Where is cybersecurity transitioning to, and how can you master the overwhelming number of different technologies that you’re using within your organization? In my last blog post, I tried to answer this question. New programming languages, new cloud services, new tools and frameworks arise on a daily basis. It’s almost impossible to keep track with just manual efforts. We need technology to control technology.
And this is where the game changer of machine learning comes into play.
What is Machine Learning?
Traditional computer programs have been explicitly programmed to compute solutions to problems. The decision rules are clearly defined by humans. In machine learning, on the other hand, the model is trained on the basis of examples, and the decision rules are complex or fuzzy. In this case, rules are not defined by humans, but learned from data by machines.
A good example to understand where machine learning is already used with a high quality of results is “image recognition.” Imagine, you would have to set up individual rules, so that the computer recognizes a banana on a picture. In this example, the rule set would be, if a yellow pixel is next to another yellow pixel, which in turn is next to another yellow pixel and repeated x times, then there is a high likelihood of a banana. Of course, this sounds like a lot of effort and complexity if you do that manually.
With machine learning, the computer can be trained on the basis of many hundreds or thousands of pictures of bananas, until it recognizes bananas itself with a very high likelihood.
Is the Concept of Machine Learning New?
Short answer: no. Machine learning is not a self-contained concept. It has a lot of interconnections with concepts like big data and data analytics. Big data, for instance, is a concept to find patterns in large data points and gain knowledge from these. Pretty similar to big data analysis is machine learning. It comprises statistical data analysis. The trick to machine learning is not the usage of new algorithms (there exist quite a few of them), but it is:
- To convert the raw data into a form, so it can be processed, also known as feature engineering
- To find the suitable algorithm for your specific use case
To illustrate this concept, let’s look at an interesting machine learning use case.
Let’s say, we have a user within the company, who aims to steal materials from the company’s warehouse. He starts to book the materials as scrapped, although they are still fully functional.
However, this scrapping of materials is rather an atypical process in his current user behavior. Unusual, because:
- The booking of the scrapping happens at an unusual time;
- Outside his usual working hours;
- And with an unusual quantity of the materials.
In this case, the machine learning model reveals these deviations from the recognized standard user behavior. The fraudulent activity by the employee is detected.
Why Is Machine Learning So Critical for Cybersecurity?
Machine learning can help companies deal with the sheer volume of data, produced by their different business applications. It can analyze patterns, it can analyze similar attacks and it can analyze changing user behavior. This of course brings a lot of advantages for a corporation. On the one hand, it saves a lot of time to manually check data, and on the other hand, it gives companies the possibility to react almost in real-time to attacks or changed behavior.
The quality of the statements of the machine learning algorithm depends of course also on the quality of the available data. Unfortunately, although it is not possible to make fundamental statements such as "the more data the better", having data from several sources can potentially ensure that the model learns and evolves better.
Want to learn more about how Onapsis leverages machine learning? Please feel free to contact us any time.