Moving forward with machine learning for cybersecurity

Cybersecurity professionals see potential in machine learning, but they need education and guidance

Moving forward with machine learning for cybersecurity

At Black Hat last week, you couldn’t pass a slot machine without some cybersecurity technology vendor crowing about machine learning or artificial intelligence (AI). Yup, machine learning algorithms have great potential to help with security analytics and employee productivity, but this technology is in its infancy and not well understood.

Want proof? ESG asked 412 cybersecurity professionals to assess and characterize their knowledge of machine learning/AI as it relates to cybersecurity analytics and operations technologies. Of the total survey population, only 30% of respondents claim to be very knowledgeable in this area. In other words, 70% of cybersecurity professionals really don’t understand where machine learning and AI fit.

Furthermore, cybersecurity pros were asked if their organizations have deployed or plan to deploy machine learning/AI technologies for cybersecurity analytics and operations. Only 12% say their organization has done so extensively. 

Infosec professionals see potential here—only 6% of respondents have no plans to deploy machine learning/AI technologies for cybersecurity analytics and operations. Good upside for cybersecurity technology vendors, but lots of work remains. The cybersecurity industry must:

  • Educate the market. To be clear, few cybersecurity pros care about the underlying technology. Rather, they really need to know what it can and can’t do.
  • Identify use cases. Similarly, CISOs want to know how to apply this technology for maximum benefit today and where it can be added for incremental value in the future.
  • Leverage existing technologies. Note to machine learning/AI cybersecurity technology vendors: Make sure you build off existing tools rather than ask CISOs to adopt new servers, user interfaces and reports. Smart machine learning/AI vendors will partner with SIEM vendors such as IBM, LogRhythm, and Splunk, for example. HPE is also doing some interesting integration between Introspect (Niara) and ClearPass (Aruba).
  • Provide help. I’m convinced that the most successful machine learning/AI cybersecurity technology vendors will bundle their wares with professional and/or managed services.

As a fellow geek, I find machine learning/AI technology extremely cool, but no one is buying technology for technology sake. The best tools will help CISOs improve security efficacy, operational efficiency and business enablement. 

Copyright © 2017 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline