Despite thousands of network security products, the history of data breaches is the highest ever. the reason? For decades, companies have focused on protecting the machine layer, which is layered defense on top of their networks, devices, and ultimately cloud applications. However, these measures did not address the biggest security issue-the organization's Own person.
Traditional machine learning methods cannot detect threats at the machine level and therefore cannot address the complexity of interpersonal relationships and behaviors between companies over time. There is no concept of "state", it is an additional variable that makes human security issues so complicated. That's why the "state machine learning" model is critical to the security stack.
People now have more control over company data and systems than ever before. With just a few clicks, employees can transfer thousands of dollars to a bank account or email 50,000 patient records in one Excel file. The incredibly small margin of error determines whether these interactions will eventually proceed as usual or completely catastrophic, which is why so many data leaks are caused by human error.
The problem is that people make mistakes, violate rules, and are vulnerable to hacking. When faced with a heavy workload, continuous interference and schedules bring us from meeting to meeting, we rarely think of cyber security. In times of stress, what we teach in cybersecurity training disappears. But a mistake can cause someone to share sensitive data with the wrong person or become a victim of a phishing attack.
Protecting personnel is particularly challenging because no two people are the same. Each of us communicates differently in natural language rather than static machine protocols. Moreover, our relationships and behaviors change over time. We establish new contacts or undertake projects. These complexities make solving human-level security issues more difficult than solving machine-level security issues-we simply cannot use "first-come, first-served" logic to organize human behavior.
We can use Machine learning Identifying normal patterns and signals allows us to spot anomalies in real time. This technology enables enterprises to detect machine-level attacks faster and more accurately than ever before.
One example is detecting when malicious actors have deployed malware to attack a company's network and systems. By inputting byte sequences from a computer program into a machine learning model, you can predict whether previously seen malware attacks are sufficiently general-purpose, while successfully ignoring any obfuscation techniques used by attackers. Like many other threat detection problem areas at the machine level, this type of machine learning application can be said to be "standard" due to the nature of the malware: malware programs will always be malware.
However, human behavior changes over time. So resolved Human error leads to data breach Requires state machine learning.
Consider an example that attempts to detect and prevent data loss due to employees accidentally sending email to the wrong person. This may seem harmless, but erroneous emails are the main cause of online data breaches reported to regulators in 2019. This is just a clumsy mistake, such as adding the wrong person to the email chain, leading to a data leak. And it happens more often than you think. In an organization with more than 10,000 workers, employees send a total of about 130 emails to the wrong people every week. More than 7,000 data breaches occur each year.
For example, an employee named Jane sent an email to customer Eva with the subject "Project Update". To accurately predict whether this email was sent to Eva or was sent in error, we need to understand-the exact time at that moment-the nature of Jane's relationship with Eva. What do they usually discuss and how do they usually communicate? We also need to understand Jane's other email relationships to see if there are prospective recipients for this email. We essentially need to understand all Until then Jane's historical email relationship.
Now, let's say that Jane and Eva are working on a project that ended six months ago. Jane recently started another project with another client, Evan. She just happened to send an e-mail accidentally to Eva, which would lead to the sharing of confidential information with Eva [not Evan]. Six months ago, our status model might have predicted that a "project update" email to Eva would look normal. But now it treats email as abnormal and predicts that the correct and intended recipient is Evan. Understanding "status" or the exact time is absolutely critical.
Why do stateful machine learning?
For "standard" machine learning problems, you can feed raw data directly into the model, just like the byte sequence in the malware example, which can generate its own capabilities and make predictions. As mentioned earlier, this application of machine learning is invaluable for helping companies quickly and accurately detect threats at the machine level, such as malicious programs or fraudulent activities.
However, when people use digital interfaces such as email, the most complex and dangerous threats occur at the human level. For example, to predict whether employees are leaking sensitive data or determining whether they have received mail from a suspected sender, we cannot simply provide raw email data to the model. It cannot understand the status or context in the personal email history.
With state machine learning, we can look at each employee's historical email data set and calculate important functions by summarizing all relevant data points before that moment. We can then pass them into a machine learning model. Time variables make this task a breeze. Now, features need to be calculated outside of the model itself, which requires a lot of engineering infrastructure and a lot of computing power, especially if you need to make predictions in real time. However, without this type of machine learning, it means you will never really protect your employees or the sensitive data they access.
People are unpredictable, error-prone, and training and policy don't change this simple fact. As employees continue to control and share more sensitive company data, businesses need a more robust, people-centric approach to cybersecurity. They need advanced technology to understand how individuals' relationships and behaviors change over time in order to effectively detect and prevent threats caused by human error.
Ed Bishop is co-founder and CTO Texian.
Sponsored articles are content produced by companies that pay or have a business relationship with VentureBeat and are always clearly marked. Content produced by our editorial team is never affected by advertisers or sponsors. For more information please contact firstname.lastname@example.org.