology. For now, our machines still need to be told what to do. Policy is where the human element will continue to be necessary and will require the most skill. With the right tools in place, security will require far fewer people to be effective.

In the end, automation and machine learning are our only hope to keep the looming 2019 IT job shortfall from leading to a catastrophic crippling of our infrastructure and national security.

What’s hot on Infosecurity Magazine?