
DigitalVision/Getty Images
Can AI/ML solve the problems in InfoSec in 2018? originally appeared on Quora: the place to gain and share knowledge, empowering people to learn from others and better understand the world.
Answer by Hyrum Anderson, Technical Director of Data Science at Endgame, on Quora:
Can AI/ML solve the problems in InfoSec in 2018?
Before I bring out my crystal ball on what problems AL/ML might solve in 2018, let me just categorically state that: (1) ML can be really useful for detecting “unknown threats”, but (2) I don’t believe that ML is going to be a silver bullet panacea for all security problems in 2018. Rules and signatures and IOCs and threat intelligence and especially hard-working infosec professionals are all going to be critical for solving infosec problems in 2018.
To be more concrete, here are a few challenges in 2018 that I think ML can help with. My colleague, Amanda Rousseau, recently forecasted what she thought would be the security problems of 2018. I’ll cherry-pick a couple that I think ML can really help with, albeit (as in the previous paragraph) not as a do-it-all panacea.
- “Assume you’ll be breached.” ML can help provide more comprehensive context-rich detections of the few bad actors already in your network. Compromises will continue in 2018, and machine learning will continue to grow in intelligent sifting through alert information to detect them. And in some cases, the ML can help the security team automatically or semi-automatically resolve them.
- Social Media and Phishing Attacks. Unfortunately, I think this is one area in which an adversarial actor using ML has the upper-hand: ML might be creating some of the problems here in 2018, but also, ML will be used more for detecting social media manipulation and automated phishing and spear-phishing attacks.
- Ransomware. It isn’t going away. This is one area where ML isn’t required to get pretty good detection. But it can help. Since ransomware always has to encrypt your files (a behavior that can be monitored) in order to set up the ransom, rules and ML tools can be used to try to determine when such disk activity is indicative of something malicious. The hope is that ML might do a better job than rules of detecting new behavioral signatures as evil. (Of course, the best practice, still, is to back up your sensitive data!)
This question originally appeared on Quora - the place to gain and share knowledge, empowering people to learn from others and better understand the world. You can follow Quora on Twitter, Facebook, and Google+. More questions: