Home Security Machine learning can assist security teams: ExtraHop
ExtraHop director of security Barbara Kay ExtraHop director of security Barbara Kay

"Machine learning is here to stay" as a way of getting value from existing security-related data, ExtraHop director of security Barbara Kay told iTWire.

But "a lot of people claim [their product incorporate] AI but don't deliver on it", she observed.

AI is not always the best fit in a security context, suggested Kay. In general, there is a need to automate and manage risk effectively, and doing the wrong thing can be worse than taking no action – you don't want AI to break your business by shutting down a crucial service, she said.

If an automated system detects suspicious activity, a common response is to shut down or isolate that component. That's fine if it is just one PC in your contact centre, because all the other agents can keep working.

But when the suspect computer is part of a wider system (eg, a Web server that's part of an ecommerce site along with a database server and other elements), it's important to understand the interdependencies before taking action, especially if restarting the overall system is a complex process.

Weak information leads to more false positives, and each decision made on the basis of weak information increased the risk of a bad outcome, she said.

Machine learning does have a part to play in maintaining security, but it should be "just in there" in much the same way as a driver doesn't think about a car having anti-lock braking.

Traditionally, most of the effort has gone into the prevention part of IT security, said Kay. But there's an increasing realisation that detection and response needs more attention.

Network traffic — if appropriately analysed — can provide useful information for the detection piece, especially as intruders increasingly know how to alter, disable or delete logs.

ExtraHop's approach, which comes from its background in performance management, is to take a copy of network traffic for analysis. That way, "they [intruders] don't know you're there", Kay explained.

This data provides "a strong foundation" for advanced analytics, and in turn those analytics go beyond detection to suggest possible courses of action.

This makes it easier for staff to explore situations, and allows them to investigate a larger number of alerts.

Traffic analysis "makes good business sense" for some organisations, said Kay, but it hasn't been seen as a priority until recently. Now, organisations have a better idea of risks and costs, and "the downside of going down".

FREE SEMINAR

Site24x7 Seminars

Deliver Better User Experience in Today's Era of Digital Transformation

Some IT problems are better solved from the cloud

Join us as we discuss how DevOps in combination with AIOps can assure a seamless user experience, and assist you in monitoring all your individual IT components—including your websites, services, network infrastructure, and private or public clouds—from a single, cloud-based dashboard.

Sydney 7th May 2019

Melbourne 09 May 2019

Don’t miss out! Register Today!

REGISTER HERE!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

 

Popular News

 

Telecommunications

 

Guest Opinion

 

Sponsored News

 

 

 

 

Connect