Bryan Ware, Haystax Technology’s CEO and a regular contributor to Network World, today published his insights on three popular security analytics approaches – Bayesian networks, machine learning and rules-based systems – and why they don’t scale or are often too hard to work with.
Individually, these approaches have their limitations: Bayesian networks are increasingly considered ‘old-fashioned’ and not suitable for solving today’s complex security challenges; machine learning, among other things, is dependent on data and thus unable to offer solutions in cases where data is scarce, or doesn’t exist; and rules-based systems generally proliferate an excessive number of red flags (many of them false positives), which means organizations have to hire more pricey analysts to examine them.
These approaches might work across many domains, Ware writes in Part I of his latest two-part Network World blog, but they don’t work well for security analytics. What’s truly needed is a solution that “exploits the combined strengths of these approaches while also compensating for or eliminating their individual drawbacks.” So what does that solution look like? Stay tuned for Part II as Ware reveals how these systems can and should be built, combined and applied to security analytics.