Light Dark
July 18, 2017 By Jack Danahy 4 min read
Artificial Intelligence
Endpoint

Machine learning is changing the way industries address critical challenges by using the combined power of automation, cloud-based scalability and specialized programming to surface unexpected relationships and insights. With thousands of new malicious programs emerging every day, security solutions that integrate responsive machine learning can identify and block threats that haven’t been seen before, so long as those systems are trained and tested at an appropriate pace. With this technology, it is now possible to derive value from vast quantities of data in a way that was unimaginable 20 years ago.

Machine Learning in Action

Health care was a natural early application for this breakthrough. First, machine learning was applied to the challenge of understanding the language of medicine. Natural language processing (NLP) evolved from the automated analysis of billions of data points to develop an understanding of common terms and expressions. Whether providing care data or querying sources for diagnostic information, machine learning was the foundation used to interpret and act on specific medical terms and requests.

Research into genetic and environmental causes for illness also accelerated. In traditional epidemiological studies, the near limitless permutations of symptoms, genetics and environment make causal associations obscure, and advancements are slowed by long studies, specific control structures and willing test subjects.

With machine learning, scientists can instead look for related characteristics in existing patients and victims. Patient histories may be analyzed across thousands of subjects, using specific algorithms to identify subtle patterns and highlight the elements that contributed most to the illness under consideration.

Learning the Language of Cybersecurity

Machine learning becomes more informed and accurate over time. The longer a condition is observed or a language is studied, the more precise the model becomes. Why? Because the characteristics or features of the subject under study remain consistent. The elements of language or the characteristics of an illness don’t change much, if at all.

IBM has applied machine learning to the challenge of enterprise protection with Watson for Cyber Security. Using decades of experience in security management, strategy and incident response, IBM trained Watson to understand the language of cybersecurity, recognize root causes, highlight urgent threats and provide answers to security questions for less experienced analysts. As with the health care example, the longer Watson learns, the more informed it becomes. There are always new techniques to add to the existing base that Watson already understands.

The Limits of Conventional Machine Learning

This changes, though, when it comes to endpoint protection — that is, actually protecting businesses and user machines from malware. Maintaining endpoint security in a rapidly changing environment requires testing and training machine learning models in near real time to maintain confidence amid the sheer volume of constantly changing data related to endpoint software and threats.

This is a different type of machine learning challenge because it requires the capability to disambiguate between good applications and malware, or between beneficial and malicious processes. With the high state of sophistication in modern malicious software and techniques, these differences are very subtle and can change frequently. Thousands of new malware variants threaten endpoints daily, and legitimate software is always changing and being used in unique combinations by businesses. Training with both the good and the bad is critical to effectively improving security.

Maintaining coverage against new forms of malware requires models that are continuously trained and tested against the newest threats. Meanwhile, maintaining accuracy and a positive user experience requires training and testing with new and customer-specific goodware to minimize the possibility of false positives.

Without this ongoing training, users are left with aging models, along with the prospect of maintaining whitelists and blacklists, all while waiting months for an updated model.

The Benefits of Responsive Machine Learning

Instead of simply adding more samples into an existing training set, endpoint protection machine learning models must be sensitized to identify new waves of malware while at the same time balancing new or updated desirable software. This requires responsive machine learning. In this approach, automation platforms ingest thousands of samples of malicious software and combine them with up-to-the-minute data on new, good software to create robust training sets.

With this data, models can be generated and tested regularly, rather than treating these updates like product revisions that occur every six months. By fine-tuning the model based on the software characteristics of various business sectors, it can be automatically customized to suit specific applications, ensuring greater accuracy and coverage for users.

Timeliness in data gathering provides real-time protection and responsiveness to meet today’s dynamic endpoint security threats. Machine learning is adaptive to the constant changes in the blurred line between good and malicious software.

What’s Your Security Vendor Selling?

Machine learning is a hot topic at the moment, so every vendor in the market seems to be talking about it. For enterprises evaluating endpoint security solutions, it’s critical to understand the differences between conventional and responsive machine learning. Otherwise, the technology your vendor is selling may not actually provide the protection you think you are buying.

When evaluating security vendors, ask for specifics on how often the model is updated and details about how it is kept up to date. What sources are used? Does the business consider both malware and legitimate software updates when creating new models? Are all customers given their own optimized model, or are they forced to use a common one? Will you be required to mitigate aging models, false positives and negatives through professional services or internal efforts?

Machine learning is rapidly changing the security solution landscape. On the endpoint, where the most important function is judging good or bad, security teams require a comprehensive, responsive approach to machine learning to deliver the forward-looking coverage and customized accuracy that modern businesses need.

Read the IBM Executive report on Cybersecurity in the cognitive era

 |  |  |  |  |  | 
Jack Danahy
CTO and Founder, Barkly

More from Artificial Intelligence
June 14, 2024

Generative AI security requires a solid framework

4 min read - How many companies intentionally refuse to use AI to get their work done faster and more efficiently? Probably none: the advantages of AI are too great to deny.The benefits AI models offer to organizations are undeniable, especially for optimizing critical operations and outputs. However, generative AI also comes with risk. According to the IBM Institute for Business Value, 96% of executives say adopting generative AI makes a security breach likely in their organization within the next three years.CISA Director Jen…

June 12, 2024

Self-replicating Morris II worm targets AI email assistants

4 min read - The proliferation of generative artificial intelligence (gen AI) email assistants such as OpenAI’s GPT-3 and Google’s Smart Compose has revolutionized communication workflows. Unfortunately, it has also introduced novel attack vectors for cyber criminals. Leveraging recent advancements in AI and natural language processing, malicious actors can exploit vulnerabilities in gen AI systems to orchestrate sophisticated cyberattacks with far-reaching consequences. Recent studies have uncovered the insidious capabilities of self-replicating malware, exemplified by the “Morris II” strain created by researchers. How the Morris…

June 7, 2024

Open source, open risks: The growing dangers of unregulated generative AI

3 min read - While mainstream generative AI models have built-in safety barriers, open-source alternatives have no such restrictions. Here’s what that means for cyber crime.There’s little doubt that open-source is the future of software. According to the 2024 State of Open Source Report, over two-thirds of businesses increased their use of open-source software in the last year.Generative AI is no exception. The number of developers contributing to open-source projects on GitHub and other platforms is soaring. Organizations are investing billions in generative AI…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature