How Machine Learning Is Advancing Threat Protection

It’s no secret – cybersecurity is a tough job. The number of attackers is always bigger than the number of defenders for any business; and it’s getting harder. Gartner, an American research and tech advisory firm, expects there to be 21 billion internet-connected devices by 2020 (an estimate which is on the more conservative end on the spectrum). This means there will be billions upon billions of new opportunities for incursion – far too many for any human team to manage. So what can you do?

All hope is not lost. While it’s true that humans cannot be expected to block against every attack, neither can hackers be expected to launch every attack themselves. Truth of the matter is that cybercriminals often use automated attacks or bots to infiltrate business networks and devices. These bad bots don’t act like human users, making them easier to detect if we are hypervigilant. Which is why cybersecurity professionals have enlisted a new sidekick in the fight for advanced threat protection: machine learning.

Unlike unsupervised artificial intelligence which can detect anomalous behavior and flag a frustrating number of false positives, proper machine learning programs work with security professionals to sure up your operations.
For example, experts at the Massachusetts Institute of Technology’s Computer Science and Artificial Intelligence Lab (CSAIL) developed a machine learning system known as AI2 (a combination of ‘artificial intelligence’ and ‘analyst intuition’). AI2 flags a number of legitimate threats and false alarms to a human analyst who differentiates the two. With each future iteration, the machine learning system improves its results.

Related: Improving Cybersecurity One Password at a Time

On its own, machine learning yields an average success rate of 7.9 percent, but once trained by a human agent, the system is able to detect 85 percent of cyberattacks with a minimum number of false alarms. Now that really is machine learning!

This symbiotic relationship between AI and humans is ineffably more effectual at detecting threats in a timely manner than humans alone. In fact, research shows that it takes most companies six months to detect a data breach! That means that your company’s financial information and confidential customer data could be floating in the dark net for months before you even realize there is a problem.

Not only does machine learning detect threats after they’ve happened, but AI can actually stymie attackers in real time before they can cause problems. By better understanding legitimate user behavior, AI can flag a hacker’s movements and automated attacks, block their commands and protect your network.

This is especially helpful since IT environments are becoming increasingly complex and the ability to monitor the vast amounts of data are far exceeding the capacity of a human brain or even a team of human experts.

So what will the future of advanced threat protection and AI cybersecurity look like? Well, that might be hard to tell, especially since defenders and attackers are locked in an unending arms race. Nevertheless, there are trends we can see formulating at the moment.

As mentioned above, the number of web-connected devices is growing rapidly due to the burgeoning Internet of Things. Sadly, IoT devices are notoriously lacking in cyber defenses, making them easy targets for nefarious actors. Hackers can, and are, recruiting these devices to launch debilitating DDoS attacks which crash business operations. Similarly, ransomware attacks are blocking employees from their own corporate devices.

It is entirely possible that machine learning and advanced threat protection can aid in the fight against these attacks by detecting, blocking and redirecting DDoS traffic where they can do no harm and to obstruct ransomware downloads before they can cause harm.

In the end, the key to survival is human experts working with machines to create robust safeguards for businesses around the world. Neither party can do it alone.