INTERVIEW: Machine learning can help filter the increasing noise on complex IT networks to spot the emerging cyber threats that pressured tech teams might miss.
Machine learning can help filter the increasing noise on complex IT networks to spot the emerging cyber threats that pressured tech teams might miss.
Emily Orton, director at Darktrace, a company applying machine learning algorithms to cyber security, said that such smart software is a means for IT teams to keep up with the constant onslaught on new and persistent cyber threats.
“Threats are getting so complex now and fast moving that it’s become very, very difficult to pre-define what bad looks like in advance and at the same time our organisations and networks are getting more and more complex; we’re struggling with our own complexity as well as the complexity of the threat landscape,” she told TechWeekEurope at IP Expo 2016.
“It’s become really, really hard for security officers to catch up with all of that, you need an automated system to give you visibility of everything that’s going on.”
Tracing cyber threats
“So this is why machine learning is going to be really important in the future because machine learning is actually looking at huge sets of data and automatically learning what’s normal and not normal for my [IT} environment,” added Orton.
She explained that Darktrace uses a method of unsupervised machine learning which scans a customer’s entire network, right down to the behaviours of individuals and lone devices and analyses that information to learn what is considered normal activity for that network.
Then using methods based on probabilistic mathematics, the system can filter through all the noise of activity on the network and calculate what is a genuine anomaly in activity and thus a potential threat, rather than sending constant alerts to beleaguered IT departments.
Using machine learning this way not only allows for major visibility into network activity but also helps spot emerging threats that even cyber security experts might miss amongst the day-to-day network noise.
“Emerging threats are very difficult to categorise in advance; it might be as simple as user who’s decided to contravene policy in order to send source code home on the weekend because he wants to work on his development project over a couple of beers,” said Orton.
“Now that’s not going to fall into any particular category but it’s an emerging threat and its potentially opening up the company to vulnerability.”
But with machine learning, these changes in behaviours can be spotted which may be ignored by human security specialists or more traditional end-point protection software.
Automatic for the people
While machine learning technologies applied in this fashion are currently used to assist in threat detection and protection, Orton predicts the tech will evolve to start taking action upon the behalf of security officers, to further remove the pressures put on the time and resources of IT teams as more cyber threats crop up.
“In the future what we anticipate is not only self-learning detection, but also self-defending networks; a machine learning technology that takes action, which is targeted, measured, proportionate action on your behalf while you have time to catch up,” explained Orton.
“Because the reality is you’re never going to be able to catch that ransomware attack or that automated attacker quick enough with the speed of threats today.”
For the full interview with Orton, check out the video above.
Machine learning is increasingly finding its way into various software including Google G Suite.