Machine Learning for Security Operations

1
Machine Learning for Security Operations
2
Introduction

• Over the past two years machine learning has
  found its place firmly in the cybersecurity
  industry and its benefits are indisputable.
  Through machine learning, weve seen great
  improvements implemented into technology that can
  make tangible improvements to our cybersecurity
  posture

3
Steps In Machine Learning
4
Benefits of Machine Learning

• Cybersecurity marketers have also gotten hold of
  machine learning and it has become the buzzword
  du jour in many respects. When you're able to cut
  through the clutter, you will find that machine
  learning is more than just a buzzword and we
  should work to fully understand its benefits
  without overly relying on it as a silver bullet.

5
What is Machine Learning?

• Many people reference machine learning and
  artificial intelligence as if they are the same
  thing, when in reality theyre slightly
  different. Machine learning is a subset of
  artificial intelligence that focuses on computers
  having the ability to learn and predict outputs
  based on algorithms and statistics without being
  directly programmed to do so. One of the many
  ways this is used in cybersecurity is for the
  automatic identification of behavior-based
  anomalies.

6
Types of Machine Learning

• Machine learning comes in two flavors -
  supervised and unsupervised learning. With
  supervised learning, the system is fed data sets
  to learn from so it can make intelligent
  decisions in the future, such as identifying
  malicious activity. With unsupervised learning, a
  system uses configured algorithms to understand
  whats normal and alerts on behavior that changes
  or deviates from the norm.

7
Security Analysts For Machine Learning

• Machine learning is not meant to replace
  analysts, but to supplement them and help equip
  them to make quicker and better decisions.
  Security automations teams who will get the most
  out of machine learning are those who take a
  layered approach of good leadership guiding
  trained engineers who are enabled with efficient
  tools and proper governance. Machine learning
  fills a few of these criteria, but by itself its
  just a tool.

8
Machine learning holds great promise for security
operations
9
Threat Actors Dig Machine Learning

• As with anything that works, weve seen threat
  actors take advantage machine learning's
  sophistication by implementing aspects of it into
  their tools. This is shifting the way the bad
  guys implement attacks. For a brief period,
  early white hat adopters of machine learning
  helped shift the playing field slightly in favor
  of the good guys. However, this didnt last for
  long and attackers were quick to respond to the
  shift by attacking different vectors or
  implementing machine learning into their own
  techniques.

10
Security Operations Teams Can Leverage Machine
Learning

• The biggest proposition vendors with machine
  learning features make is that it can help
  security teams and their technologies adapt to
  the arms race that is happening in cyber security
  automation.

11
Conclusion

• The technology is giving SOC teams a leg up in
  many areas, including predictive and behavioral
  analysis, and it will continually change the ways
  we add visibility into our networks and systems,
  conduct investigations, incident response and
  manage security operations.