Supervised Learning is a machine learning approach used for classification and prediction across data sets – and can be a huge boost in the world of cloud security. As security teams continue to deal with a cloud-based approach to business and remote-working challenges, an increasing recognition is surfacing: Using only unsupervised learning to protect cloud-native infrastructure. As vulnerability, threat, and attack parameters become increasingly sophisticated, so too must intrusion detection.
According to Chris Ford, RVP Engineering at Threat Stack, an F5 company, there needs to be more than just capturing and pointing out outlier behavior. “Supervised learning makes predictions on behavior and delivers the most relevant alerts to a security team.”
Simply having anomaly detection isn’t enough. Supervised learning can surface “the bad in the normal,” or in other words, deliver the most relevant and prioritized alerts to SecOps, DevOps, and other cloud security teams, allowing them to focus on what’s vital. Supervised learning is a prioritization engine that gives a security team the confidence that they are addressing only the most pressing threats to the business.
Supervised ML or Deep Learning is so new in the cloud-security industry, it’s only starting to be realized and discussed. Chris Ford recently presented an in-depth webinar on how organizations can access the benefits of supervised learning to automate and reduce human toil in cloud security, through tuning, training, triage, and review of alerts that come through automation.
In the webinar, Ford outlines how combining detection techniques allows you to reduce human toil in cloud security, without missing behaviors that are critically important. It’s available now for viewing: Machine Learning Done Right: Secure App Infrastructure with High-Efficacy Alerts
Modern cloud security should not just be about eliminating false positives, but going a step further to catch and learn from false negatives. It’s not just reducing alerts or cutting down “alert noise.” And it’s not just about anomaly detection. By using supervised learning in our ThreatML SaaS, Threat Stack delivers high-efficacy alerts that surface only the behavior that is most important to your organization – with the context needed to take the right action immediately.
In other words, organizations looking to keep up with dynamic attacks to their environments need detection models that learn and adapt to these needs – exactly what Threat Stack offers through ThreatML.
Bottom line is that supervised learning in cloud-native security leads to high-efficacy detection through vulnerability and threat prediction, striking a balance between operational burden and reducing toil, yet having comprehensive threat detection.
For more information on how Threat Stack’s unique application of supervised machine learning can help your organization, contact us today.