shutterstock-1022759875
Machine Learning

Human security teams can't manage the new threat landscape alone

This is a contributed piece by Simon Wilson, UK CTO, Aruba, a Hewlett Packard Enterprise company

 

Our IT teams today are tackling a security threat that stretches from the data center to the edge, can be carried by millions of connected devices, and is changing shape every day. The devices that we choose to work on, the locations that we work in, the people that we are collaborating with, the applications we choose to use – these are all constantly in flux. When things change, security teams have to readjust policies and controls. Isn’t it a big ask to expect them to keep chasing after us, all day, every day?

No CIO can ignore the high-profile attacks that continue to threaten organizational reputations around the world. It’s no wonder that security is the top of the agenda in many boardrooms or that a new C, the CISO (Chief Information Security Officer), has joined the management team. Protecting the organization is obviously a huge priority.

But how is this actually achievable, unless we are able to anticipate the small, but significant, changes that are happening on the network day to day?

If we are asking human IT teams to constantly monitor the data being shared by incoming and existing devices, which can easily reach into the thousands for a large enterprise, then we are creating security systems that lack the ability to scale in line with the threats.

Because human teams can get tired and make mistakes (they are human), the most common approach is to make blanket rules and restrictions across the network to serve as a catch-all against new inbound threats. The problem here, is that very quickly the user experience suffers. Which in turn, can affect productivity, and even morale.

This is where machine learning comes to the aid of human security teams.

 

Machine learning, security improving

With any luck, that last sentence will not have made your eyes roll. We should be moving past concerns about AI replacing human roles or being relied upon as a cost-saving measure. The point about machine learning, in the context of security, is that it gives us an always-on, 24/7 tool that allows us to spot the type of threats and exploits that it would be difficult, or even impossible, to detect with human eyes.

The way many companies run IT security today leaves definite room for improvement. Either you are running with such sensitive filters that it generates a mountain of false positives, meaning you can’t see the wood for the trees. Or filters are turned down to a manageable level, leaving big gaps in your defenses. Both scenarios, of course, risk genuine threats sneaking through.

With machine learning, there is an ability to detect minute changes in data that would likely slip through traditional defenses. Using machine learning and UEBA (user and entity behavioral analytics), we are able to set a baseline for every single device connecting to the network, from the latest user mobile device to the air conditioning unit, connected as part of a new IoT initiative. Everything is quickly recognized, profiled and connected, giving each connected entity, its own unique risk profile.

As soon as a device behaves in a way that strays outside of its recognized profile or baseline, the network sees it, and takes action. This action could be to raise the risk, re-route the data for deeper analysis or immediately raise an alert, which compels human security teams into action. Assuming there is no wrongdoing, the user experience is not impacted, beyond perhaps being asked to confirm the activity was indeed them and all is OK.

In the case of a serious event, the device will be quarantined from the rest of the network, to limit any potential damage that might have occurred. All because the machine is analyzing millions of individual packets of data, all the time. It’s a job that no human team can realistically do, or would want to do.

With machine-led security continually learning, adjusting baselines and detecting new threat patterns, human teams are not usurped. They are enormously aided, by being alerted only to the issues that they really need to inspect. This automatic monitoring offers IT staff exceptional time savings, which actually means an improvement to their job role. Instead of fighting fires, security teams will be able to focus on building better IT experiences across their organization, and saying yes to new innovations. Security teams may actually become a revenue driver for the business.

 

Security’s positive impact on the workforce

The tasks of human security workers may well change as the world of machine learning, building to full AI, begins to accelerate. But we should never fear change. Especially when the likely new roles carry even wider business relevance. The promise of machine learning is there, but it still needs highly skilled teams to build it into the core of the network, re-apply it to other business areas, and proactively monitor it for new insights.

We’re faced by intelligent threats, targeting valuable user data, across a network that has more end points (and entry points) than can be counted. Isn’t it about time we acknowledged that human IT staff need the help they can get?

PREVIOUS ARTICLE

« Transactions without borders: Building a global payments infrastructure

NEXT ARTICLE

From the 1800s to today: The world's oldest technology companies »
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

How to (really) evaluate a developer's skillset

Adrian Bridgwater’s deconstruction & analysis of enterprise software

Unicorns are running free in the UK but Brexit poses a tough challenge

Trevor Clawson on the outlook for UK Tech startups

Cloudistics aims to trump Nutanix with 'superconvergence' play

Martin Veitch's inside track on today’s tech trends

Poll

Is your organization fully GDPR compliant?