Data analytics and machine learning can be very empowering for security, but don’t lose sight of your true goal when using them.
In work as an IT auditor, a security investigator, or threat analyst, there is a common need: they have to “tell the story” of a risk, incident, or threat to make change happen. The story must have impact to motivate action, but how many security practitioners feel they do that consistently? Is it the tools, the training, or both? There is a shared responsibility in telling the story.
Telling the security story is no different than telling any other story. People must be able to follow the order of events in the narrative. As this is not fantasy, they have to remain credible with the plot, characters, and detail at each step. Besides using one’s own credibility, the audience has to take away some internal insight; if not, then the writing is stereo instructions, not a story.
Data analytics and machine learning give people powerful tools to help tell these stories. They can make the story more concise, provide unexpected plot points to include, and definitely increase the amount of insight the audience takes away. However, it is by far better to use it to enhance than relying solely on it to motivate the user.
There are other useful things that allow you to tell the security story well. First, build the story out of small and objective observations; these can be tied together through the narrative. Next, treat it like a conversation, not a one direction sales pitch, allowing time to solicit questions and/or input. Don’t get lost in the details of background in the beginning, make sure each point of detail can be correlated to another pivotal point in the story . Lastly, don’t skip to the end: make sure to take the audience along for the journey or they won’t be there when they are needed.
How do machine learning and data analytics make the difference? They allow the focus to move from hundreds of lines of data into just a few. Machine learning’s output is an objective voice to the data. Above all, having a centralized theme, with occasional pivots into deeper detail (raw logs, for example), is a powerful way to tell the story with success.
At JASK, we have created a product that uses the power of machine learning and data analytics to tell the best story in the cyber security world. As the Chief Data Scientist and Director of Products, my experience and knowledge get translated into tools for security practitioners worldwide.