Haystax Technology CEO Bryan Ware has written the second of a two-part series on how three well-known security analytics approaches can be vital tools for organizations and security analysts, provided they are thoughtfully built, combined and applied.
Ware, writing as a regular contributor to the respected Network World blog, describes how Bayesian networks, machine learning and rules-based systems can be integrated to perform predictive security analytics “at a tempo and scale that no human analyst, or even a roomful of them, could long endure.”
The first article in the Network World series focused on the inherent drawbacks of each approach. In this second piece Ware focuses on an approach that starts with building a Bayesian model of a particular security problem — say, insider threat — and then applying machine learning and rules-based techniques to data that is applied to the model.
“For any solution to be effective,” Ware notes, “it must begin with a thorough grasp of the problem the user is trying to solve, not by hunting for answers in masses of data.” With the right models, he adds, both direct rules and probabilistic inference can operate side by side, and they can be integrated to create easily traceable, transparent and generalizable facsimiles of any security problem. Machine learning and data science techniques can then be applied in simple and separable cases.
Based on Haystax’s patented model-first approach to security analytics, our Constellation Analytics Platform™ reasons like a team of expert analysts at scale to precisely identify the greatest threats to an organization’s critical systems, data, facilities and people, even when the indicators are hard to detect and regardless of whether the behavior is malicious, negligent or inadvertent.