INTELLIGENT ENTERPRISE SECURITY
While pre-
execution checks
file attributes to
make a malware
decision,
runtime
execution
requires
knowledge of
specific actions
attackers are
likely to use.
Because machine learning looks across
multiple dimensions, much of the data
that incident response teams require is
already available, but has traditionally
required extensive manual correlation.
Ideally, highly valuable investigation
and response data would be available
through the already-present endpoint
management console. The presence of
machine-learning technology results in
significant time savings, a factor of 10 is
not uncommon, that can help security
teams keep the business running
People matter the most, but combining
human intelligence with machine-learning
technology creates strong security teams.
The visibility into tactics throughout
the entire attack chain that machine
learning affords is critical to enhancing
the relationship between security teams
and technology. Machine learning enables
security teams to devise new defences
quickly to adapt to attackers’ automated
processes and make it more difficult for
them to be effective.
Remember, machine learning places
the time sequence of activity observed
between security products. With machine-
learning assistance, security teams have
greater insight into who the attacker is, the
methods being used, where the attacks are
coming from and how they are spreading,
as well as which security measures are
working and which are being defeated.
Most importantly, the presentation of
machine-learning results enables people
in security teams to do what they do best –
create intelligent, innovative and effective
solutions to new threats before significant
damage is done to the business. If people
are the company’s greatest assets, then
machine learning helps make them even
greater.
To close, machine learning should be
a critical component of an enterprise’s
endpoint security strategy. Given
the volume and evolution of attacks
hammering away at endpoints, security
must be able to adapt without human
intervention, and must provide the
visibility and focus to enable humans to
make more informed decisions.
Machine learning has come of age with
big data driving accuracy up and false
positives down. The proof of successful
human and technology teaming will be
seen in the ability to rapidly dismiss alerts
and accelerate solutions to thwart new
threats. End users deserve the best that
cybersecurity has to offer, and today the
best endpoint security products leverage
machine learning.
39