Where machine learning helps enhance information security, and where it doesn’t

Kevin Mahaffey, CTO, Lookout Security

Machine learning is transforming almost every area of computing; the natural evolution of big data, advances in computing power, and a growing understanding of how to train machines to anticipate external events and react accordingly. This movement is starting to have a big impact on security thinking, and we plan to showcase several companies and individuals working on machine-learning advances this September at Structure Security.

I recently had a chance to chat with Kevin Mahaffey, CTO and co-founder of Lookout Security (pictured), about the rise of machine learning in security applications. Mahaffey will be on a panel discussion with Carson Sweet of Cloud Passage and Mark Terenzoni of SQRRL during Structure Security that will give us more details on the current state of machine learning in security applications.

It’s quite trendy in 2016 to use “machine learning” as an adjective for any tech startup’s products or services (“it’s like the truffle oil of security,” Mahaffey joked), but Lookout has been working on machine-learning applications for its mobile security products for years, and the results are starting to show.

It turns out that machine learning is useful for a set of security applications, but doesn’t necessarily help you solve all security problems, Mahaffey said. Machine learning is very good at finding zero-day threats that we haven’t seen before: they’re brand-new, and therefore deviate from existing patterns, which is something that can be spotted by computers trained to look for deviations from existing patterns, he said.

This could be especially helpful for securing the internet of things. Most connected devices on the internet of things or in industrial internet deployments have limited tasks and therefore will have relatively simple and consistent data flows. If you see even a small deviation in data that is almost always constant, you know you’ve got a problem, and that’s something sophisticated machines can do with ease.

However, machine learning doesn’t really help the threats faced by most organizations, which are usually older and less sophisticated than eye-popping zero-day threats. Channeling the hacker mentality, Mahaffey explained, “I don’t come in everyday and try to find the hardest possible surface to bang my head against. I try to find the easiest exploit and drive a semi truck through it.”

Machine learning also has the tendency to produce a lot of false positives or false negatives, time wasters that create headaches for information security professionals. And you still need a good team of professionals to train and evaluate your machine-learning activities. Proper machine learning requires a ton of clean, reliable data (which requires human intervention) and clever analysts to make sure the learning model is on track.

But as we talked about last week with Art Coviello, the more forward-thinking security organizations at companies are starting to deal much more in risk assessment than playing whack-a-mole with perimeter security holes. Machine learning is great for this, especially at financial institutions that are constantly under attack and need to know when they are dealing with something unique and dangerous.

At Structure Security, you’ll have a chance to listen to several experts in machine learning in security explain how machine learning can benefit your organization, or why you can probably afford to spend your security budget on more basic defenses. In addition to the panel mentioned above, Stuart McClure, CEO of Cylance, and Oren Falkowitz, CEO of Area1 Security, will talk about their work on machine learning techniques for security applications. Don’t miss this chance to separate the hype from the reality when it comes to machine learning and security.

More information on Structure Security, scheduled for September 27th and 28th in San Francisco, can be found here. You can register for tickets here.