Lately there has been a lot of buzz around machine learning. Many, if not all, new vendors are implementing some sort of machine learning into their latest solutions. But can it bring new, additional value to the cybersecurity strategy for organisations?
Machine learning is definitely a hot topic with many CISOs who are currently looking for some sort of ‘silver bullet’ solution to help them defend against nation states, corporate espionage or garden variety malware. So, can machine learning add any new value to the realm of cybersecurity? Read on to find out.
Security information and event management (SIEM) systems were created to take security events from numerous sensors (IPS, DLP, WCF, firewall etc.), aggregate and correlate them with user-configured asset information and provide more accurate security events to cybersecurity analysts, with increasing accuracy.
Unfortunately, SIEM has its own issues. The main concern with any SIEM is the fact that it is very hard to get it from fresh out of the box to providing actionable security events without investing in professional services. In essence, SIEM was a great idea, but the issues and costs that come along with it are plenty; so much so that it is quite lucrative to be a SIEM expert in this day and age. Time for an upgrade!
Now that many great innovations have come about in the cybersecurity world, it’s time for the great leap forward. Machine learning takes concepts based in SIEM and various detection appliances and improves on them by taking into account the behaviour of your users. By getting a complete picture of the goings on in your environment, a security solution that leverages machine learning can better detect threats. The beauty of machine learning is that a “big data” repository is not required, as an agent-based endpoint monitoring solution can provide information to a central repository where the data is processed and stored as events without requiring logs from each of the additional security sensors on the network. Wait, we don’t have to sift through millions of logs?
To find out whether machine learning has the potential to add value to your cybersecurity and data protection or not, download our Whitepaper and delve deeper.