Information security is a prime candidate to be enhanced by Machine Learning
Information Security tends to create an awful lot of data. Not only do all of your security controls provide log and status data but most of your systems will also produce log data which is at least partially applicable to security. Analysing that data and getting useful insights from it can be a bit of a challenge however. Initially SIEM technology was developed to provide simple correlation of specific alert events and to visualise trends in particular data types but whilst that improved security from where ti had been before, it hardly put the good guys out in front!
The use of statistical and Machine Learning methods allowed the creation of UEBA systems. Able to model trends in behaviour initially for users and then for systems and applications, these tools provided a real advantage to security operations teams. Later versions of these tools also provided full user and entity timelines as well as automation of response, taking much of the drudgery away from hard pressed security professionals.
One of the most important forms of data which is often overlooked is contextual data. Information about the users and entities being monitored can provide valuable information to analytics systems, identifying peer groups for behaviour, owners of systems and other information to enhance base monitoring data.
All of this gives the budding Security data scientist a wealth of opportunity to identify abnormal behaviour or potential threats to an organisation. This site is dedicated to provide help and support to those building their own SIEM, UEBA system or just analysing activity logs collected in another system.