INDUSTRY WATCH
the rapid pace of the malware being
introduced. Machine learning becomes
the fastest way to identify new attacks
and to push that information out to
endpoint security platforms. The key
differentiator in incorporating machine
learning into endpoint security is the
amount of relevant data consumed by
the algorithms.
Machine learning manifests itself
in multiple ways in helping save
security teams’ time and energy:
• User experience is optimised –
Machine learning algorithms
feed information to the endpoint
about file attributes that indicate
the presence of malware. These
attributes may be related to type,
size and source, as well as header
anomalies and detected sequences
of operating system calls. A quick
scan before execution allows security
to perform its preliminary triage
without souring the user experience.
• Suspicious behaviour flagged
automatically – Once the programme
is running, machine learning on
the endpoint monitors behaviour
for signs of an attack. This runtime
detection is keyed by information
on attack tactics again uncovered
by machine-learning analysis of
malware samples in the data centre.
While pre-execution checks file
attributes to make a malware
decision, runtime execution requires
some knowledge of specific actions
attackers are likely to use. For
example, ransomware can render
your files useless in less than a
minute. Machine learning analysis
of ransomware attacks may uncover
timing and access patterns of file
shares that would indicate an attack
is underway – allowing endpoint
security to stop the threat before all
files are encrypted.
• Highly valuable investigation
and response data available
automatically – Helping security
teams respond to an incident,
72
INTELLIGENTCIO
machine learning can identify
suspicious connections and create
alerts based on equations. In this
case, security analysts need precise
information on the threat such
as files touched, registry changes,
server connections, etc. Because
machine learning looks across
multiple dimensions, much of the
data that incident response teams
require is already available, but
has traditionally required extensive
manual correlation. Ideally, highly
valuable investigation and response
data would be available through
the already-present endpoint
management console. The presence
of machine-learning technology
results in significant time savings – by
a factor of 10 is not uncommon –
that can help security teams keep the
business running.
Elevate security teams with
machine learning
People matter the most, but combining
human intelligence with machine
learning technology creates strong
security teams. The visibility into tactics
throughout the entire attack chain that
machine learning affords is critical to
enhancing the relationship between
security teams and technology. Machine
learning enables security teams to
devise new defences quickly to adapt
to attackers’ automated processes
and make it more difficult for them
to be effective. Remember, machine
learning places the time sequence of
activity observed between security
products. With machine learning
assistance, security teams have a
greater insight into who the attacker
is, the methods being used, where the
attacks are coming from and how they
are spreading, as well as which security
measures are working and which are
being defeated.
Most importantly, the presentation of
machine-learning results enables people
in security teams to do what they do
best – create intelligent, innovative
and effective solutions to new threats
Raj Samani, Head of Strategic
Intelligence, McAfee LLC
before significant damage is done to the
business. If people are the company’s
greatest assets, then machine learning
helps make them even greater.
To close, machine learning should be a
critical component of an enterprise’s
endpoint security strategy. Given
the volume and evolution of attacks
hammering away at endpoints, security
must be able to adapt without human
intervention, and must provide the
visibility and focus to enable humans to
make more informed decisions.
Machine learning has come of age with
big data driving accuracy up and false
positives down. The proof of successful
human and technology teamwork will
be seen in the ability to rapidly dismiss
alerts and accelerate solutions to thwart
new threats. Your users deserve the
best that cybersecurity has to offer,
and today the best endpoint security
products leverage machine learning. n
MACHINE
LEARNING HAS
COME OF AGE WITH
BIG DATA DRIVING
ACCURACY UP
AND FALSE
POSITIVES DOWN.
www.intelligentcio.com