Based on the disturbing number of successful data breaches over the past few years, it\u2019s pretty evident that organizations are being overwhelmed by the growing number of threats.However, a new breed of security solution has sprung up, offering to apply machine learning to enterprise security. These tools deliver the ability to analyze networks, learn about them, detect anomalies and protect enterprises from threats.So, is machine learning the answer to today\u2019s cybersecurity challenges? Industry analysts and companies offering these products say they\u2019re seeing increased demand, and the early reaction from users is positive.\u201cMachine learning is the major security trend of 2016,\u201d says Eric Ogren, senior security analyst at 451 Research. \u201cEvery security officer now knows that behavioral analytic products offer the best chance of catching attacks that elude static preventive defenses.\u201dAnd machine learning is the heart of behavioral approaches, he says. \u201cThere is nothing like watching, listening and learning,\u201d Ogren adds. \u201cMachine learning observes behavior in defining a statistical profile of normal activity for a user, device or Web site. This is important, as it provides the foundation for behavior analytics to prevent major damage from attacks that slip by anti-threat defenses or abuse authorized activity.\u201dA long-term benefit of machine learning is that it sets an organization on the path toward a probabilistic and predictive security approach that integrates smoothly with generally accepted IT practices, Ogren says. \u201cWe are seeing this pay dividends already in major cloud and media enterprises, where security is measured less in the 1s and 0s of good and bad and more in reducing the risk of a major business disruption that can flow right to the bottom line.\u201dPotential challengesAs with any newer technology, machine learning presents potential difficulties. \u201cIt can be challenging to differentiate the quality of machine learning algorithms across different vendors,\u201d Ogren says. \u201cQuality will come out in the results. We recommend that proof of concept projects focus on a few discrete use cases for users, devices and Web sites to demonstrate product effectiveness.\u201dAlthough machine learning can lead to huge improvement in security, \u201cit is not the end-all be-all,\u201d notes David Monahan, research director, security and risk management at research firm Enterprise Management Associates Inc. \u201cIt has its limitations and best applications. It is a great tool for much of security to identify things that are out of the ordinary and should be evaluated or investigated.\u201dThere are two main types of machine learning used in security: supervised and unsupervised. \u201cThey work better for different things, but in the end they find anomalies in data sets provided,\u201d Monahan says. \u201cTherefore, it is only as good as the data provided. So [machine learning] is an additive technology, not a foundational technology.\u201dKey benefitsThe key benefits of the technology are its ability to detect trends, patterns and anomalies in large and diverse data sets and the speed at which it can do this, Monahan says.\u201cIt is faster by far than most if not all big data tools, as it can work in real-time to near real-time\u2014seconds to minutes\u2014and it does not need to wait for batching data sets.\u201d The need for machine learning is driven by two facts, says Kris Lovejoy, president and CEO of BluVector, which provides security technology that uses machine learning.One is that it takes a long time to detect a compromise, and another is that in many if not most cases companies are informed by a third party that it has been breached.\u201cOrganizations need capabilities that allow them to get in front of the threat, finding and eradicating them before they can do harm,\u201d Lovejoy says.Companies \u201chave realized that they can\u2019t anticipate every possible attack vector, and they can\u2019t afford to manually create rules that detect the vectors they have anticipated,\u201d says Mike Paquette, vice president of products at Prelert, another provider of security tools that use machine learning.\u201cThey\u2019re looking for a way to automate the analysis of their security-related log data in such a way that these elementary attack behaviors are detected on a continuous basis,\u201d Paquette says.Here\u2019s a brief sampling of available security tools that leverage machine learning:Acuity Solutions provides BluVector, a malware detection and cyber hunting product that uses machine learning as the mechanism for identifying and prioritizing potential threats. As these threats are identified, forensic packages are created for hunters and responders tasked with investigating and triaging the threats.DgSecure Monitor from Dataguise is a data breach detection product that uses machine learning and behavioral analytics to generate alerts whenever user actions deviate from the typical behavioral profile. Whether sensitive data is protected or not, DgSecure Monitor makes it easy to create data security governance policies using this capability in combination with user-defined policies.Deep Instinct offers a product called Deep Learning that\u2019s inspired by the brain\u2019s ability to learn to identify an object and turn its identification into second nature. By applying deep learning to cybersecurity, Deep Instinct uses this process for two phases: learning and predicting. The result is instinctive cyber protection against even the most evasive cyber-attacks, from any source.Distil Networks offers technology that protects Web applications from malicious bots, API abuse and fraud. Each Distil customer benefits from a global machine learning infrastructure that analyzes attack patterns in real time. For example, Distil proactively predicts a bot based on correlating more than 100 dynamic classifications and pinpoints behavioral anomalies specific to a site\u2019s unique traffic patterns.Prelert offers three advanced threat detection products that use machine learning technology for security.\u00a0All three are built around Prelert\u2019s behavioral analytics engine that uses unsupervised machine learning technology to create baselines of normal behavior in companies\u2019 log data, and identify anomalies or unusual patterns in the data that are related to cyber-attack activity.Bank on itCompanies using machine learning technology report early success. Orrstown Bank, a provider of community banking services, began using machine learning technology to address the rampant growth of credit and debit card fraud.\u201cCard fraud has been on the rise due to a few reasons, but primarily because of the volume of card data breaches from large and small merchants,\u201d says Andrew Linn, senior vice president and CISO at the bank. \u201cFraud detection solutions either provide only rudimentary detection capabilities or are too expensive for the average community bank.\u201dOrrstown partnered with Prelert to use its machine learning technology to tackle the card fraud problem. Although originally designed to detect anomalies among technology assets, Orrstown has found the that Prelert\u2019s product can also detect anomalies in human behavior, including human card usage behavior.\u201cFraudsters often follow a purchasing pattern when using stolen cards,\u201d Linn says. For example, they make an initial and usually inexpensive purchase to verify that the card is still active and working.\u00a0If that test transaction goes through, they quickly execute a series of other, higher dollar amount transactions.The fraud scoring engine based on machine learning from\u00a0Prelert helps the bank detect the first fraudulent transaction so it can stop the subsequent fraudulent transactions that are higher dollar amounts.\u00a0The technology identifies fraud by detecting anomalies in the card usage across multiple dimensions\u2014time of day, dollar amount, location, type of merchant, etc.\u2014combined with expert knowledge about patterns of known fraudulent transactions that Orrstown supplies.\u201cAlthough we\u2019ve only recently operationalized this solution, early results indicate that we can reduce our fraud losses by up to 50%,\u201d Linn says.That's the ticketAnother user of machine learning, ticket resale services provider StubHub has been integrating Distil\u2019s technology for about 18 months. \u201cAs new security threats have surfaced, Distil has become an integral part of StubHub\u2019s larger security strategy, especially to combat account take-overs,\u201d says Marty Boos, senior director of technical operations at StubHub.The machine learning capability of Distil\u2019s offering learns from the patterns that it detects within the traffic coming to StubHub, so it can begin to predict how bad bots and other security issues will evolve, Boos says.StubHub and Distil are able to collaborate daily to identify what\u2019s happening now and what StubHub expects to happen in the future. \u201cAs bots and other types of malicious traffic quickly evolves, networks and platforms have to be diligent about getting ahead of new tactics,\u201d Boos says.At StubHub, a purchase often constitutes an immediate transfer of a digital good, \u201cso it\u2019s critical that we keep bots and other threats from compromising our network,\u201d Boos says.\u201cIt\u2019s a business risk. Distil helps us to be smarter about how we deal with current issues and prepare for the ways the threats of the future will evolve.\u201dHuman Longevity Inc., which provides technology for creating the world\u2019s largest and most comprehensive database of whole genome, phenotype and clinical data, started using Darktrace\u2019s Enterprise Immune System in September 2015 to characterize what it considers normal network activity across its business and corporate platforms.\u201cThe goal was to determine any abnormal activities across our network and have our teams focus on analyzing those anomalies in order to determine their threat level,\u201d says Tom Brandl, head of IT security.\u201cDarktrace\u2019s machine learning technology learns the pattern of life in our environment\u2014gaining an understanding of what is normal for our network so it can then identify any abnormal activity,\u201d Brandl says. \u201cThis allows our programmers and specialists to do what they do best: examine those anomalies identified by the Enterprise Immune System and determine the level of the threat and the actions to be taken.\u201d \u00a0The biggest benefit of the technology is that it has given the company much better visibility and understanding of what is happening in its environment. Those in the market say the future will bring dramatic new capabilities in efforts to strengthen information security.\u201cThere is no theoretical limitation to creating an artificial version of the human brain,\u201d says Guy Caspi, CEO, Deep Instinct. \u201cDeep learning is bringing us closer to this goal at a great and accelerating pace. We can expect many exciting breakthroughs in the upcoming years, especially in unsupervised learning.\u201dWhile deep learning has successfully been applied to computer vision, speech and text understanding, \u201cthere are many other challenging domains which deep learning can potentially revolutionize,\u201d Caspi says.With machine learning at the center of artificial intelligence and data science, \u201cit will continue to drive innovations in development and learning algorithms,\u201d says Venkat Subramanian, CTO at Dataguise.\u201cThe technology is in adoption across all industries where data-intensive analysis is taking place, and the enormous adoption of big data is one trend that is accelerating its integration throughout analytics,\u201d Subramanian says.\u201cThis will continue to span all areas of computing and will be especially useful in the detection and defense against violations to corporate security and unwarranted access to sensitive information.\u201dViolino is a freelance writer. He can be reached at\firstname.lastname@example.org.