Machine Learning: An Essential Part of Your Endpoint Security Solution?
Cybersecurity skills are on the decline. We’ve reported before on the cybersecurity staffing crisis plaguing enterprises around the world, but recent reports suggest that the problem is only getting worse. 51% of IT and cybersecurity specialists said in a recent survey that they were coping with an InfoSec skills shortage in their offices. 70% of cybersecurity professionals said their organizations were affected by the same shortage, according to another survey.
Yet at the same time, with the IoT revolution and the rise of Bring Your Own Devices (BYOD) workplace cultures across America, the number of endpoints enterprises need to secure are only increasing.Between 70% and 95% of security breaches originate at endpoints. So how can enterprises bridge this widening gap between increasing needs and decreasing human talent?
Some cybersecurity experts looking to machine learning, a distinct subset of artificial intelligence technology, as a way to redress the balance. Vendors are proclaiming machine learning as a vital part of their endpoint solutions, as a new tool to facilitate their detection and prevention capabilities. So should machine learning be a crucial feature as you seek an endpoint solution for your enterprise?
Machine Learning Automates the Hunt for Malicious Activity
Machine learning is a kind of artificial intelligence (AI). At its core, AI refers to the broad technology of algorithms initiating operations intelligently. Machine learning is an algorithm or program capable of calculating and analyzing millions of data points in seconds and learning from that data without oversight programs. From this unstructured data, machine learning can construct and analyze huge data sets, build algorithms and models of behaviors, and use them to accurately predict future actions and behaviors.
In the realm of endpoint security and SIEM, machine learning can use its data learning capabilities to identify, analyze, and respond to malicious activity. The technology can also reduce attacker dwell time, distinguish between typical and atypical user behavior, and detect and prevent unknown threats that would bypass traditional anti-malware detection methods; machine learning doesn’t need to rely on signatures or on constant updates of signatures to detect threats. Instead it can recognize other traits to detect malicious intent in files, catching more malware with fewer false positives.
To put it more simply: it doesn’t matter if it has seen a threat before or not—machine learning can recognize its type ahead of time and put a stop to it regardless.
More broadly, many experts are looking to machine learning to automate the more menial detection and prevention InfoSec tasks—parsing the vast data logs of security information with robotic efficiency. With some kinds of machine learning, it doesn’t even require human input on what behaviors or relationships to look for; it does so automatically. Machine learning can even remotely and independently remove compromised endpoints of the malware afflicting them. The hope is this could help alleviate the burden on overstressed and overwhelmed IT departments.
A Note about Machine Learning’s Speed
Some industry observers and experts contend that an AI-based endpoint security system can be deployed effectively within minutes. This is certainly a possibility, but it does obscure that even with its data analyzing capabilities, learning does actually take time. Machine learning needs time to know what is normal and abnormal user and program behaviors, and learn how to best enforce normal behaviors. Expecting instant results will lead to nothing but heartache, but once the program sets in it can be a powerful tool.
Machine Learning is Not a Full Endpoint Security Solution
A recurring theme in our recent articles on biometrics and blockchain is that praise for particular solutions or tools should be met with thorough examination. There is never a pure silver bullet in cybersecurity.
We have to keep innovating and question how can we get better. Our enemies will not just sigh and give up because they have a new challenge. There is a lot of things you can say about hackers, but you can’t deny that they are some of the most self-motivated people on the planet. Indeed, there are reports that hackers are employing their own malicious machine learning programs to bypass security systems or run phishing campaigns. Furthermore, as fileless or malwareless attacks become more prevalent, machine learning is denied the traditional data it needs to operate.
In that vein, while machine learning can be a huge boon to endpoint security, not all machine learning algorithms are created equal. If you are examining solutions for your enterprise, you should ask your vendor candidates how their solution outpaces both hackers and their competitors. You should ask what kinds of data their algorithm processes, how it stores and analyzes that data, how quickly learning takes place, and how your cybersecurity departments can access and examine the program’s findings. Make sure your selected endpoint solution can analyze activity on the system as well as files to catch malwareless attacks and that you can provide the data to help your solution recognize those breaches.
An argument could be made that machine learning may not be a substitute for an in-depth conversation with your cybersecurity department about your endpoint security strategy and most likely use cases. However, machine learning is a powerful tool that can supplement, fortify, and enforce endpoint security strategies. It may prove a crucial development in solutions and help enterprises detect threats that much faster.