Machine learning is cybersecurity’s latest pipe dream, but can it fulfill its promise?

Can an algorithm reliably find the needles and give us the confidence to discard the haystack of data that represents normal activity? A recurring claim at security conferences is that ‘security is a big data / machine learning (ML) / artificial intelligence (AI) problem’. This is unfortunately wildly optimistic, and wrong in general. While certain security problems can be addressed by ML/AI algorithms, in general the problem of detecting a malicious actor amidst the vast trove of information collected by most organisations, is not one of them. Our faith in AI is based on personal experience (‘everything cloud is big data and good’) and the memes of the consumerisation era. It is tempting to project this optimism into an enterprise context: the idea that it ought to be possible to…


Link to Full Article: Machine learning is cybersecurity’s latest pipe dream, but can it fulfill its promise?