Machine Learning and Cyber — Trusting the System will be Key

Paulo Shakarian Sep 18, 2018 12:18:39 PM

There is much discussion about machine learning applied to cybersecurity. Many believe that machine learning will ultimately revolutionize the industry. As IT infrastructure becomes more complicated and intelligence, network traffic, and log data become more difficult to deal with — even with the best analytical tools — machine learning may not be just “a solution”. It may be the only solution.

There is a problem with many machine learning techniques though. Many act as a “black box”. How can one trust the results of such a system?

But wait, what about false positive rate — let’s say the system has a false positive rate of 10% — shouldn’t we just trust it most of the time?

But the issue is more nuanced than that. Let’s suppose we buy the system with the 10% false positive rate. Over three months, it actually did a lot better — it had only a 5% false positive rate. But then month 4 happens — and the false positive rate for that month goes to 15%.

So, did it break? Or should we just have expected this as it was performing above specification for so long?

It could have been either. If something fundamentally changed, then the drop in accuracy is serious. The whole system could potentially become useless in such a case. However, if there was not a fundamental change, and it was just an “off month” then we should expect the false positive rate to return to the original specification.

The key is knowing the difference. The problem is that many systems do not offer that level of transparency. However, there are various methods that can help with this — and we can expect that, as machine learning evolves, many of these solutions will start to trickle into the market.

SOC-as-a-Service Becomes an Attractive Option for IT Providers

Paulo Shakarian Sep 17, 2018 8:53:33 PM

The other day, we discussed how the cybersecurity labor crunch will lead to increased business for various cybersecurity service providers (MSSP’s) and how MSP’s, VAR’s, and other providers can also capitalize on this growing market.

But they must build a security practice. This could take time, and a competing IT reseller or service provider could beat them to the punch.

As we mentioned earlier, traditionally complementary VAR’s and service providers may soon be in competition with respect to cybersecurity services.

But there’s a natural strategy — and that is to resell services. After all, IT VAR’s, hosting providers, and MSP’s have adopted resale as a primary driver of their revenue.

To meet this need, we’re seeing a variety of firms offer SOC-as-a-service to help VAR’s and MSP’s augment their solution suite with security to meet customer needs.

A typical starting point is the Security Operation Center, or SOC. SOC-as-a-service is now being commonly resold. A bare-bones SOC-as-a-service will consist of managed SIEM or firewall. But many have moved well beyond that to support growing cybersecurity needs in an enterprise. Regular vulnerability scans, audit support, incident response, and threat intelligence are common capabilities that are now being included.

A successful security program must be unified and directed against the threat. Hence, we expect most businesses will look to a single managed security provider for a solution as opposed to many. This will further drive existing IT VAR’s and MSP’s to create a more complete solution suite. It will also lead such providers to seek key differentiators.

Keep up with us on this blog as we will continue to explore the evolution of the cybersecurity market, among other topics.

The Instagram Hack and a Rising Tide of Social Media Cyber Threats

Paulo Shakarian Aug 27, 2018 7:10:10 PM

Photo by Erik Lucatero on Unsplash

This morning it was reported that hundreds of Instagram users attempted to login only to find their passwords not working. Analysts suspect a botnet targeting Twitter users.