Andrea Danti - Fotolia

Cybersecurity machine learning moves ahead with vendor push

Bloggers explore the growing role of cybersecurity machine learning, the capabilities of Microsoft's containers and how well SIEM works for threat detection.

Cybersecurity machine learning is growing in popularity, according to Jon Oltsik, an analyst with Enterprise Strategy Group Inc. in Milford, Mass. Oltsik attended the recent Black Hat conference, where technology vendors were abuzz with talk of cybersecurity machine learning.

ESG research asked 412 respondents about their understanding of artificial intelligence (AI) and cybersecurity machine learning, which revealed that only 30% said they were very knowledgeable on the subject. Only 12% of respondents said their organizations had deployed these systems widely.

According to Olstik, the cybersecurity industry sees an opportunity, because only 6% of respondents in surveys said their organizations were not considering AI or machine learning deployments. He said companies will need to educate the market, identify use cases, work with existing technologies and provide good support.

"I find machine learning [and] AI technology extremely cool but no one is buying technology for technology sake. The best tools will help CISOs improve security efficacy, operational efficiency, and business enablement," Oltsik wrote.

Read more of Oltsik's thoughts on cybersecurity machine learning.

Microsoft leverages Kubernetes backing for containers

Microsoft is positioning itself to fight back against the success of Amazon Web Services, according to Charlotte Dunlap, an analyst with Current Analysis in Sterling, Va.

The company launched a new container service and joined the Cloud Native Computing Foundation (CNCF) amidst earnings reports indicating that its Azure platform is outcompeting Salesforce and other providers. Microsoft unveiled a preview of its Azure Container Instances service in a bid to support developers who want to avoid the complexities of virtual machine management.

Dunlap said the announcement is significant because companies are still reluctant to deploy next-generation technologies incorporating containers and microservices, despite their advantages. In particular, Dunlap said providers should focus on explaining the cost-benefit ratios associated with refactoring departmental apps into containers.

By joining CNCF, meantime, Microsoft is "shunning" Amazon in the enterprise cloud market. "Expect to see a lot more platform service rollouts involving containers, microservices, etc., later this year during fall conferences in which cloud rivals continue to attempt to one-up one another," Dunlap wrote.

Dig deeper into Dunlap's thoughts on Microsoft's support for containers.

SIEM for threat detection

Anton Chuvakin, an analyst with Gartner, said security information and event management, or SIEM, is not the best threat detection technology on its own. Based on conversations through Twitter, Chuvakin learned that many network professionals view SIEM as a compliance technology. Chuvakin said he sees these individuals as taking a viewpoint nearly 10 years out of date or perhaps struggling with bad experiences from failed SIEM implementations in the past.

Chuvakin said he uses SIEM for much of his threat detection tasks, but also uses log and traffic analysis, as well as endpoint visibility tools, almost equally. In his view, threat detection that focuses too heavily on the network and endpoints suffer serious security challenges unless they are coupled with log monitoring.

"Based on this logic, log analysis (perhaps using SIEM ... or not) is indeed 'best' beginner threat detection. On top of this, SIEM will help you centralize and organize your other alerts," Chuvakin wrote.

Explore more of Chuvakin's thoughts on SIEM.

Next Steps

Machine learning for cybersecurity advances

Trends in SIEM tools

Learn to evaluate machine learning cybersecurity products

Dig Deeper on Security operations and management