Security Market Segment LS
Friday, 08 February 2019 16:51

Machine learning can assist security teams: ExtraHop

ExtraHop director of security Barbara Kay ExtraHop director of security Barbara Kay

"Machine learning is here to stay" as a way of getting value from existing security-related data, ExtraHop director of security Barbara Kay told iTWire.

But "a lot of people claim [their product incorporate] AI but don't deliver on it", she observed.

AI is not always the best fit in a security context, suggested Kay. In general, there is a need to automate and manage risk effectively, and doing the wrong thing can be worse than taking no action – you don't want AI to break your business by shutting down a crucial service, she said.

If an automated system detects suspicious activity, a common response is to shut down or isolate that component. That's fine if it is just one PC in your contact centre, because all the other agents can keep working.

But when the suspect computer is part of a wider system (eg, a Web server that's part of an ecommerce site along with a database server and other elements), it's important to understand the interdependencies before taking action, especially if restarting the overall system is a complex process.

Weak information leads to more false positives, and each decision made on the basis of weak information increased the risk of a bad outcome, she said.

Machine learning does have a part to play in maintaining security, but it should be "just in there" in much the same way as a driver doesn't think about a car having anti-lock braking.

Traditionally, most of the effort has gone into the prevention part of IT security, said Kay. But there's an increasing realisation that detection and response needs more attention.

Network traffic — if appropriately analysed — can provide useful information for the detection piece, especially as intruders increasingly know how to alter, disable or delete logs.

ExtraHop's approach, which comes from its background in performance management, is to take a copy of network traffic for analysis. That way, "they [intruders] don't know you're there", Kay explained.

This data provides "a strong foundation" for advanced analytics, and in turn those analytics go beyond detection to suggest possible courses of action.

This makes it easier for staff to explore situations, and allows them to investigate a larger number of alerts.

Traffic analysis "makes good business sense" for some organisations, said Kay, but it hasn't been seen as a priority until recently. Now, organisations have a better idea of risks and costs, and "the downside of going down".


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments