One of your functions at your company for sure is to review trends and look into the future with your crystal ball. Machine Learning #ML is one of these areas that you need to pay attention to. I have been listening to signals from several sources recently through Singularity University and also sessions I attended at the RSA 2016 Conference by:
Machine Learning #ML is really being tested by Microsoft at scale because Microsoft has massive data networks. In my opinion this is good because as Microsoft learns they will not only apply this to their own systems security with Azure, for example, but the industry will benefit because their teams will be learning #ML and refining IT Security application in a real world environment. In his talk, Mark really stressed how challenging some of the scale of Azure security challenges.
The immediate benefits of machine learning are that I learned from this presentation are:
To find bad people and bad systems doing bad things you need to be able to do the two things listed above.
Combining independent events and prioritizing alerts is a non-trivial task. If a machine can assist in this, then why not do it.
Start to ask your vendors as you look at system upgrades and what their Machine Learning product development lifecycle looks like. By asking these forward facing questions, you will begin to layer a #ML into your strategy.
The Signal to Noise Ratio is the next area that we need to reduce the ceiling of complexity around. Mark talked about some other areas of benefits in regards to #ML that he observed through working with the Azure security teams.
One of the key parts of ML is that it is different than rules-based IT Security system because it, in theory, learns from feedback provided by an analyst. It needs human interaction to learn. This is a critical part of the ML process at this point.
To understand the difference between a Rules Engine and #ML look at the slide below. In truth though a #ML system will incorporate both.
Machine learning, however has a deeper impact in life, in IT, and IT Security than VoIP ever did.
The results Microsoft is getting from really deploying Machine Learning at scale to watch for suspicious logons is stunning. Look at the statistic below as Mark compared the old rules-based approach to Machine Learning:
To find the critical ‘needle in a haystack’ of IT events is very important. The signal quality is important and machines can help. Keep your eyes and ears open on this topic.
Look at outsourcing opportunities, for example. Ask your vendors what their product roadmap is relative to adding #ML capabilities.
Reduce the Ceiling of IT Security Complexity with the CIO Security Scoreboard. Learn more here
Stay tuned to my updates of IT Leadership, Exponential Technologies, IT Security Strategy, and Podcast interviews.