Light Dark
July 18, 2017 By Jack Danahy 4 min read
Artificial Intelligence
Endpoint

Machine learning is changing the way industries address critical challenges by using the combined power of automation, cloud-based scalability and specialized programming to surface unexpected relationships and insights. With thousands of new malicious programs emerging every day, security solutions that integrate responsive machine learning can identify and block threats that haven’t been seen before, so long as those systems are trained and tested at an appropriate pace. With this technology, it is now possible to derive value from vast quantities of data in a way that was unimaginable 20 years ago.

Machine Learning in Action

Health care was a natural early application for this breakthrough. First, machine learning was applied to the challenge of understanding the language of medicine. Natural language processing (NLP) evolved from the automated analysis of billions of data points to develop an understanding of common terms and expressions. Whether providing care data or querying sources for diagnostic information, machine learning was the foundation used to interpret and act on specific medical terms and requests.

Research into genetic and environmental causes for illness also accelerated. In traditional epidemiological studies, the near limitless permutations of symptoms, genetics and environment make causal associations obscure, and advancements are slowed by long studies, specific control structures and willing test subjects.

With machine learning, scientists can instead look for related characteristics in existing patients and victims. Patient histories may be analyzed across thousands of subjects, using specific algorithms to identify subtle patterns and highlight the elements that contributed most to the illness under consideration.

Learning the Language of Cybersecurity

Machine learning becomes more informed and accurate over time. The longer a condition is observed or a language is studied, the more precise the model becomes. Why? Because the characteristics or features of the subject under study remain consistent. The elements of language or the characteristics of an illness don’t change much, if at all.

IBM has applied machine learning to the challenge of enterprise protection with Watson for Cyber Security. Using decades of experience in security management, strategy and incident response, IBM trained Watson to understand the language of cybersecurity, recognize root causes, highlight urgent threats and provide answers to security questions for less experienced analysts. As with the health care example, the longer Watson learns, the more informed it becomes. There are always new techniques to add to the existing base that Watson already understands.

The Limits of Conventional Machine Learning

This changes, though, when it comes to endpoint protection — that is, actually protecting businesses and user machines from malware. Maintaining endpoint security in a rapidly changing environment requires testing and training machine learning models in near real time to maintain confidence amid the sheer volume of constantly changing data related to endpoint software and threats.

This is a different type of machine learning challenge because it requires the capability to disambiguate between good applications and malware, or between beneficial and malicious processes. With the high state of sophistication in modern malicious software and techniques, these differences are very subtle and can change frequently. Thousands of new malware variants threaten endpoints daily, and legitimate software is always changing and being used in unique combinations by businesses. Training with both the good and the bad is critical to effectively improving security.

Maintaining coverage against new forms of malware requires models that are continuously trained and tested against the newest threats. Meanwhile, maintaining accuracy and a positive user experience requires training and testing with new and customer-specific goodware to minimize the possibility of false positives.

Without this ongoing training, users are left with aging models, along with the prospect of maintaining whitelists and blacklists, all while waiting months for an updated model.

The Benefits of Responsive Machine Learning

Instead of simply adding more samples into an existing training set, endpoint protection machine learning models must be sensitized to identify new waves of malware while at the same time balancing new or updated desirable software. This requires responsive machine learning. In this approach, automation platforms ingest thousands of samples of malicious software and combine them with up-to-the-minute data on new, good software to create robust training sets.

With this data, models can be generated and tested regularly, rather than treating these updates like product revisions that occur every six months. By fine-tuning the model based on the software characteristics of various business sectors, it can be automatically customized to suit specific applications, ensuring greater accuracy and coverage for users.

Timeliness in data gathering provides real-time protection and responsiveness to meet today’s dynamic endpoint security threats. Machine learning is adaptive to the constant changes in the blurred line between good and malicious software.

What’s Your Security Vendor Selling?

Machine learning is a hot topic at the moment, so every vendor in the market seems to be talking about it. For enterprises evaluating endpoint security solutions, it’s critical to understand the differences between conventional and responsive machine learning. Otherwise, the technology your vendor is selling may not actually provide the protection you think you are buying.

When evaluating security vendors, ask for specifics on how often the model is updated and details about how it is kept up to date. What sources are used? Does the business consider both malware and legitimate software updates when creating new models? Are all customers given their own optimized model, or are they forced to use a common one? Will you be required to mitigate aging models, false positives and negatives through professional services or internal efforts?

Machine learning is rapidly changing the security solution landscape. On the endpoint, where the most important function is judging good or bad, security teams require a comprehensive, responsive approach to machine learning to deliver the forward-looking coverage and customized accuracy that modern businesses need.

Read the IBM Executive report on Cybersecurity in the cognitive era

 |  |  |  |  |  | 
Jack Danahy
CTO and Founder, Barkly

More from Artificial Intelligence
December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

December 17, 2024

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

December 12, 2024

Security roundup: Top AI stories in 2024

3 min read - 2024 has been a banner year for artificial intelligence (AI). As enterprises ramp up adoption, however, malicious actors have been exploring new ways to compromise systems with intelligent attacks.With the AI landscape rapidly evolving, it's worth looking back before moving forward. Here are our top five AI security stories for 2024.Can you hear me now? Hackers hijack audio with AIAttackers can fake entire conversations using large language models (LLMs), voice cloning and speech-to-text software. This method is relatively easy to…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature