Just because no one told the customs agents to look for stolen wheelbarrows doesn't make it OK, but as they say, hindsight is 20/20. In the digital world, we don't have to rely on hindsight anymore, especially now that we have the power to put machine intelligence to work and recognize anomalies that could be occurring right under our noses. In order for cyber-security to be effective today, it needs at least a basic level of intelligence. Machines that learn on their own and detect anomalous activity can find the "wheelbarrow thief" that might be slowly syphoning data, even if you don't specifically know that you're looking for him.
Anomaly detection is among the first technology categories where machine learning is being put to use to enhance network and application security. It's a form of advanced security analytics, which is a term that's used quite frequently. However, there are a few requirements this type of technology must meet to truly be considered "advanced." It must be easily deployed to operate continuously, against a broad array of data types and sources, and at huge data scales to produce high fidelity insights so as not to further add to the alert blindness already confronting security teams.
Leading analysts agree that machine learning will soon be a "need to have" in order to protect a network. In a Nov. 2014 Gartner report titled, "Add New Performance Metrics to Manage Machine-Learning-Enabled Systems," analyst Will Cappelli directly states, "machine learning functionality will, over the next five years, gradually become pervasive and, in the process, fundamentally modify system performance and cost characteristics."
While machine learning is certainly not a silver bullet that will solve all security challenges, there's no doubt it will provide better information to help humans make better decisions. Let's stop asking people to do the impossible and let machine intelligence step in to help get the job done.
Prelert provides Advanced Analytics for Threat Activity Detection. Prelert helps organizations quickly detect, investigate, and respond to post-breach threat activities with automated, machine learning anomaly detection.
Sign up for Computerworld eNewsletters.