Defining the Value of Machine Learning for Endpoint Protection

Computer Business Review recently published an interview with CrowdStrike® Chief Scientist Dr. Sven Krasser, “Machine learning in cybersecurity: The first line of defense against modern threats,” in which he explains the important role machine learning plays in defending against today’s most challenging cyber threats.

Machine learning is not a new technology, however, it seems to be experiencing a rebirth of sorts with many security vendors promoting it as part of their solution offerings. In the interview, Dr. Krasser makes the point that in addition to being a vital tool in combatting today’s threats, machine learning allows us to gain more value from data and intelligence.  As he points out, having access to enough data to properly train the system is crucial in developing machine learning as a first line of defense.

The following are some key points from the interview:

  • Machine learning can be a force multiplier for cybersecurity teams if it’s properly set up and managed.
  • Exploitation techniques that leverage trusted processes are on the rise and they are particularly difficult for traditional approaches to detect. Machine learning that is augmented with behavior-based analysis can be an effective tool against this class of threat.
  • Machine learning is only as good as the data that’s fed into it because it can’t create knowledge, it can only extract it. Most organizations lack the scope and size of data and the threat telemetry required to make machine learning a worthwhile pursuit.
  • The ability for machine learning to scale rapidly and handle huge volumes of data can’t be replicated by humans. No organization is capable of manually analyzing the amount of data required to make detection effective, especially for advanced threats where more data is needed to recognize trends and patterns.
  • The machine learning that is part of CrowdStrike Falcon® endpoint protection is unique because it’s based on cloud-native architecture with data generated from 40 billion events daily — and that number continues to grow. This collective, crowdsourced knowledge allows threat intelligence to be aggregated and updated instantly.

Visit Computer Business Review (CBR) to read the interview in its entirety. To learn more about machine learning and how CrowdStrike implements it as part of its comprehensive endpoint protection, read the white paper “The Rise of Machine Learning in Cybersecurity.”

Related Content