We were fortunate to welcome Major James Lindsay, Chief Architect and Engineer for end point at the Department of National Defence (DND), during the 2019 Forensik Conference, a conference dedicated to the management and response to cybersecurity incidents. Expert in artificial intelligence, he intervened to explain how to use and exploit the potential of machine learning for cybersecurity and incident response. It was also a great opportunity to speak with him for INTRASEC, the cybersecurity channel of In Fidem.
Like many organizations, the DND holds highly confidential data that it must protect.
The Department’s priorities are the following:
- The fight against data extrusion;
- The Ability to respond effectively and quickly to attacks.
For this, various means have been put in place such as the security standards of all computers (encryption of hard disks), facial recognition tools to ensure that it is the right user in front of each computer station and many more.
The department also uses machine learning to detect potential threats and proactively prevent incidents.
Machine learning is able to analyze a large volume of data in order to recognize patterns of attack. Analyzing that much information would be a difficult task for a human being.
In addition, Major James Lindsay explains that enough data is needed to train and improve machine learning in order to distinguish real attacks (false negatives) from events that do not constitute real threats (false positives).
This said, if incidents repeat themselves, patterns of attacks are identified. Incident response teams thus learn from past experiences to streamline procedures in playbooks.
The purpose? Use machine learning to help work efficiently and in a standardized way to reduce the average time to remediate a cyber incident.