By Smit Kadakia

My friends and family find themselves discussing news stories these days that are inundated with futuristic tales of automation and how it is changing their lives in some form while giving them a distinct feeling of being left behind as they age.

The media approaches automation from multiple angles, though most publications often address modern day automation as a new frontier taking over mundane tasks now, but possibly our jobs in the future. Today’s automation certainly offers many wonderful benefits – for example, robotics in manufacturing automation, pattern recognition in self-driving cars, or just pre-learned actions such as airplanes flying by wire. One of the key components in all of these automation technologies is machine learning in one form or another. Such a wide variety of machine learning applications and their respective evolutions has become a broad subject resulting in a net positive impact on our society.

Now, imagine combining opportunities for machine learning with a vast ocean of Internet-based activity. Innovations in social media from companies like Google, Facebook and Netflix heavily influence advances in communication, shaping today’s generation and helping to make the world much smaller. Machine learning-based applications, when married to the Internet, have provided a great opportunity to almost anyone in any corner of the world to innovate and facilitate a better life, not just for themselves, but the society around them.

Jimmy Pikes, a Forbes contributor says that there is a $1.5 trillion Internet of Things (IoT) market consisting of sensors and kinetic devices. The amount of data generated by these devices alone can only be processed by machine learning methods as we know today. Additionally, all these devices will be vulnerable to cyber threats disrupting lives every day around the world.

Machine learning and its application in cybersecurity is of paramount importance. So, what is machine learning and how does it apply to cybersecurity?

Machine Learning and Cybersecurity

The vast amount of data, in petabytes per second, produced by today’s network of IoTs and other applications, form the launching pad for machine learning applications in cybersecurity. Traditional analysis has a much more difficult time dealing with such data volumes, whereas machine learning handles this in conjunction with contemporary big data frameworks much more efficiently. The analysis often takes a multi-pronged approach that spans new opportunities, defends currently valuable assets, and protects against criminal activities.

When it comes to cybercrime, machine learning can help protect your assets and business as a whole from ill-intentioned activities through data analysis that offers insights into such activities. From a data perspective, cyber threats are unique because most of the data is normal and only the smallest amount of data is a representative cyber threat. Even the most sophisticated machine-learning techniques will have a harder time identifying such a tiny amount of data, especially if this type of threat has not been seen before.

In fact, we have already seen how attackers have become increasingly sophisticated with many state-sponsored initiatives from China and Russia, utilizing such sophistication to exercise their influence on the world stage. The threat is such that the United States has now put together a comprehensive cyber strategy [link opens a PDF] with five specific goals depicting the importance of the cyber threat defenses on the national level.

The difficulty in fending off these attacks is limited not only to the identification of new or rare exploits, but by the speed by which these exploits can be found. It is imperative that the threat vectors are identified quickly and with confidence. Anything less will certainly increase the amount of damage, the tangible loss and the inability to reverse the damage. The lack of confidence will likely result in increased resource cost, but more importantly shift the focus from real threats to false positives.

As one can see, there is a great need to increase the accuracy and confidence of threat detection.

Addressing Speed and False Positives

The two objectives are not quite separate from each other, as reduced false positives will increase the speed of detection given the equivalent resource availability. Thus cyber security defenses should do everything reasonable to generate accurate outcomes in real time. The industry has taken multiple approaches to accomplish the feat; however, it is imperative that comprehensive visibility into all aspects of the underlying environment is available to enable power of machine learning capabilities. Additionally, machine learning needs reinforcement to detect Advanced Persistent Threats (APTs) and eliminate false positives.