Effective machine learning applications

At its most basic, machine learning technology is supposed to enable cybersecurity companies to predict the nature of future attacks based on past behaviour, similar to how Netflix displays what you want to watch based on what you’ve previously viewed.

According to Jack Gold, president and principal analyst at J. Gold Associates, this innovation can assist cyber companies to transition away from a “signature-based” system to detect malware. Instead, he sees more companies adopting a machine learning approach that aims to analyse past incidents in a broader manner and aggregate information from a multitude of sources.

Specifically, some machine learning applications for cybersecurity are effective at doing the following: detecting malicious activity, helping security officers determine what tasks they need to complete in an investigation process, analysing mobile endpoints, decreasing the number of false positive threats, automating repetitive tasks like interrupting ransomware, and potentially closing some zero-day vulnerabilities.

Limitations of AI for cybersecurity

The signal-to-noise ratio for threat intelligence-type automation events isn't effective for most organisations at the moment. The reality is automating threat intelligence - or in other words, identifying adversaries automatically - is difficult to execute within an organisation because every company’s threats, vulnerabilities, and risks are unique. Ultimately, machine learning can help cybersecurity outfits, but it can’t replace many important functions.

Pairing human intellect and machine technology

Cyber attacks, meanwhile, are the complete opposite. Hackers become smarter, and are always one step ahead of cybersecurity officers, inherently and frequently shifting their strategies so that CISOs will not detect them. For all the incidents machine learning technology can identify, which is helpful, there will always be sophisticated attacks that no machine learning algorithm will be able to find.

It is also worth stating a simple fact: Humans hack. While they may use fancy technology to deploy these attacks, it is a human-led effort. Therefore, at the highest level, cybersecurity officers will be the only force able to stop hackers from penetrating critical networks. Machines don’t fully understand us. Only humans can still (and probably always) comprehend hackers’ larger strategy.

Instead, cybersecurity outfits can pair their human intellect with machine technology to sort through data faster and catch hackers before they do too much damage. No cybersecurity company should be led by robots -- and that’s a good thing.