Machine Learning for Security: The Road to Cognitive Security

By: Fran Howarth| - Leave a comment


The use of machine learning to identify suspicious online activity is a new and important function in securing the network. It refers to the ability for a computer to digest and learn from data so that the body of knowledge can grow over time. And there are a wide range of use cases for machine learning.

When it comes to machine learning for security, the knowledge that the system gains makes it better able to identify threats and see patterns that constitute an attack. Machine learning is a subsector of the field of artificial intelligence, and refers to the ability of computer systems to learn from security data and information, improving detection capabilities over time.

Vastly Improve Detection Capabilities

Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory have found the use of machine learning systems that incorporate input from human experts can predict 85 percent of cyberattacks and reduce false positives by a factor of five. This can be done by continuously monitoring data and information along with input from human experts. With machine learning for security capabilities, millions of records can be processed in real time, taking into account an extremely wide range of variables.

Combine Machine Learning With Human Expertise

Given the volume of threats affecting networks — especially those that are designed to evade defenses — this feat is impossible to manage without automation. However, artificial intelligence does require human feedback in order to increase its effectiveness and accuracy, as well as to increase detection capabilities. For example, targeted attacks are often used to gain access to privileged credentials, as explained by eWeek, allowing them to appear as legitimate users to the system, requiring the actionable intelligence provided by humans to define what constitutes normal behavior.

One of the main benefits of machine learning for security is that it allows more processes to be automated, which can alleviate the workload on security operations staff. This is particularly appealing given the worldwide security skills shortage, which Dark Reading observes in multiple industries.

How Machine Learning Works

Machine learning for security purposes should ideally understand all forms of data, even that which is unstructured. Why? Unstructured data makes up north of 80 percent of all information, including both written and spoken language. Systems like these are being taught using the same type of information relied upon by security analysts to synthesize insight for research reports, conference materials, academic papers, news articles, blog posts and industry alerts.

As the system learns, it can better recognize cybersecurity terms and make connections between related pieces of information and events.

The Road to Cognitive Security

The end goal of machine learning, here, is to achieve cognitive security. When a machine learning system can provide context by continuously extracting features and patterns from enormous reams of data — combined with human analysis and expertise — organizations can effectively respond to the threats they face with greater confidence and efficiency, and thus spot and react to trends and events as they unfold. This allows them to take a more proactive stand on security, rather than reacting to events that have occurred, because machine learning systems will constantly scour for anomalies and vulnerabilities to identify patterns based on the actionable knowledge they build up over time.

With cognitive security capabilities, security operations teams can enhance their ability to withstand risk on behalf of the organization. This is the panacea that every organization should be aiming for to safeguard itself against the ever more complex and demanding threat environment facing them today.

Topics: , , , ,


About The Author

Fran Howarth

Freelance Writer

Fran Howarth is an industry analyst and writer specializing in cybersecurity. She has worked within the security technology sector for more than 25 years in an advisory capacity as an analyst, consultant and writer. Fran focuses on the business needs for security technologies, with a focus on emerging technology sectors. Current areas of focus include cloud security, data security, identity and access management, network and endpoint security, security intelligence and analytics and security governance and regulations. Fran can be reached at

Articles by Fran Howarth
See All Posts