Machine learning is cybersecurity’s latest pipe dream – Part 1

Simon Crosby, CTO and co-founder, Bromium

A recurring claim at security conferences is that “security is a big data / machine learning (ML) / artificial intelligence (AI) problem”. This is unfortunately wildly optimistic, and wrong in general. While certain security problems can be addressed by ML/AI algorithms, in general the problem of detecting a malicious actor amidst the vast trove of information collected by most organisations, is not one of them.

Our faith in AI is based on personal experience (“everything cloud is big data and good”) and the memes of the consumerisation era. It is tempting to project this optimism into an enterprise context: The idea that it ought to be possible to sift through large amounts of data to find signs of an attack of breach is intuitively reasonable. Moreover, every IT pro managing systems at scale is aware of the value of sophisticated tools that help them to pick through large volumes of data to find relevant information to aid trouble shooting and even security investigations says, Simon Crosby, CTO and co-founder, Bromium.

First generation tools such as SIEM systems (Security Information and Event Management) gave security teams a new way of correlating events and triaging large volumes of noisy data. Solutions emerged that borrowed the approach of Google to index logs and alerts, adding powerful search and manipulation capabilities to allow teams to be ever more effective in finding faults and security violations. These tools have helped security teams enormously, but still leave two challenges: vast amounts of data of unknown value that we don’t know when to discard; and the nagging worry that the security team may have missed a needle somewhere within the haystack – that is, a concern that the algorithms may be imperfect and miss the bad guy anyway.

Is machine learning the answer to the security problem? Again, this is an imprecise statement of the problem and the potential set of solutions. In this piece I want to focus on attack detection. In this domain we need to ask two questions: Can an algorithm reliably find the needle in the haystack (the tiny differences from “normal” behavior that might be indicative of an attack)? Second, can such an algorithm increase our confidence in the absence of an attack – effectively enabling us to be sure that there would be no loss if we discard the haystack of data representing the organisation’s normal activity? AI and ML are broadly viewed as magical technologies that will transform human experience.   It’s an enormously seductive idea. We’ve all experienced the power of machine learning systems in Google search, the recommendation engines of Amazon and Netflix and the powerful spam filtering capabilities of web-mail providers such as G-Mail and Outlook. Former Symantec CTO Amit Mital once said that machine learning offers of the “few beacons of hope in this mess.”

But it’s important not to succumb to hubris. Google’s fabled ability to identify flu epidemics turned out to be woefully inaccurate, and while the domain of cyber security is characterised by weak signals and a huge number of variables to track, intelligent actors have a large attack surface to exploit. Unfortunately, there is no guarantee that using ML/AI will leave you much better off than before – which is relying on skilled experts to do the hard work. Unfortunately that has yet to stop the marketing spin.

The author of this blog is Simon Crosby, CTO and co-founder, Bromium.

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow

FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
RECENT ARTICLES

A good connection is not just for Christmas

Posted on: November 25, 2021

Peak season trading this year is set to be more difficult than ever for retailers. Unprecedented supply chain disruption is threatening to decimate stock levels. Post-COVID customer behaviour is unpredictable with some customers relying ever more heavily on ecommerce; others heading to the high street to get ahead on Christmas buying in response to fears

Read more

stc announces partnership with Sensoneo to drive smart waste management

Posted on: November 25, 2021

Riyadh, Saudi Arabia. 24 November 2021 – stc, the ICT specialist driving digital transformation in the Middle East and North Africa, has announced a partnership with Sensoneo to provide customers in Saudi Arabia with the most reliable and easy-to-deploy smart waste management technology. Sensoneo is a provider of enterprise-grade smart waste management solutions.

Read more