It is likely self-evident to many that the security industry’s most overused buzzword of the year is “machine learning.” Yet, despite the ubiquity of the term and its presence in company marketing literature, most people – including those working for many of the vendors using the term – don’t actually know what it means.
Scanning through industry sites and product descriptions, machine learning is often positioned as either a “new” tool or a “new” method – something that can provide additional capabilities or features.
For many classes of threat detection, machine learning is positioned as “signatureless” detection by those that don’t yet know the basic principles of the math or science behind it.
The best way to understand what machine learning is and what it truly brings to the security industry is to compare it to a technology advance that kick-started two centuries ago – the steel age.
For the longest time – from the “Iron Age” through to the “Steam Age” – iron was the fundamental building block of many technology advances and innovation. Companies built products and consumed goods based upon the inherent properties of iron.
There had been passing familiarity with a “better kind of iron” for many centuries, but only far away experts knew anything about it – it was considered more magic than science.
The 17th century saw innovation such as smelting iron to make pig iron, and the mid-18th century saw specialist small-batch production of steel ingots through crucible or blast furnace techniques
However, it wasn’t until the mid-1850s that the magic of steel transitioned in to a science and the capability to reliably produce steel in large quantities that could be consumed by other industries started to come online (check out the Bessemer Process).
Steel wasn’t a “new” device, a “new” tool, or (beyond those manufacturing it) a “new” product. Instead, steel allowed existing products and approaches to become better.
Knives could hold sharp edges longer, train rails became more durable and lasted longer than a few months, and ploughs could cultivate more land faster. New products like circular saw blades, barbed wire, and disposable razor blades also could be forged because of the core properties of steel.
Like the changes steel brought to technologies based upon iron, machine learning is facilitating new change – such as the way signature-based detection and evidence hunting is done.
Machine learning is opening new doors for products and technologies that were not feasible without the ability to efficiently process huge volumes of data or uncover hidden patterns that would only be discernable to a trained subject-matter expert.
The security industry is still in its infancy with regard to its applications and utilization of machine learning. The bounds of what is and is not possible have yet to be reliably defined.
Further to that point, speaking with academic professors in the world of computer science and security, they’re only now starting to acknowledge and plan for machine learning to be a category of mathematics as distinct as algebra and calculus, and just as important for future generations.
So, don’t get confused about what machine learning is; instead, focus on how it is being applied and what problems it aids in solving.
Günter Ollmann is CSO of the cloud and AI security devision at Microsoft and an advisor for Vector AI. Previously, he held the position of CSO at Vectra where he assisted in building the next generation of threat detection technologies capable of illuminating persistent threats, lateral movement, IoT integrity compromise, and attacks that bypassed the front-door. Günter was also a founder and principal at Ablative Security as well as an advisor for C3 Security and Yaxa. He received a B.S. in applied physics and mathematics and a M.S. in atmospheric physics at the University of Auckland.