Each month, we ask Fuel members to weign in with their opinions on the Cybersecurity Question of the Month, and we’re sharing their answers here.
Christopher Russell, a network security consultant and SIG member, and Paul Carter, an information security engineer and member of the Fuel Community Development Council, shared their thoughts on the following question: How can cybersecurity professionals leverage artificial intelligence (AI) / machine learning (ML) frameworks to implement predictive security measures?
Artificial intelligence and machine learning usage within cybersecurity is not new; cybersecurity vendors have been leveraging them for threat analysis and big data challenges posed by threat intelligence. On one hand, security solutions powered by unsupervised machine learning may churn out too many false positives and alerts, effectively resulting in alert fatigue and a decrease in sensibility. On the other hand, the amount of data and events generated in corporate networks are beyond the capacity of human experts.
How can cybersecurity professionals leverage AI/ML frameworks to implement predictive security measures?
Paul: The use of machine learning is exceptional for processing large amounts of data — much more than individuals can process. The implementation of machine learning can be utilized in a test environment while being compared to the findings of senior professionals to ensure that the machine learning is alerting and blocking correctly.
After the machine learning processing has been confirmed to be accurate, it is can be used to verify the finds of junior professionals.
Lastly, correlations can be created between the ticketing systems and the machine learning processing to make corrections when machine learning decisions negatively impact the network.
Christopher: By embracing machine learning, we can utilize massive amounts of data to come up with predictive and proactive signatures based on these large data sets rather than following preset rules. By using predictive models rather than reactive solutions, network security might be able to block zero day attacks before they are seen. Taking a tool like WildFire and giving it predictive capabilities would allow it to publish threat warnings before they hit the network.
About our contributors:
|Paul Carter, an information security engineer and Fuel member, has been using Palo Alto Products since 2013.||Christopher Russell, a network security consultant and Fuel member, has been using Palo Alto Products since 2015.|
Check Out Our Next Cybersecurity Question of the Month
Weigh in with your opinions and we'll share your answers in a roundtable format on Fuel for Thought. It's an easy, quick way for you to share your expertise and make a contribution to the Fuel community!
Topic: In the past, an IT perimeter for network security could be more easily defined and contained. Now, there are numerous devices that break traditional perimeter security including: applications that traverse through firewall policies; mobile devices; IP-enabled devices internal to the network; external devices that are allowed on the internal network 'temporarily;' wireless access points that are unknowingly deployed; and direct internet access from devices.What are the limits of a ‘perimeter-oriented’ security posture? What approaches do you take to keep ever-changing networks secure?
Share your answer in the April 2017 Cybersecurity Question of the Month thread on the forum or tell us your thoughts by contacting Jaclyn Moriarty, our Editorial Coordinator, at email@example.com.