How Machine Learning Gains New Insights from Network Logs

Network logs feature everything one might think: a list of all the traffic, hits, pings, and other activity that occurs. The data tells a story of what happened on the network, but sometimes those messages can be difficult to decipher because of the sheer volume of data. With so many data entries, important events can sometimes be missed, not to mention larger trends that can signal malicious activity.

That is where machine learning-based log processing can bring value. This tool, part of Symantec Endpoint Security, uses artificial intelligence and machine learning methodologies to make sense of the data kept in these logs. Not only can machine learning help identify past incidents but can be trained to spot different trends and patterns, and alert those running the network. Symantec’s Risk Teller, in particular, shows how much more this technology can do.

Innovation and Machine Learning

Federal agencies have long used systems management tools to help make sense of this log data. These existing systems, though, only provide a partial solution. There is so much log data created that agencies need larger analytic platforms to truly make sense of it. There is simply too much data for human analysts to work through.

This is where machine learning-based log processing can provide value. Machine learning-based log processing serves as a multi-layered approach to threat assessment, taking into account a file’s static attributes, dynamic behaviors, and its relationships with other files to draw deeper insights.

The insights may include past breaches, unusual behavior that is cause for concern, or potential risk areas that have not been exploited yet, but may cause a problem in the future.

The machine learning aspect is key. Machine learning technologies can be “taught” to look for certain trends based on past data models. These templates can be used to find vulnerabilities in current data. Machine learning can also take current data threats and create models to find similar vulnerabilities. It provides a new way to look for potential risks, helping agencies avoid breaches and negate malicious activity.

The Innovation Push

Machine learning-based log processing is just one area of innovation in the cyber security space. Symantec detects advanced attacks by generating huge amounts of telemetry data and running advanced analytics on it. And, according to a recent Symantec blog post, “Machine learning makes our endpoint solutions that much smarter. It makes our network solutions smarter. But we're also leveraging intelligence from all our products to create a Security Operation Center (SOC) workbench where we can help the SOC analysts be almost superhuman with bionic intelligence reinforced by machines operating at a scale that people can't really wrap their head around. By doing all of that we multiply the effectiveness of everybody on our Symantec team.”

As hackers and malicious actors continue to innovate new ways of attack, so must those that defend those networks. Sadly, there is never an end state for cyber security and those that hold lots of valuable data must continually work and make improvements to keep that data secure.

Innovation in the cyber security space can help agencies maintain their security posture. Hackers know how to defeat older defense technologies. It is up to agency IT professionals to leverage new innovations in cyber security to keep their data secure, and incorporating machine learning capabilities will serve as a force multiplier to aid security analysts in their fight against hackers.