How machine learning enables your best employees to work 24/7
A recent incent industry report states that artificial intelligence and machine learning have great potential, but can’t yet match the breadth of human intelligence. While I would argue you can’t have one without the other, meaning humans are an integral part of both AI and machine learning, both of these technologies have the power to be better than any single employee.
Think about it this way, if you train your models on one person, they ultimately can be as good as that one threat researcher. Now if you train your program on the knowledge of 10 threat investigators, your models have the ability to be better than any individual one.
We shouldn’t get caught up in the nuances of human oversight because that should already be an integral part of the plan. Instead of being cautious, we need to be visionary and understand how leveraging these technologies can allow the knowledge from our best employees to be present and at work 24 hours a day, 365 days a year.
I have one more example to illustrate this idea. Imagine a threat comes in at 2 a.m. Maybe you have a security operations center monitoring your network activity. And while I’m sure you have a team on the ground, it may not contain your star employee or your expert on that particular type of attack. With machine learning, the knowledge from both of these employees can already be part of your defense.
I encourage the industry to lean into this technology instead of worrying that AI isn’t there yet or ready for prime time.
The real threat isn’t what AI or machine learning can do for your business or the field of threat research. It’s not going to replace humans. The threat comes from not utilizing it, forcing your best researchers to complete mundane work instead of having the time to be creative and innovative, dreaming up new ways of protection and attack.
In September 2015, Gartner introduced the concept of security automation in "*Maverick* Research: Is It Time to Fire Your Security Team and Hire the Machines?" and outlined some of the possible impacts that automation could have in the security marketplace.
Many organizations had already been experimenting with and using forms of automation and machine learning to streamline their threat workload. However, since then, we’ve started to see the impact and potential of these technologies, mainly in the area of automation. Machine learning and AI introduce automation around tasks that are repetitive, time-consuming or otherwise better done by a "machine" than a human.
This is an ideal way to delineate tasks. Have machines handle processing of data and act as the first line of defense through their algorithms that identify a potentially malicious packet or URL. Then the team can step in to examine the type of attack, if it is something new and models need to be adjusted or if it produced a false positive – which is another valuable lesson learned.
Don’t be afraid to be visionary and embrace the power that machine learning and AI can bring to your security team.
The fact of the matter is cyber criminals aren’t resting on their laurels. Every day they get to think about creative avenues to breach data and hack companies. While they may not be leveraging machine learning at present, it’s only a matter of time for these early adopters to get on board. Make sure your team is already entrenched in machine learning and armed with its power.