Security Program Controls/Technologies

Machine Learning for Cybersecurity: How to Move Forward

Author: Jon Oltsik
Author: Jon Oltsik

At the recent Black Hat conference, you couldn’t pass a slot machine without some cybersecurity technology vendor crowing about machine learning or artificial intelligence. Yup, machine learning algorithms have great potential to help with security analytics and employee productivity, but this technology is in its infancy and not well understood.

Want proof? ESG asked 412 cybersecurity professionals to assess and characterize their knowledge of machine learning/artificial intelligence as it relates to cybersecurity analytics and operations technologies. Of the total survey population, only 30% of respondents claim to be very knowledgeable in this area. In other words, 70% of cybersecurity professionals really don’t understand where machine learning and AI fit.

Furthermore, cybersecurity pros were asked if their organizations have deployed or are planning to deploy machine learning/AI technologies for cybersecurity analytics and operations. Only 12% say that their organization has done so extensively.

Infosec professionals see potential here—only 6% of respondents have no plans to deploy machine learning/AI technologies for cybersecurity analytics and operations. Good upside for cybersecurity technology vendors but lots of work remains. The cybersecurity industry must:

  • Educate the market. To be clear, few cybersec pros care about the underlying technology. Rather, they really need to know what it can and can’t do.
  • Identify use cases. Similarly, CISOs want to know how to apply this technology for maximum benefit today, and where it can be added for incremental value in the future.
  • Leverage existing technologies. Note to machine learning/AI cybersecurity technology vendors: Make sure you build off existing tools rather than ask CISOs to adopt new servers, user interfaces, and reports. Smart machine learning/AI vendors will partner with SIEM vendors like IBM, LogRhythm, and Splunk for example. HPE is also doing some interesting integration between Introspect (Niara) and ClearPass (Aruba).
  • Provide help. I’m convinced that the most successful machine learning/AI cybersecurity technology vendors will bundle their wares with professional and/or managed services.

As a fellow geek, I find machine learning/AI technology extremely cool but no one is buying technology for technology sake. The best tools will help CISOs improve security efficacy, operational efficiency, and business enablement.

Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. Read more ESG blogs here.