With threat detection, machine learning can go from the end-point to the security operations centre. With a global shortage of security analysists, machine learning can help fill the gaps we traditionally filled with people and it can free up the resources we have so they can work on higher level tasks.
And these systems can provide information to other machines which carry out other specialised tasks. Or it can look at data being collected in other systems and detect patterns and point humans towards targeted investigations.
As well as working with known threats, the ability to detect anomalies means machine learning can be used to detect previously unknown threats.
One of the other areas where machine learning can be used is model extraction,
"This is where I feed data into the machine, and I see what comes back and learn the model. The intellectual property is the model. If I understand the model I can poison it," said Savvides.
This moves us towards new machine learning driven defensive models and then use machine to reverse an attack. For example, in a business email compromise attack, where a senior corporate officer is targeted through email to transfer funds to an unauthorised third party, a machine learning system could detect the attack and then respond using a bot, in the voice of the corporate officer, to assist with tracking the source of the fraud.
As for the future, Savvides says the systems will move from being reactive to becoming predictive and telling us that an attack is imminent. The challenge, he said, may come from our inability to understand how the computer came to its conclusions and we don't trust it.
Source: CSO Australia
Sign up for CIO Asia eNewsletters.