How Is Machine Learning Used in Cybersecurity?
Machine learning has a wide range of applications across many industries—and cybersecurity is no exception. In fact, the market for artificial intelligence (AI) in cybersecurity is expected to reach USD $38.2 billion by 2026.
Anyone in the corporate security or cyber investigations space is well aware that adversaries are becoming rapidly more advanced, and cyber-attacks becoming more widespread across every sector. Cybersecurity teams are using machine learning to detect and mitigate digital risks more effectively in this quickly evolving landscape.
What exactly is machine learning, and why is it an important feature in your cybersecurity toolkit?
What Is Machine Learning?
The terms machine learning and AI are often used in the same breath—but machine learning is considered a type of AI, which in and of itself is quite difficult to define. According to Eric McLachlan, a Senior Developer at Echosec Systems, AI can be loosely defined as “computational intelligence.” However, just as “intelligence” is subjective, what constitutes AI depends on who you’re talking to.
Machine learning, on the other hand, is easier to define: It’s an AI technique that delegates the task of learning to a computer, using algorithms to find patterns within a data set. One type of machine learning, deep learning, is effective at solving a variety of problems. The term “deep learning” is often synonymous with “neural networks” because it learns using a similar mechanism to biological neural networks.
In the context of classifying text, the goal of machine learning is to train a machine to recognize that a particular combination of words relates to a particular text class or category—for example, whether the content of a dark web post indicates a data breach.
Some machine learning algorithms, such as those developed by Echosec Systems, go a step further. These deep learning models map sentences to a vector space, training the computer to discern word order, identify concepts, and contextualize classified data in multiple languages.
For end-users, this means the ability to discover content by concept or meaning with a great deal of accuracy, rather than searching by keyword and manually reviewing results for relevancy.
Eric McLachlan, Senior Developer at Echosec Systems, discusses the role of machine learning and AI in the Echosec Systems Platform
Why Cybersecurity Teams Need Machine Learning
It’s probably already clear how the power of machine learning can be harnessed in cybersecurity—particularly in the threat intelligence process. Cybersecurity professionals rely on data from the surface, deep, and dark web to detect threats and gather relevant investigative information.
That’s an impossibly large amount of data to manually search and assess thoroughly and efficiently. As much as 51% of organizations also struggle to hire cybersecurity analysts and investigators due to an industry skills shortage, further fuelling the need for automation.
Machine learning helps automate the process of finding, contextualizing, and triaging relevant data at any stage in the threat intelligence lifecycle. This could mean anything from finding dark web forum posts indicating a data breach, to detecting suspicious network activity in real time.
With machine learning capabilities, organizations can evaluate a larger scale of data to ensure they aren’t missing out on critical information while reducing false positives. Staff can also delegate more energy to tasks that actually require human intelligence rather than using resources to manually curate data. After all, the goal is to improve a cybersecurity team’s capabilities—not to replace them with AI.
How Is Machine Learning Used in Cybersecurity?
There are many stages in the threat intelligence process that can be improved by machine learning. In the real world, there is no “one-size-fits-all” digital risk protection tool, and most companies (58%, according to Forrester research) utilize 2-3 solutions to fulfill their threat intelligence requirements. What does machine learning look like amongst these tools?
Machine Learning in the Echosec Systems Platform
As an example, let’s look at a solution like the Echosec Systems Platform. The Platform aggregates and filters threat data across a variety of social media networks and deep and dark websites. Echosec Systems’ machine learning models are trained to detect breaches and data disclosure (among other classes) based on data within these networks. This means that security personnel can search for the concept of a breach relevant to their organization rather than running breach-related keyword searches. The Platform automatically retrieves relevant data so that analysts don’t have to wade through results to find actionable breach indicators. There are many possibilities for gathering threat intelligence using machine learning, even beyond cybersecurity use cases. For example, machine learning models can also be trained to gather insights from open-source intelligence, including:
- Other cyber security threats, such as brute force attempts, phishing emails, and malware detection
- Hate speech, identity hate, and toxicity
- Radicalization, active shooter manifestos, and other physical threat indicators
- Public sentiment towards a brand or entity
- Specific chatter or content related to a crisis, such as COVID-19
It takes organizations almost 30 weeks, on average, to detect a data breach after the initial compromise. This significant delay is due in part to holes and inefficiencies in gathering actionable threat intelligence from available online sources—a danger that can be addressed by using tools that leverage machine learning.
Between advancements in AI, the growing volume of available threat data online, and increased cybersecurity risks, there has never been a better time for corporate security teams to integrate machine learning-based approaches into their risk management strategy.
Are there gaps in your threat intelligence process that ML could address?
Contact us to learn more.