Both Jou and Silverstone said machine learning has demonstrated within organizations that it can predict which employees are likely to leave, and/or turn malicious and steal data. “We regularly catch bad actors in this way,” Jou said.
Silverstone said he knows from direct experience that, “with about a week’s worth of baseline data, we can tell which worker on the network is sloughing off, likely to leave or likely to be malicious. Also we can predict what level of bandwidth I will need at what time of the day, and which ports and even which sites people will go to.”
He said part of the strength of machine learning is that it can recognize context, as in: “Does an actor have the right to perform a specific action, and where and when etc.? That can mean a simple predication that results in needing only 6GB firewalls instead of 60GB. And the possibilities go far beyond this,” he said.
He contended that anyone who argues that machine learning can’t learn and spot the differences between normal and anomaly, “is talking about older [machine learning]. There is nothing better than a machine to note similarities or dissimilarities,” he said, adding that, “anybody who wants to put a human being up against a machine in finding data anomalies is welcome to try.”
Elgen noted that the roots of machine learning go back decades. Indeed, they go back at least as far as the famed British computer scientist Alan Turing, who led the team that built the machine that cracked the Nazi “Enigma” code in World War II, dramatized in the recent movie, “The Imitation Game”. In a 1950 paper, Turing raised the question, “Can machines think?”
The reason machine learning is such a hot “new” topic now, Elgen said, is because, “we now have better data storage and higher-quality data that we can process more rapidly.”
Jou said the perception that machine learning is overhyped could be because its use in cybersecurity is relatively new, but he believes that, “once it starts to demonstrate the same success it has had in these other fields it will revolutionize cybersecurity.”
This does not mean, machine learning’s advocates say, that its use has matured to the point where its effective use is commonplace throughout the public and private sectors.
“Day to day, I’m not seeing many enterprise organizations innovating with it,” Silverstone said, “but it is happening in some research facilities, universities and very much in the financial sector.”
Jou said machine learning is harder to adapt to cybersecurity because, “security people are not in the habit of sharing data. We don’t sit around saying, ‘I just got breached, here are my firewall traffic logs. Show me yours.’ Also, many companies are just realizing that they have become big data companies,” he said.
Sign up for CIO Asia eNewsletters.