Asia's Source for Enterprise Network Knowledge

Wednesday, May 22nd, 2019


Big data and machine learning: A perfect pair for cyber security?

First iOS trojan exploiting Apple DRM design flaws infects any iOS device

Online threats are emerging at a faster rate than ever. Between June and November of 2016, Malwarebytes discovered that almost 1 billion malware-based incidences occurred. These malicious programs becoming more sophisticated, and in turn, they're harder to detect and mitigate quickly.

Many organizations simply cannot keep up with the pace of cyber threats as there's little time to build up defenses against one before another appears. As a result, they're increasingly turning to advancing analytics tools to overcome this problem. Big data and machine learning could pair together to bolster cyber security and better protect company assets.

Analytics already making a statement

With information generated by and collected from an ever-growing variety of sources, big data analytics has already proven its value to a number of organizations for dozens of use cases. In that sense, it's no surprise that cyber security is next, particularly when it comes to learning from past attacks.

According to a report by the Ponemon Institute, organizations are 2.25 times more likely to recognize a security incident within hours or minutes of the event when they leverage big data analytics. These users have a higher confidence in their ability to detect issues, and 65 percent of respondents noted that using big data is essential to ensuring a strong cyber security posture.

Virtually any industry can use big data for better cybersecurity. In fact, 90 percent of surveyed federal IT managers acknowledged that there were able to decrease instances of malware, insider threats and social engineering by using big data, according to a report by MeriTalk and Cloudera. Another 94 percent plan to further their investment in facets of big data, such as business intelligence and machine learning. These tools will help sift through a vast amount of structured and unstructured information to deliver valuable insights.

Machine learning will add new functionality

While big data can clearly lead to cyber security improvement, it is often challenging to handle. The MeriTalk survey found that nearly half of federal agencies are overwhelmed by the sheer volume of cyber security data and cannot analyse it all in a timely manner. This could make it much harder to achieve the type of visibility that organizations need in their security infrastructure.

Adding machine learning into the equation might just be the answer to using big data more effectively and improving cyber security beyond measure. Machine learning solutions can quickly scan data to generate a picture of historical patterns of positive and negative behaviours. Businesses can use these capabilities to detect vulnerabilities, identify a breach as it's happening and correlate information from multiple sources. By uniting these tools, organizations can successfully thwart attacks and decrease the chance of experiencing breaches.

These powers unite for predictive capabilities

Machine learning and big data both have distinctive characteristics on their own, but when combined, they can provide active threat maps and even predict the next attack. In an article for Peerlyst, information technology expert Mark Cutting noted that assimilated data might be enough to identify a pattern of breaches to consider an organization at risk of an attack.

However, while real-time analysis has greatly improved, there's still no solid platform to confidently predict when exactly a breach will appear. Organizations should leverage a variety of machine learning and big data analytical processes to detect attacks early and prevent damage. Using information from these tools will help businesses create a strong strategy to have the best advantage possible.

Cyber security is a challenge for many organizations due to constantly advancing threats. By pairing big data with machine learning tools, businesses will be able to detect issues as they occur and quickly mitigate them to minimize potential damage.