The dichotomy of man versus machine in disruptive technology is seeing the lines blur in MIT startup PatternEx and their machine learning-powered strategy to defend against cyberattacks. The speed at which machine learning can crunch data is working in concert with human analysts who can utilize the data effectively.
“Most machine learning systems in cybersecurity have been doing anomaly detection,” said Kalyan Veeramachaneni, a co-founder of PatternEx and a principal research scientist at MIT. “The problem with that, first, is you need a baseline [of normal activity]. Also, the model is usually unsupervised, so it ends up showing a lot of alerts, and people end up shutting it down. The big difference is that PatternEx allows the analyst to inform the system and then it uses that feedback to filter out false positives.”
So far, the results have proven beneficial with increased analyst productivity, according to a MIT report. PatternEx’s Virtual Analyst Platform “successfully identified 10 times more threats through the same number of daily alerts, and its advantage persisted even when the generic system gave analysts five times more alerts per day.”
More importantly, the strategy is seamlessly integrating machine learning with human expertise thereby alleviating the notion that machines are taking over humans’ jobs.
“A lot of the problems people have with machine learning arise because the machine has to work side by side with the analyst,” Veeramachaneni says, noting that detected attacks still must be presented to humans in an understandable way for further investigation. “It can’t do everything by itself. Most systems, even for something as simple as giving out a loan, is augmentation, not machine learning just taking decisions away from humans.”
PatternEx’s Virtual Analyst uses machine learning models to sift through more than 50 streams of data in order to locate suspicious behavior. That information is then used by the analyst to discern whether abnormal behavior represents a cyberattack.
“Before machine learning, someone would catch an attack, probably a little late, they might name it, and then they’ll announce it, and all the other companies will call and find out about it and go in and check their data,” Veeramachaneni says. “For us, if there’s an attack, we take that data, and because we have multiple customers, we have to transfer that in real time to other customer’s data to see if it’s happening with them too. We do that very efficiently on a daily basis.”
Cybersecurity Exposure via ETFs
For a cybersecurity tilt, ETFs to consider are the First Trust NASDAQ Cybersecurity ETF (NYSEArca: CIBR) and the ETFMG Prime Cyber Security ETF (NYSEArca: HACK).
First up, CIBR seeks investment results that correspond generally to the price and yield f an equity index known as the Nasdaq CTA Cybersecurity IndexSM. The index is comprised of securities of companies classified as “cyber security” companies by the CTA.
Next, HACK seeks investment results that correspond generally to the price and yield performance of the Prime Cyber Defense Index. The index tracks the performance of the exchange-listed equity securities of companies across the globe that (i) engage in providing cybersecurity applications or services as a vital component of its overall business or (ii) provide hardware or software for cybersecurity activities as a vital component of its overall business.
For more market trends, visit ETF Trends.