Light Dark
July 18, 2017 By Jack Danahy 4 min read
Artificial Intelligence
Endpoint

Machine learning is changing the way industries address critical challenges by using the combined power of automation, cloud-based scalability and specialized programming to surface unexpected relationships and insights. With thousands of new malicious programs emerging every day, security solutions that integrate responsive machine learning can identify and block threats that haven’t been seen before, so long as those systems are trained and tested at an appropriate pace. With this technology, it is now possible to derive value from vast quantities of data in a way that was unimaginable 20 years ago.

Machine Learning in Action

Health care was a natural early application for this breakthrough. First, machine learning was applied to the challenge of understanding the language of medicine. Natural language processing (NLP) evolved from the automated analysis of billions of data points to develop an understanding of common terms and expressions. Whether providing care data or querying sources for diagnostic information, machine learning was the foundation used to interpret and act on specific medical terms and requests.

Research into genetic and environmental causes for illness also accelerated. In traditional epidemiological studies, the near limitless permutations of symptoms, genetics and environment make causal associations obscure, and advancements are slowed by long studies, specific control structures and willing test subjects.

With machine learning, scientists can instead look for related characteristics in existing patients and victims. Patient histories may be analyzed across thousands of subjects, using specific algorithms to identify subtle patterns and highlight the elements that contributed most to the illness under consideration.

Learning the Language of Cybersecurity

Machine learning becomes more informed and accurate over time. The longer a condition is observed or a language is studied, the more precise the model becomes. Why? Because the characteristics or features of the subject under study remain consistent. The elements of language or the characteristics of an illness don’t change much, if at all.

IBM has applied machine learning to the challenge of enterprise protection with Watson for Cyber Security. Using decades of experience in security management, strategy and incident response, IBM trained Watson to understand the language of cybersecurity, recognize root causes, highlight urgent threats and provide answers to security questions for less experienced analysts. As with the health care example, the longer Watson learns, the more informed it becomes. There are always new techniques to add to the existing base that Watson already understands.

The Limits of Conventional Machine Learning

This changes, though, when it comes to endpoint protection — that is, actually protecting businesses and user machines from malware. Maintaining endpoint security in a rapidly changing environment requires testing and training machine learning models in near real time to maintain confidence amid the sheer volume of constantly changing data related to endpoint software and threats.

This is a different type of machine learning challenge because it requires the capability to disambiguate between good applications and malware, or between beneficial and malicious processes. With the high state of sophistication in modern malicious software and techniques, these differences are very subtle and can change frequently. Thousands of new malware variants threaten endpoints daily, and legitimate software is always changing and being used in unique combinations by businesses. Training with both the good and the bad is critical to effectively improving security.

Maintaining coverage against new forms of malware requires models that are continuously trained and tested against the newest threats. Meanwhile, maintaining accuracy and a positive user experience requires training and testing with new and customer-specific goodware to minimize the possibility of false positives.

Without this ongoing training, users are left with aging models, along with the prospect of maintaining whitelists and blacklists, all while waiting months for an updated model.

The Benefits of Responsive Machine Learning

Instead of simply adding more samples into an existing training set, endpoint protection machine learning models must be sensitized to identify new waves of malware while at the same time balancing new or updated desirable software. This requires responsive machine learning. In this approach, automation platforms ingest thousands of samples of malicious software and combine them with up-to-the-minute data on new, good software to create robust training sets.

With this data, models can be generated and tested regularly, rather than treating these updates like product revisions that occur every six months. By fine-tuning the model based on the software characteristics of various business sectors, it can be automatically customized to suit specific applications, ensuring greater accuracy and coverage for users.

Timeliness in data gathering provides real-time protection and responsiveness to meet today’s dynamic endpoint security threats. Machine learning is adaptive to the constant changes in the blurred line between good and malicious software.

What’s Your Security Vendor Selling?

Machine learning is a hot topic at the moment, so every vendor in the market seems to be talking about it. For enterprises evaluating endpoint security solutions, it’s critical to understand the differences between conventional and responsive machine learning. Otherwise, the technology your vendor is selling may not actually provide the protection you think you are buying.

When evaluating security vendors, ask for specifics on how often the model is updated and details about how it is kept up to date. What sources are used? Does the business consider both malware and legitimate software updates when creating new models? Are all customers given their own optimized model, or are they forced to use a common one? Will you be required to mitigate aging models, false positives and negatives through professional services or internal efforts?

Machine learning is rapidly changing the security solution landscape. On the endpoint, where the most important function is judging good or bad, security teams require a comprehensive, responsive approach to machine learning to deliver the forward-looking coverage and customized accuracy that modern businesses need.

Read the IBM Executive report on Cybersecurity in the cognitive era

 |  |  |  |  |  | 
Jack Danahy
CTO and Founder, Barkly

More from Artificial Intelligence
April 25, 2024

NIST’s role in the global tech race against AI

4 min read - Last year, the United States Secretary of Commerce announced that the National Institute of Standards and Technology (NIST) has been put in charge of launching a new public working group on artificial intelligence (AI) that will build on the success of the NIST AI Risk Management Framework to address this rapidly advancing technology.However, recent budget cuts at NIST, along with a lack of strategy implementation, have called into question the agency’s ability to lead this critical effort. Ultimately, the success…

April 24, 2024

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

April 10, 2024

What should an AI ethics governance framework look like?

4 min read - While the race to achieve generative AI intensifies, the ethical debate surrounding the technology also continues to heat up. And the stakes keep getting higher.As per Gartner, “Organizations are responsible for ensuring that AI projects they develop, deploy or use do not have negative ethical consequences.” Meanwhile, 79% of executives say AI ethics is important to their enterprise-wide AI approach, but less than 25% have operationalized ethics governance principles.AI is also high on the list of United States government concerns.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature