Effective IoT Security Requires Machine Learning

It’s simple: Tools that use machine learning can help supplement existing security tools.

sd post 3 image 0
Aruba

The legacy security model is based on the concept of a well-defined perimeter and the use of tools such as signatures, rules, and statistical analysis. While that model has provided significant value for a very long time, the limitations are highlighted by that fact that large-scale security breaches which are designed to evade traditional defenses have recently become commonplace.

One measure of the frequency and breadth of security breaches comes IBM, which predicts that by 2019 cybercrime will become a $2.1 trillion problem. One measure of the expanding effect security breaches have is the impact on a company's profitability, competitiveness, brand, and stock price. In many instances, cybersecurity has become both a CEO and a Board-level issue.

Over the last few years, the task of securing the enterprise has become more complicated. This is based in part on the emergence of new classes of devices and users, each of which presents new attack surfaces and contradicts the concept of a well-defined perimeter.

Mobile workers are one example of this phenomena. According to an analyst report, the global mobile workforce is expected to have 1.75 billion people by 2020, accounting for 42% of the global workforce. According to a recent article in CSO, 20% of companies report their mobile devices have been breached. That article also stated that nearly all companies (94%) said they expect the frequency of mobile attacks will increase, and 79% acknowledged that it's becoming more difficult to secure mobile devices.

Another example of an emerging type of edge point that presents new attack surfaces is the Internet of Things (IoT). IoT impacts every industry with business-critical use cases in many verticals including retail, healthcare, agriculture, and transportation.

According to an article in Forbes, between 2015 and 2020 spending on all layers of the IoT technology stack will attain at least a 20% Compound Annual Growth Rate (CAGR). That article also stated that B2B spending on IoT technologies, applications, and solutions will reach $267 billion by 2020. Unfortunately, according to a March 2018 Network World article, the lack of effective security is the top barrier to successful IoT initiatives. The article concluded that the adoption of IoT means that "organizations will need a far greater degree of visibility into their networks that might previously have been strictly necessary.”

sd post 3 image 1

Artificial intelligence (AI) is a branch of computer science that focuses on the theory and development of computer systems capable of performing tasks that normally require human intelligence, such as visual perception and decision-making. Machine Learning is a subset of AI that focuses on the practice of using algorithms to parse data, learn from it, and then make a prediction about something. In contrast to a static algorithm, a critical aspect of machine learning is that the machine is "trained" using large amounts of data and algorithms that give the machine the ability to continually learn how to perform a given task.

Tools based on machine learning are necessary to supplement the existing set of security tools. These new tools help organizations identify and mitigate the emerging generation of security breaches that are designed to leverage both the legacy and evolving attack surfaces to evade the enterprise's traditional defenses. When evaluating security tools based on machine learning, there are three key concepts that IT organizations should keep in mind:

  1. Not all tools that claim to be based on machine learning really are. Some are just a re-packaged statistical analysis tool or a combination of rules that rely on prior knowledge of what specific action an attack will take.
  2. To maximize the value of machine learning, the tool must have access to the broadest possible set of data including packets, flows, logs, and alerts. In virtually all instances, the network is the best source of data.
  3. The results produced by security tools that are based on machine learning are not binary; e.g., the results would not be used to turn an indicator light from green to red. The results are probabilistic and are intended to help the security team identify the types of small incremental changes that typically can't be detected by traditional tools--and which might indicate that the enterprise has been breached.

Security attacks continue to increase in both frequency and sophistication. While the legacy security model continues to add value, it can't thwart the growing set of attacks that are specifically designed to circumvent the defenses this model provides. To respond to this emerging set of attacks, IT organizations must supplement their current approach with a new generation of security tools. This new generation of tools must be built using machine learning and it must be able to fully leverage the ability of the network to provide the broadest set of data.

Click here to learn more.

About the Author

larry lunetta Aruba

Larry Lunetta Blog Contributor

Larry Lunetta is vice president of security product marketing at Aruba, a Hewlett Packard Enterprise company. Larry is also a guest lecturer for entrepreneur studies at Arizona State University.

Full bio

 

Related: