Why security teams should treat machine learning like a junior employee Posted on : May 17 - 2018

Security teams should not assume a machine learning programme can hit the ground running – there needs to be an onboarding process.

Machine learning is critical to the future of cybersecurity and helping security teams overcome the challenges of modern cybersecurity attacks. Indeed, its ability to ‘outthink’ humans can boost return on investment (ROI), drastically improve productivity and minimise resource expenditure. However, machine learning is also not just a ‘set and forget’ solution. In fact, companies need to treat machine like an intern on their first day. Security teams should not assume a machine learning programme can hit the ground running – there needs to be an onboarding process where you check in on the models frequently and spend time getting them started in the right direction.

Machine learning – the onboarding processes

Machine learning models are fast, tireless and retentive, but they often lack common sense. Just like an intern on their first day, machine learning is not going to understand how the organisation works, nor the concepts it will eventually master. Therefore, with any machine learning project, there must be an onboarding process.

To start with, machine learning models need to be checked frequently and a lot of time must be spent on getting them started in the right direction. Indeed, machine learning is unable to think critically, which is why humans need to be closely involved when it comes to cyber security. Models are low-level taskmasters that cannot see the bigger picture and, as such, need to be continually spoon-fed instructions.

Over time, machine learning models will see patterns based on feedback and will learn to see what security teams want them to see. The more the models learn the less human monitoring they will require, but they should never be completely autonomous in cyber security. They do not see things or follow a thought process the way a human brain would. They can quickly stray away from the task at hand, sending the entire programme into disarray.

There are four ways security teams can make the most of a machine learning programme:

1.      Implement safety nets and monitoring

Before building a pipeline, it is critical that security teams make sure the proper safety nets are in place – the first of which is called a ‘tripwire.’ If the model exceeds expectation of the number of instances it will classify within a certain period, the tripwire will automatically disable it. This measure is critical to prevent it from running out of control. View More