How machine learning is helping cybersecurity solutions stay ahead of the attackers

By Barry Scott, CTO, Centrify EMEA.

  • Wednesday, 8th March 2017 Posted 7 years ago in by Phil Alsop
As attackers continue to use ever more sophisticated means to breach organisations' IT systems, the cybersecurity industry is turning to machine learning as a way of providing a more dynamic deterrent against unwanted attacks. ABI Research forecasts machine learning in cybersecurity will boost big data, intelligence, and analytics spending to $96 billion by 2021.

 

According to a new Forrester study, commissioned by Centrify,  two-thirds of organisations have experienced an average of five security breaches in the past two years. As a result, countless usernames and passwords have been stolen, which in turn increases the risk of further breaches. What makes attacks like these so powerful is their perfect disguise. Attackers “look” just like legitimate users and consequently raise no suspicion because all the IT Department sees is regular user activity. For these attacks to be thwarted, security solutions must stay one step ahead of the infiltrators and this is where machine learning comes in.

 

Cybersecurity solution providers have recognised the role that machine learning can play in breaking the cycle of account exploitation and impersonation and it is now being used in identity and access management (IAM) software to help with user authentication. For example, by continually assessing risk based on constantly evolving user behaviour patterns, a risk score is assigned which enforces an appropriate action during authentication, such as whether access should be granted, multi-factor authentication should be required, or if the user should be blocked entirely.

 

For IT, machine learning speeds up the analysis process and greatly reduces the resource required by businesses to assess risk across today’s hybrid IT environment, and thus stops attacks that lead to data breaches. Machine learning also alleviates the need for IT to manually maintain policies across all endpoints including apps, resources and services.

 

Furthermore, machine learning is helping to improve the user experience rather than hinder it. By assigning a score based on behaviour, low risk users can continue with frictionless access, which improves productivity but maintains high levels of security. The flip side to this risk access based approach means that high-risk threats can be blocked as they are attempted - for example If an attacker attempts to leverage an outsourced IT credential from an unknown or previously unseen device, access can be blocked entirely, stopping the attack before it can gain traction.

 

Machine learning in conjunction with identity management solutions serves as a very welcome layer of protection for organisations wanting to bolster their defences against cyber-attacks and the danger of data breaches.