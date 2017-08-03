Security teams now operate in an environment where they face frequent and more potent threats as bad actors deploy increasingly innovative attacks - everything from more clever phishing schemes to turbocharged versions of ransomware. They are also hamstrung by the limitations of the state of the art in the field.



Thanks to advances in machine learning, businesses should soon be better equipped to detect abnormal network behavior and combat threats that now hide beneath the radar. Computer scientists are building systems that function in intelligent and cognitive ways and developing learning technologies that teach machines to identify threats.



Machine systems are not only getting more powerful, but they are also getting cheaper to develop. At the same time, actionable intelligence requires big data and there’s no shortage of that. The amount of digitally available information is growing exponentially and will reach 44 zettabytes by the end of the decade, up from 4.4 in 2014.



By 2018, analysts expect advanced analytics and machine learning will be finding their way into mainstream defensive schemes. Enterprises, they anticipate, will use packaged prescriptive analytics offerings to automatically deal with detected threats.



If that timetable sticks and more tools based on data-driven science reach the market on schedule, CISOs will rejoice. Defenses that predict threats to IT assets would be a boon for overworked security managers who struggle daily with the limitations of current security systems.



The hope is that enterprises will benefit from what’s been described by the Harvard Business Review as algorithmic security to uncover suspicious transfer patterns. It’s a futuristic scenario where the system’s capable of the sort of 24/7 monitoring of larger data sets that humans couldn’t ever possibly manage. In practice, it will mean that when certain types of information begin to flow from a server to a particular workstation, managers would receive alerts of possible unauthorized use. Same thing if it detected any other changes in traffic, CPU usage or port activity that indicated the presence of malicious activity.



Other industries already use machine learning–based tools to automate decision processes, particularly in the financial services field. So why not cybersecurity? Some, who take a more conservative view of machine learning and behavioral analysis, caution against believing in silver bullets when it comes to data protection. And they are right to note that many cybercriminals understand machine learning and can be expected to apply their technical savvy to find ways to beat the system. In fact, hackers have already found ways to evade advanced fraud analytic systems in the banking industry.



But it’s early to dismiss the potential of machine learning and behavioral analysis. We won’t know for a while whether real-time automated threat detection marks a turning point. But this much is also clear: Security practitioners have been involved in what’s essentially been a years-long war of attrition with shadowy and persistent nemeses.They can use the help.



Even if the technology’s not enough to immediately retake the initiative in this seemingly endless battle, it could still turn out to be a potent and valuable weapon.

