Machine learning is accelerating the pace of progress, it is time to explore this issue. Ai can really protect our systems in the future against cyber attacks.
Today, an increasing number of cyber attackers are launching cyber attacks through automated technology, while the attacking enterprise or organization is still using manpower to summarize internal security findings, and then compare them with external threat information. Intrusion detection systems deployed in this traditional way often take weeks, even months, but during the period of security personnel fixes, attackers can still exploit the vulnerabilities and plunder the data. To address these challenges, some pioneers have begun using artificial intelligence to perform day-to-day network risk management operations.
According to Verizon Data breach, more than 70% of the attacks were done by discovering patches using known vulnerabilities. At the same time, the findings suggest that a hacker could exploit the vulnerability in a few minutes of the disclosure. The importance of repair speed is evident. However, because of the shortage of security professionals and the need for large datasets to be handled in a secure state, it is not surprising that vulnerability remediation cannot keep up with cyber attackers.
Recent industrial surveys have shown that it takes an average of 146 days for an organization to fix a fatal leak. These findings have undoubtedly sounded a wake-up call for us to rethink the existing enterprise security imperative.
Attackers have long used machine and automation technology to simplify operations. Then we can do it again.
In the 2016, the industry began to treat artificial intelligence and machine learning as the holy Grail, improving the detection and responsiveness of organizations. The algorithm used to learn the data repeatedly to ensure the discovery of the threat, and this process does not require the operator to consider "what to find" problem. In the end, AI can help people automate problems in three specific events.
Large data recognition threat
When the concept of network security occurs, all organizations face a difficult problem.
In the past, attention to network and terminal protection, and now applications, cloud services and mobile devices (such as tablets, mobile phones, Bluetooth devices and smart watches) to join, so that the Organization's development of these projects must be adequate defense against them. However, the attacking planes that need to be defended are expanding and will become larger in the future.
This "broader and deeper" attack surface will only increase the number, speed, and complexity of the data generated by countless it and security tools in your organization. Analysis, normalization and prioritization of compromised systems are particularly important. The more tools, the more difficult the challenge, the broader the attack surface, the more data analysis to be done. Traditionally, manual repairs require a large number of staff to comb through a large number of data connection points and identify potential threats. Within a few months of trying to repair the security personnel, the attacker could exploit the vulnerability to extract the data.
To break through the existing mode of thinking and automate the traditional safe operation has become the top priority of supplementing the scarce network security operation personnel. It is in this context that the use of a human-computer interactive machine learning engine can achieve the effect of automating data aggregation across different data types, collecting evaluation data to compliance requirements, normalizing information to eliminate false positives, repeating reports, and a large number of data attributes.
More relevant risk assessment
Once internal security information is found to match external threat data (for example, exploits, malware, threat agents, reputation intelligence), it is important to determine whether these discoveries are associated with critical business or not to determine the real risks and their eventual impact on the business. For example, suppose that in the process of a machine, because the machine does not know the "coffee server" compared to the "email service" on the business impact, ultimately led to remedial measures can not be concentrated in the real need to remedy the event. In this example, the machine learning and advanced algorithms of human-computer interaction are counterproductive, which is not a phenomenon we would like to see.
The emergency response of self-learning
Increasing the number of security teams responsible for identifying vulnerabilities and collaborating with the IT operations teams that focus on remedying these teams remains a challenge for many organizations. Using the concept of risk-based network security as a blueprint, the automated process of active security event notification and human-computer interaction loop intervention can be implemented. By establishing thresholds and predefined rules, enterprises and institutions can also fix security vulnerabilities in a timely manner through the preparation of remedial measures.
While machine learning can help reduce repair time, it is able to protect the organization autonomously from cyber attacks.
In many cases, unsupervised machine learning can cause false positives and alarms to fall due to the exhaustion of alarms and attentional causes. For attackers, this result has undoubtedly brought them new ideas for destroying machine learning. But admittedly, it has reached a tipping point where humans cannot continue to process large amounts of security data. This leads to the so-called human-computer interactive machine learning.
The human-Computer interactive machine learning system analyzes the internal security intelligence and relates it to the external threat data, which helps the human to discover the threat data in the massive data. Humans then provide feedback to the system by labeling the most relevant threats. Over time, the system adjusts its monitoring and analysis according to human input, optimizing the possibility of discovering real network threats and minimizing false positives.
Let machine learning make significant progress in the evaluation of first-line safety data, enabling analysts to focus on more advanced investigations of threats rather than tactical data processing.
Original link
Machine learning is accelerating the pace of progress, it is time to explore this issue. Ai can really protect our systems in the future against cyber attacks.
Today, an increasing number of cyber attackers are launching cyber attacks through automated technology, while the attacking enterprise or organization is still using manpower to summarize internal security findings, and then compare them with external threat information. Intrusion detection systems deployed in this traditional way often take weeks, even months, but during the period of security personnel fixes, attackers can still exploit the vulnerabilities and plunder the data. To address these challenges, some pioneers have begun using artificial intelligence to perform day-to-day network risk management operations.
According to Verizon Data breach, more than 70% of the attacks were done by discovering patches using known vulnerabilities. At the same time, the findings suggest that a hacker could exploit the vulnerability in a few minutes of the disclosure. The importance of repair speed is evident. However, because of the shortage of security professionals and the need for large datasets to be handled in a secure state, it is not surprising that vulnerability remediation cannot keep up with cyber attackers.
Recent industrial surveys have shown that it takes an average of 146 days for an organization to fix a fatal leak. These findings have undoubtedly sounded a wake-up call for us to rethink the existing enterprise security imperative.
Attackers have long used machine and automation technology to simplify operations. Then we can do it again.
In the 2016, the industry began to treat artificial intelligence and machine learning as the holy Grail, improving the detection and responsiveness of organizations. The algorithm used to learn the data repeatedly to ensure the discovery of the threat, and this process does not require the operator to consider "what to find" problem. In the end, AI can help people automate problems in three specific events.
Large data recognition threat
When the concept of network security occurs, all organizations face a difficult problem.
In the past, attention to network and terminal protection, and now applications, cloud services and mobile devices (such as tablets, mobile phones, Bluetooth devices and smart watches) to join, so that the Organization's development of these projects must be adequate defense against them. However, the attacking planes that need to be defended are expanding and will become larger in the future.
This "broader and deeper" attack surface will only increase the number, speed, and complexity of the data generated by countless it and security tools in your organization. Analysis, normalization and prioritization of compromised systems are particularly important. The more tools, the more difficult the challenge, the broader the attack surface, the more data analysis to be done. Traditionally, manual repairs require a large number of staff to comb through a large number of data connection points and identify potential threats. Within a few months of trying to repair the security personnel, the attacker could exploit the vulnerability to extract the data.
To break through the existing mode of thinking and automate the traditional safe operation has become the top priority of supplementing the scarce network security operation personnel. It is in this context that the use of a human-computer interactive machine learning engine can achieve the effect of automating data aggregation across different data types, collecting evaluation data to compliance requirements, normalizing information to eliminate false positives, repeating reports, and a large number of data attributes.
More relevant risk assessment
Once internal security information is found to match external threat data (for example, exploits, malware, threat agents, reputation intelligence), it is important to determine whether these discoveries are associated with critical business or not to determine the real risks and their eventual impact on the business. For example, suppose that in the process of a machine, because the machine does not know the "coffee server" compared to the "email service" on the business impact, ultimately led to remedial measures can not be concentrated in the real need to remedy the event. In this example, the machine learning and advanced algorithms of human-computer interaction are counterproductive, which is not a phenomenon we would like to see.
The emergency response of self-learning
Increasing the number of security teams responsible for identifying vulnerabilities and collaborating with the IT operations teams that focus on remedying these teams remains a challenge for many organizations. Using the concept of risk-based network security as a blueprint, the automated process of active security event notification and human-computer interaction loop intervention can be implemented. By establishing thresholds and predefined rules, enterprises and institutions can also fix security vulnerabilities in a timely manner through the preparation of remedial measures.
While machine learning can help reduce repair time, it is able to protect the organization autonomously from cyber attacks.
In many cases, unsupervised machine learning can cause false positives and alarms to fall due to the exhaustion of alarms and attentional causes. For attackers, this result has undoubtedly brought them new ideas for destroying machine learning. But admittedly, it has reached a tipping point where humans cannot continue to process large amounts of security data. This leads to the so-called human-computer interactive machine learning.
The human-Computer interactive machine learning system analyzes the internal security intelligence and relates it to the external threat data, which helps the human to discover the threat data in the massive data. Humans then provide feedback to the system by labeling the most relevant threats. Over time, the system adjusts its monitoring and analysis according to human input, optimizing the possibility of discovering real network threats and minimizing false positives.
Let machine learning make significant progress in the evaluation of first-line safety data, enabling analysts to focus on more advanced investigations of threats rather than tactical data processing.