Reducing Blind Spots in Cybersecurity: 3 Ways Machine Learning Can Help

Faced with an expanding attack surface and limited resources, security teams can apply machine learning to prioritize business risks and help predict what attackers will do next.

In today’s cybersecurity landscape, gaps in your visibility are inevitable. If you’re like most infosec professionals, your reality looks something like this:

• A larger attack surface to protect: You are tasked with protecting widely dispersed computing assets due to increases in cloud adoption, remote work and connected devices.
• More vulnerabilities to track: The number of new vulnerabilities to defend against continues to rise, with 18,358 new CVEs reported in 2020, continuing a 36.6% average annual percentage growth rate over the last five years.
• A shortage of resources: As many as 70 percent of cybersecurity professionals believe their organization has been impacted by the global cybersecurity skills shortage.

The basic calculus here is obvious: More assets to protect, more vulnerabilities to remediate and a lack of resources with which to do it. As a result, data science is playing a larger role in cybersecurity, with the application of artificial intelligence and machine learning accounting for nearly half of new industry patents filed worldwide in the last four years.

Machine learning helps security teams work smarter

Since enterprises need their operations to move faster than human speed or available resources allow, machine learning is quickly becoming the technology of choice. 

In this approach, data scientists train algorithms, with varying degrees of supervision, to find valuable patterns in vast data sets. Thanks to the ability for algorithms to learn and scale, enterprises are already deploying or exploring their use in many areas of the organization: 

• In marketing, machine learning helps analyze the vast amounts of data generated by online marketing and customer interactions
• In research and development (R&D), machine learning helps businesses identify areas to explore and pinpoints potential dead ends faster
• In operations, machine learning helps increase the efficiency, accuracy and speed of business processes related to application approvals and customer service requests

Cybersecurity presents similar challenges to these areas: There is simply too much data — and too many disparate tools — to maintain adequate visibility and respond in an effective and timely manner. There may also be assets you cannot regularly scan or patch, due to the need to maintain uptime; nevertheless, your organization must find a way to forecast the likely risk those assets might pose at any given time.

Machine learning provides a mechanism for improving visibility and predicting urgent risks, and it delivers these capabilities with a speed and scale humans alone cannot replicate. Let’s examine three scenarios where data-powered predictions can help your cybersecurity team focus resources where they can have the biggest impact. 

Predict which vulnerabilities attackers will exploit next

Your organization’s attack surface is not only expanding — it’s also becoming more diverse and more transient in nature. Containers, multi-cloud and connected devices are common in many IT infrastructures. 

Security teams need a method for prioritizing vulnerabilities to ensure their resources are properly aligned with the risks they face. Legacy methods have typically used the Common Vulnerability Scoring System (CVSS), which measures the technical severity of vulnerabilities but not the risk they pose. CVSS offers only a static number, and it doesn’t help prioritize vulnerabilities as they attract more attention and their exploits mature.

Machine learning algorithms can help monitor the activity around vulnerabilities — such as the availability of exploit kits, chatter on the dark web or recent threat activity — and update prioritization on a daily basis, helping security teams make informed decisions about where to devote resources and address vulnerabilities. In fact, this risk-based approach has proven to be as much as 22 times more efficient at reducing vulnerability risk than legacy prioritization methods.

Relying on CVSS or human security analysts to deliver vulnerability prioritization and visibility leaves open the possibility that you’ll prioritize vulnerabilities that pose little risk to your organization and miss exposures that could cripple essential business functions. Adding in data science and machine learning can give you the scale and scope you need to make informed decisions, allowing you to find and fix the vulnerabilities that matter most to your organization.

Evaluate which business-critical assets might be affected 

IT organizations increasingly operate as business enablers, helping deliver the capabilities business units need to serve customers. Under this model, IT projects are often prioritized based on their business impact. Similarly, IT security teams can apply better protection against vulnerabilities by better understanding the potential business impact. 

Knowing the type of asset affected by a vulnerability, its capabilities and business purpose, and its internet exposure, for example, can help IT security teams predict the impact a vulnerability may have on key business functions.

Often deployed through a mix of manual tagging and automated scores, this asset criticality layer can further prioritize your remediation efforts. For example, it can help defenders elevate low-severity vulnerabilities affecting an essential data server or cloud application, critical exposures that might have otherwise flown under the radar. 

Identify the riskiest areas of your network that need attention

Few security teams have the ability to thoroughly assess every vulnerability on every asset across their network. In fact, one of the biggest barriers to visibility is that, on average, nearly 60 percent of enterprise assets receive only limited external scans. This leaves a sizable blind spot when trying to understand the vulnerability of assets where credentials are not available for full discovery through scanning. 

As we all know in security, what you don’t know can hurt you. Machine learning can help organizations better understand the risks associated with unknown devices by using the information you do know to predict the level of likely risk. 

Using what information is available — for example, asset features, operating system, number of open ports or, if available, previous scan history — machine learning can predict the exposure of “unknown” assets based on lookalike asset averages. These predictions can illuminate high-risk areas of your attack surface that warrant immediate and more thorough assessment.

Put machine learning to work for your security organization

Machine learning is key to protecting critical business assets in today’s environment.

Right now, security teams too often struggle from gaps in visibility. There are gaps around vulnerability prioritization; gaps around the potential business impact of particular risks; gaps around the full exposure of devices and assets deployed in your environment. 

It’s time to put machine learning to work on your behalf, increasing your visibility and prioritization efforts, and strengthening the level of protection for your most critical assets.