Imagine two cars are racing. The first is a Ferrari, while the second is a 1999 Ford Taurus. The comparison seems unfair, yet this is one way to view the relationship between today’s government IT environment and IT expectations. The Ferrari represents government employee and citizen expectations for security and reliable data access. The Ford Taurus represents aging government networks that cannot keep pace with a wide variety of emerging security threats. In the current vehicles, it’s an impossible race to win.
However, this scenario doesn’t need to be the case. Machine learning in the network can help detect and negate attacks. Similar to the idea of automatically upgrading the engine in the Ford Taurus, weaving real-time intelligence via machine learning into the network infrastructure can help keep pace with emerging threats. In a world where attacks can occur at any time, the network needs agile defensive and offensive capabilities. With machine learning built into the network, a heightened level of awareness is integrated in to your environment to address zero-day threats as well as other service disruptive anomalies.
While many machine-learning capabilities are still being developed, this is the time for agencies to prepare. Government should take three steps to leverage machine learning for your network within the next few years.
In rapidly advancing areas like machine learning, government benefits by partnering with industry for new insights and research. Research can improve understanding of the algorithms that drive dynamic, machine learning-based security models, yet this work can be time consuming and expensive for agencies to conduct alone. Unlike identity-based security, a dynamic security model relies on behavior to determine whether a security threat is present or if a user’s identity has been compromised. As machine learning advances, such applications will become more accurate, improving the government’s networking security posture.
Step Two: Build Automation & Visibility into the Network
Even before machine learning can have a widespread impact on government, machine learning-enabling technologies must be selected, within the network. This begins with software overlays that can provide the automation and visibility for a network infrastructure to function with minimal human intervention.
From a security perspective, the network can recognize malicious traffic based on abnormal patterns or behavior, an ability that will improve with machine learning. However, current networks often cannot take further action to resolve the issue. This can be compared to putting a hand on a hot stove, noting that it’s hot, but needing another person to come and remove the burning hand from the stove. Automation would remove the hand automatically without assistance, making machine-learning insights applicable in real time. This is key in addressing zero-day threats both internally and externally.
Step Three:Prepare Culturally
Finally, government agencies will need to address cultural concerns with the right guidelines. In an ideal scenario, the network would detect an attack and be trusted without human intervention to stop it. The question becomes will IT administrators trust the network to make the correct decision? In order to instill this trust, agency IT administrators and architects need to be included when deciding which algorithms to use and which attributes should result in immediate action on the network. By engaging IT personnel early in the process, increased confidence in the network’s security detection and response decisions will enable the best possible outcome.
We are on the cusp of redefining security thanks to both machine learning and advanced network automation. By moving to a dynamic security model we can stop sophisticated insider threats and emerging security vulnerabilities.
To learn more about building machine learning into government networks, visit our eLearning course on machine learning here.