The uptick in cyber attacks has made machine learning in cybersecurity a must-have for many companies.
Although cyber attacks continue to grow in number and complexity, machine learning is evolving to address new threats. Machine learning’s ability to analyze large amounts of data and spot patterns makes it ideal for detecting attacks in their earliest stages, exposing network vulnerabilities and anticipating when and how future cyber attacks will occur.
Machine Learning in Cybersecurity
How Is Machine Learning Used in Cybersecurity?
A subset of artificial intelligence, machine learning uses algorithms born of previous datasets and statistical analysis to make assumptions about a computer’s behavior. The computer can then adjust its actions, even performing functions it wasn’t programmed to do. These abilities have made machine learning a crucial cybersecurity asset.
Detecting Threats in Early Stages
With its ability to sort through millions of files and identify potentially hazardous ones, machine learning is increasingly used to uncover threats and squash them before they can wreak havoc.
Software from Microsoft showcased this skill in 2018, when cybercrooks attempted to infect over 400,000 users with a cryptocurrency miner during a 12-hour time frame. The attack was stopped by Microsoft’s Windows Defender, a software that employs multiple layers of machine learning to identify and block perceived threats. The crypto miners were shut down almost as soon as they started digging.
Uncovering Network Vulnerabilities
Rather than wait for cyber attacks to happen, companies are taking a more proactive approach with machine learning. Penetration testing involves simulating a cyber attack to locate weak points in a company’s networks, firewalls and systems. Machine learning can execute this task and apply software patches, code fixes and other solutions to address any holes in an organization’s security suite.
In addition, machine learning’s ability to learn from historical data allows it to pick up on unusual software and user behavior during these kinds of training sessions. The technology then remembers how specific cyber attacks occur and can determine which ones pose the biggest threats based on a network’s vulnerabilities.
Reducing IT Workloads and Costs
Distributing security updates, completing penetration tests and monitoring devices all take up time and energy. But machine learning’s automation capabilities mean IT teams don’t have to worry about performing these more mundane, repetitive tasks. As a result, tech professionals are free to focus on more pressing security issues.
Organizations are also able to cut down on hiring costs by applying machine learning to fulfill roles that would otherwise require hiring another employee. This is a major win for smaller businesses that can’t afford to increase their company headcount.
Machine Learning in Cybersecurity Challenges
While machine learning in cybersecurity meets various IT and security needs for businesses, the technology must continue to adapt to an ever-changing digital ecosystem. Even then, machine learning may not be able to overcome some limitations and outside factors.
Increasing Number of Connections
The number of connected devices is expected to reach 27 billion by 2025 as hybrid and cloud environments become more popular. Company networks are constantly adding new computers, tablets and other devices, putting pressure on machine learning to account for and protect more connections against cyber attacks.
Social Engineering Schemes
Not even the strongest machine learning-based security system can make up for human error. Social engineering strategies like phishing emails take advantage of relationships built on trust and authority. If teams aren’t trained to identify these schemes, companies may fall victim to a socially engineered cyber attack.
Tech Talent Shortages
Despite IT and security being essential for companies in the digital age, more than 85 million skilled jobs are expected to go unfilled by 2030. Companies need data scientists and IT workers who know how to maintain machine learning algorithms and interpret their analyses. Without this kind of literacy, teams may struggle to adopt ML-based cybersecurity solutions.
Machine Learning Data Needs
Machine learning depends on large amounts of historical data to detect patterns that it can apply to future situations. The problem is that machine learning cybersecurity data isn’t common. And any existing security data may be considered sensitive material, so teams might have to get creative when finding data to train machine learning algorithms.
7 Companies Using Machine Learning in Cybersecurity
Location: Sunnyvale, California
How it’s using machine learning in cybersecurity: Crowdstrike combines machine learning, AI and behavioral analytics to execute proactive threat hunting. The company’s security suite scans networks to detect malware and other potential threats that hide and collect data within an organization’s digital ecosystem. One of the methods this approach relies on is grounded in machine learning, which compiles and analyzes massive amounts of data to snuff out suspicious activity.
Location: Chicago, Illinois
How it’s using machine learning in cybersecurity: Crisp Thinking’s platform uses specially trained artificial intelligence to detect “risk signals” in social channels and discussion boards and quickly intervene. This allows brands to protect their reputations, get ahead of online controversies, mitigate harmful speech on owned social pages and more.
Location: Redmond, Washington
How it’s using machine learning in cybersecurity: Microsoft uses its own cybersecurity platform, Windows Defender Advanced Threat Protection (ATP), for preventative protection, breach detection, automated investigation and response. Windows Defender ATP is built into Windows 10 devices and automatically updates and employs cloud AI and multiple levels of machine learning algorithms to spot threats.
Location: Waterloo, Ontario, Canada
How it’s using machine learning in cybersecurity: BlackBerry, whose web-connected smartphones were once ubiquitous in certain circles, has pivoted and now sells software and services to big companies. Among the company’s specialties are cybersecurity solutions that employ AI and machine learning to prevent cybersecurity threats and automate clients’ threat response capabilities. In November 2018, BlackBerry acquired AI cybersecurity firm Cylance for $1.4 billion.
Location: San Francisco, California
How it’s using machine learning in cybersecurity: Splunk software has a variety of applications, including IT operations, analytics and cybersecurity. It’s designed to identify a client’s current digital weak points, automate breach investigations and respond to malware attacks. Products like Splunk Enterprise Security and Splunk User Behavior Analytics use machine learning to detect threats so they can be quickly eliminated.
Location: Austin, Texas
How it’s using machine learning in cybersecurity: Forcepoint provides efficient data security by embracing a strategy it calls Dynamic Data Protection. Relying on machine learning, this approach studies human behavior to determine when users perform actions that increase the risk of cyber threats. Because Forcepoint’s technology can home in on specific individuals, businesses can conduct scans while filtering out low-risk users, reducing false positives and securing cloud-based collaboration.
Location: Mountain View, California
How it’s using machine learning in cybersecurity: Chronicle is a cybersecurity company that sprang from Google’s parent company Alphabet. Its first product, Backstory, is described as “designed for a world where companies generate massive amounts of security telemetry and struggle to hire enough trained analysts to make sense of it.” Backstory analyzes large amounts of security data (such as internal network activity, known bad domains and suspected malware) and uses machine learning to condense it into more easily digestible insights.
The Future of Machine Learning in Cybersecurity
Trends in the cybersecurity landscape are making machine learning in cybersecurity more vital than ever before. The rise of remote work and hybrid work models means more employees are completing actions online, accelerating the number of IoT- and cloud-based connections. Now systems are generating reams of data, making machine learning’s ability to quickly scan and analyze large amounts of data critical.
“We have more and more data available, and the data is generally telling a story,” Raffael Marty, former chief research and intelligence officer at cybersecurity firm Forcepoint, said. “If you understand how to analyze the data, you should be able to come up with the deviations from the norm.”
The problem is that cyber threats are adapting. Approaches like steganography make detecting harmful data or code almost impossible. Cyber threats can also change forms to avoid detection, and new cyber threats may take advantage of unknown vulnerabilities in systems.
To account for these possibilities, the cybersecurity industry is crafting new roles and best practices. Ethical hackers spot weak points in software and apply fixes before attacks happen while deception technology catches cyber attacks in their initial stages. Machine learning is also getting better at analyzing human behavior to detect cyber risks that could arise from an employee accidentally opening an infected email attachment or downloading a malicious folder.
But over-reliance on AI and machine learning in cybersecurity can create a false sense of safety, according to Marty. That’s why, in addition to judiciously applied algorithms, his firm employed cybersecurity experts, data scientists and psychologists. As with all current artificial intelligence, machine learning supplements and enhances human efforts, rather than replacing them.
“There’s this promise that you can just look at past data to predict the future—forgetting that domain expertise is really important in this equation,” he said. “There are groups of people who think you can learn everything from the data, but that’s simply not true.”