According to IT World Canada, machine learning is playing an important role in modern protection against cyberattacks. As a result, security companies are hopping on the bandwagon and developing and deploying machine learning solutions to keep sensitive data safe.
Machine learning is helping businesses keep one step ahead of cyberattackers, IT World Canada says. For example: Geoff McDonald, a cloud machine learning architect for Windows Defender, told IT World Canada that today’s spear-phishing incidents are created with different scripts within malicious code so that anti-malware won’t catch it.
This is where machine learning shines: “However, these patterns are really good for machine learning models, because if you were to look at the code it would be highly suspicious,” McDonald said. “A machine learning model can look at it the way a human can and clearly identify that it is hiding malicious intent.”
IT World Canada also says that security vendors are incorporating plans and/or classes of “machine-learning algorithms into their solutions to focus on specific problem domains.” Machine learning solutions are also being used to develop “an optimal remediation response,” which will be created from lessons learned from past security breaches. Plus, these solutions will be able to be used to scan users, user roles, titles, and actual access, giving security administrators the chance to fine-tune hiccups as needed.
What decision makers should keep in mind:
While machine learning is becoming the go-to for protection against cyberattacks, relevant solutions aren’t fool proof yet. Avivah Litan, cybersecurity analyst for Gartner, said that machine learning is still in its infancy, and is “restricted to looking at suspicious files or network behavior;” this means it is not yet able to “scrutinize processes, such as what is running in memory.”
As a result, decision makers considering machine learning as a cybersecurity method should keep in mind that machine learning isn’t able to catch everything, is limited to only catching suspicious files, and might still throw off false positives. For example, “If a bad guy logs into a machine directly and starts writing routines in Powershell, machine learning isn’t going to see that,” Litan told IT World Canada.