• United States



Contributing Writer

Moving forward with machine learning for cybersecurity

Aug 03, 20172 mins
Cloud SecurityEndpoint ProtectionNetwork Security

Cybersecurity professionals see potential in machine learning, but they need education and guidance

artificial intelligence / machine learning
Credit: Thinkstock

At Black Hat last week, you couldn’t pass a slot machine without some cybersecurity technology vendor crowing about machine learning or artificial intelligence (AI). Yup, machine learning algorithms have great potential to help with security analytics and employee productivity, but this technology is in its infancy and not well understood.

Want proof? ESG asked 412 cybersecurity professionals to assess and characterize their knowledge of machine learning/AI as it relates to cybersecurity analytics and operations technologies. Of the total survey population, only 30% of respondents claim to be very knowledgeable in this area. In other words, 70% of cybersecurity professionals really don’t understand where machine learning and AI fit.

Furthermore, cybersecurity pros were asked if their organizations have deployed or plan to deploy machine learning/AI technologies for cybersecurity analytics and operations. Only 12% say their organization has done so extensively. 

Infosec professionals see potential here—only 6% of respondents have no plans to deploy machine learning/AI technologies for cybersecurity analytics and operations. Good upside for cybersecurity technology vendors, but lots of work remains. The cybersecurity industry must:

  • Educate the market. To be clear, few cybersecurity pros care about the underlying technology. Rather, they really need to know what it can and can’t do.
  • Identify use cases. Similarly, CISOs want to know how to apply this technology for maximum benefit today and where it can be added for incremental value in the future.
  • Leverage existing technologies. Note to machine learning/AI cybersecurity technology vendors: Make sure you build off existing tools rather than ask CISOs to adopt new servers, user interfaces and reports. Smart machine learning/AI vendors will partner with SIEM vendors such as IBM, LogRhythm, and Splunk, for example. HPE is also doing some interesting integration between Introspect (Niara) and ClearPass (Aruba).
  • Provide help. I’m convinced that the most successful machine learning/AI cybersecurity technology vendors will bundle their wares with professional and/or managed services.

As a fellow geek, I find machine learning/AI technology extremely cool, but no one is buying technology for technology sake. The best tools will help CISOs improve security efficacy, operational efficiency and business enablement. 

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author