SCOTTSDALE, Ariz.—Time to level the fraud playing field, says one analyst, who insists the only way for companies to do that is with machine learning applied to cyber defenses.
In a recent interview with Third Certainty, Shehzad Merchant, Gigamon chief technology officer, described the situation that faces business today.
“We’ve got to level the playing field … today, it’s machine versus humans,” Merchant told Third Certainty. “Organizations have to throw technologies, like machine learning into the mix, to be able to surface these threats and anomalies.”
Merchant told Third Certainty that there is so much data flowing into business networks that figuring out what’s legitimate vs. malicious is a “daunting” task.
“This trend is unfolding even as the volume of breach attempts remain on a steadily rising curve,” he said. “It turns out that cyber criminals, too, are using machine learning to boost their attacks. Think about everything arriving in the inboxes of an organization with 500 or 5,000 employees, add in all data depositories and all the business application depositories, plus all support services; that’s where attackers are probing and stealing.”
Merchant emphasized that machines are suited to assembling detailed profiles of how employees, partners and third-party vendors normally access and use data on a daily basis.
“It’s not much different than how Amazon, Google and Facebook profile consumers’ online behaviors for commercial purposes. You have to apply machine learning technologies because there is so much data to assimilate,” Merchant told the publication.
Merchant said that machines can be assigned to do the first-level triaging—seeking out abnormal behaviors.
“Given the volume of data handling that goes on in a normal workday, no team of humans, much less an individual security analyst, is physically capable of keeping pace,” he told Third Certainty. “But machines can learn over time how to automatically flag events like a massive file transfer taking place at an unusual time of day and being executed by a party that normally has nothing to do with such transfers. The machine can raise a red flag—and the security analyst can be dispatched to follow up.”