An article was recently posted on the topic of applying machine learning to information security. The fact of the matter is that few sectors could benefit more from machine learning (ML) technology than cyber security. Why? ML can solve a couple big problems for InfoSec teams
- Managing too many alerts from various security tools, allowing security incidents to go unnoticed
- The difficulty of distinguishing ‘anomalies’ from the truly worrisome incidents
The author explains that “a significant amount of domain expertise is required in order to apply ML methods.” I couldn’t agree more. ML is more than math; domain expertise is a necessary ingredient to achieve accuracy without the noise (false positives).
ML can be applied to a number of cyber security domains. At Imperva, we couple ML technology with what we do best – protecting enterprise data. By applying domain expertise and specializing in a specific dataset – in this case, access to data repositories – Imperva CounterBreach can tell security teams exactly when internal users are touching data in an inappropriate or abusive manner. It won’t alert you to every anomaly (mathematical anomalies occur all the time in enterprises), but only when there is a true indication that data is at risk.
To learn more, read an interview with one of our data scientists in this blog post and watch a videoabout applying domain expertise to cyber security.