Artificial intelligence and machine learning are the rage in tech right now and not surprisingly, many cyber companies are beginning to automate an increasing amount of their operations. Some of this is great, particularly when it assists cybersecurity professionals to automate mundane tasks and focus more of their attention on higher level analysis. But so far, machine learning is more hype than helpful for cybersecurity, but that does not mean you can't automate some tasks to keep your organization safe.
At its most basic, machine learning technology is supposed to enable cybersecurity companies to predict the nature of future attacks based on past behavior, similar to how Netflix displays what you want to watch based on what you've previously viewed. According to Jack Gold, president and principal analyst at J. Gold Associates, this innovation can assist cyber companies to transition away from a “signature-based” system to detect malware. Instead, he sees more companies adopting a machine learning approach that aims to analyze past incidents in a broader manner and aggregate information from a multitude of sources.
Specifically, some machine learning applications for cybersecurity are effective at doing the following: detecting malicious activity, helping security officers determine what tasks they need to complete in an investigation process, analyzing mobile endpoints, decreasing the number of false positive threats, automating repetitive tasks like interrupting ransomware, and potentially closing some zero-day vulnerabilities.
A number of tech giants have invested in these capabilities recently, including Google, which is employing machine learning to help protect Android mobile endpoints. Amazon also bought a startup called harvest.AI to help it aggregate and better understand data located on the S3 cloud storage service.
That said, the signal-to-noise ratio for threat intelligence-type automation events isn't effective for most organizations at the moment. The reality is automating threat intelligence -- or in other words, identifying adversaries automatically -- is difficult to execute within an organization because every company's threats, vulnerabilities, and risks are unique. Ultimately, machine learning can help cybersecurity outfits, but it can't replace many important functions.
In an article for Forbes, Alexander Polyakov explains well why machine learning's applications for cybersecurity are limited. He writes, “There will always be a person who tries to find issues in our systems and bypass them. Therefore, if we detect 90% [of] attacks today, new methods will be invented tomorrow.”
Put in another way, there is a reason that machine learning is very good at predicting events like the weather. As McAfee CTO Steve Grobman described at McAfee MPOWER, their annual security conference, the weather abides by laws of physics. So even with phenomena such as global warming, the weather will largely act in the future based on how it has been in the past.
Cyber attacks, meanwhile, are the complete opposite. Hackers become smarter, and are always one step ahead of cybersecurity officers, inherently and frequently shifting their strategies so that CISOs will not detect them. For all the incidents machine learning technology can identify, which is helpful, there will always be sophisticated attacks that no machine learning algorithm will be able to find.
It is also worth stating a simple fact: Humans hack. While they may use fancy technology to deploy these attacks, it is a human-led effort. Therefore, at the highest level, cybersecurity officers will be the only force able to stop hackers from penetrating critical networks. Machines don't fully understand us. Only humans can still (and probably always) comprehend hackers' larger strategy.
Instead, cybersecurity outfits can pair their human intellect with machine technology to sort through data faster and catch hackers before they do too much damage. No cybersecurity company should be led by robots -- and that's a good thing.