Where machine learning helps enhance information security, and where it doesn’t

Machine learning is transforming almost every area of computing; the natural evolution of big data, advances in computing power, and a growing understanding of how to train machines to anticipate external events and react accordingly. This movement is starting to have a big impact on security thinking, and we plan to showcase several companies and individuals working on machine-learning advances this September at Structure Security.

I recently had a chance to chat with Kevin Mahaffey, CTO and co-founder of Lookout Security (pictured), about the rise of machine learning in security applications. Mahaffey will be on a panel discussion with Carson Sweet of Cloud Passage and Mark Terenzoni of SQRRL during Structure Security that will give us more details on the current state of machine learning in security applications.

It’s quite trendy in 2016 to use “machine learning” as an adjective for any tech startup’s products or services (“it’s like the truffle oil of security,” Mahaffey joked), but Lookout has been working on machine-learning applications for its mobile security products for years, and the results are starting to show.

It turns out that machine learning is useful for a set of security applications, but doesn’t necessarily help you solve all security problems, Mahaffey said. Machine learning is very good at finding zero-day threats that we haven’t seen before: they’re brand-new, and therefore deviate from existing patterns, which is something that can be spotted by computers trained to look for deviations from existing patterns, he said.

This could be especially helpful for securing the internet of things. Most connected devices on the internet of things or in industrial internet deployments have limited tasks and therefore will have relatively simple and consistent data flows. If you see even a small deviation in data that is almost always constant, you know you’ve got a problem, and that’s something sophisticated machines can do with ease.

However, machine learning doesn’t really help the threats faced by most organizations, which are usually older and less sophisticated than eye-popping zero-day threats. Channeling the hacker mentality, Mahaffey explained, “I don’t come in everyday and try to find the hardest possible surface to bang my head against. I try to find the easiest exploit and drive a semi truck through it.”

Machine learning also has the tendency to produce a lot of false positives or false negatives, time wasters that create headaches for information security professionals. And you still need a good team of professionals to train and evaluate your machine-learning activities. Proper machine learning requires a ton of clean, reliable data (which requires human intervention) and clever analysts to make sure the learning model is on track.

But as we talked about last week with Art Coviello, the more forward-thinking security organizations at companies are starting to deal much more in risk assessment than playing whack-a-mole with perimeter security holes. Machine learning is great for this, especially at financial institutions that are constantly under attack and need to know when they are dealing with something unique and dangerous.

At Structure Security, you’ll have a chance to listen to several experts in machine learning in security explain how machine learning can benefit your organization, or why you can probably afford to spend your security budget on more basic defenses. In addition to the panel mentioned above, Stuart McClure, CEO of Cylance, and Oren Falkowitz, CEO of Area1 Security, will talk about their work on machine learning techniques for security applications. Don’t miss this chance to separate the hype from the reality when it comes to machine learning and security.

More information on Structure Security, scheduled for September 27th and 28th in San Francisco, can be found here. You can register for tickets here.

Google’s machine learning expertise followed a long road to Go

Google’s machine-learning research efforts traveled down a long road before it was able to pass Go, according to Jeff Dean of Google.

Dean, senior fellow at Google and architect of much of its machine-learning strategy, took attendees at Structure Data 2016 through a short history of Google’s machine-learning program that recently bested the South Korean world champion in the ancient game of Go, thought to be the most complex human game mastered by computers. Machine learning and neural networks started off as pure research for Google back in 2012, but quickly found their way into products such as speech recognition, Dean said. Other groups started to add machine-learning capabilities to their products as they realized the capabilities of the technology, especially in image-related areas.

With the release of Tensorflow last year, Google allowed others outside of the exclusive machine-learning expert community to start playing around with these technologies at different levels, depending on their familiarity with the technology. These capabilities will also become more widely available through Google’s cloud services over time, he said.

Check out the rest of our Structure Data 2016 coverage here, and a video embed of the session follows below:

Building Google: From search engine to AI poster child from Structure on Vimeo.

Bloomberg wants to help non-profits with its unique data skills

Bloomberg is a company woven directly into the fabric of capitalism, providing an information service that Wall Street considers indispensible when moving money around the world. That doesn’t mean it lacks a softer side.

One part of Bloomberg’s mission has always been philanthropy, said Gideon Mann, head of data science and the CTO office at Bloomberg, speaking at Structure Data 2016. The company regularly brings together non-profits and government organizations to see how it can apply its data to the problems faced by those groups, he said.

For example, Bloomberg’s data has helped conservationists make plans based on image-recognition analysis of zebra herds. And after Hurricane Katrina devastated New Orleans, Bloomberg helped the city’s fire department allocate a donation of smoke detectors to the neighborhoods in which that equipment was needed the most.

Check out the rest of our Structure 2016 coverage here, and a video embed of the session follows below:

Using Data Science for Social Good from Structure on Vimeo.