SAS On Machine Learning’s Role In Cybersecurity

Artificial intelligence and machine learning are all the rage across a bevy of industries but in the world of cybersecurity advanced analytics capabilities are becoming a necessity.

As companies generate more data it’s becoming impossible for a typical cybersecurity team to monitor all the potential events and that is where machine learning comes in. Applying it across the cybersecurity environment within a company can create more efficiency and help to facilitate and aid those tasked with protecting data.

“Cybersecurity is a very mature profession that has been around for several decades with the traditional approach rules-based and focused on creating barriers to come into the network,” said Scott Mongeau, Global Senior Business Solutions Manager at SAS, the Cary, North Carolina software company. “In the reality that has emerged in the last three to five years that model no longer exists because of cellphones, smartphones, virtual devices, and smart TVs. They are all embedded computers that connect and share data. There is increasingly no definable ‘castle’ to effectively put a moat around.”  Not to mention that many of these devices and services lack strong security and host hidden vulnerabilities, which means most defending the networks operate under the assumption that there may already be unseen compromises on their network, he said.

Become a Subscriber

Please purchase a subscription to continue reading this article.

Subscribe Now

Machine Learning Has Already Proved Effective

Machine learning as a cybersecurity defense is still in its infancy but there have been well-known successes. Take spam filtering for one example. Users of Gmail and Hotmail, free email applications offered by Google and Microsoft, might not realize it but there is a lot of active machine learning going on behind the scenes to prevent spam, scam and viruses from coming through, said Mongeau.  The technology can quickly recognize and prevent those email messages from showing up, reducing the risks to all sized enterprises as well as consumers. Another example: financial services companies rely on machine learning to fight fraudulent online credit card charges and other financial scams.  “Behind most common online credit card and bank transactions is a split-second machine learning driven decision on whether a transaction is potentially fraudulent or not,” said Mongeau.

Mongeau doesn't believe machine learning will replace cybersecurity professionals, but he does think big data will increase the role machine learning plays in cybersecurity departments across the globe. “The typical corporation experiences over 1,000 network events per second, sometimes much more,” said Mongeau. “That’s just a section of the data that needs to be analyzed. There are also events on devices, application behavior, authentication events, and network components that need to be monitored. It’s too much for an individual to look at anomaly alerts even with a rules-based system filtering.”

Cyber Cold War In The Making

At the same time that companies and security outlets are embracing machine learning to protect their systems and those of their clients, the adversaries are doing the same, growing increasingly sophisticated in the means they will employ to break into a network to commit fraud, exfiltrate data, or to engage in other mischiefs. Mongeau sees the world as being on the path toward a cyber cold war of sorts between the hackers and the defenders, with both sides increasingly utilizing machine learning to circumvent each other.  It will also keep cybersecurity professionals awake at night as the attacks not only get more sophisticated but have global ramifications. He pointed to the WannaCry ransomware outbreak as one example. The destructive worm attack affected 200,000 people in 150 countries in May of 2017.

In a blog post, last summer Mongeau made the case that increasingly aggressive cyber attacks will be an inevitability as sophisticated attack methods, tools and bad actors evolve together, driven by increased economic and political incentives. The dark web, which is unregulated, provides a mechanism for hackers to anonymously collaborate to coordinate attacks and share powerful hacking tools and techniques. “Some of the older mechanism of attacking computers have biological names such as virus and worms,” said Mongeau. “Its apt with the organic level of complexity we increasingly encounter. Attackers and defenders will increasingly deploy intrusions and defense mechanisms utilizing sophisticated, machine learning driven supervision."