Machine learning has arguably had the largest impact on prevention and detection technologies. The ability to continually learn what’s “normal” in behavior, traffic patterns and usage across an organization’s environment helps machine learning-enabled tools to be more effective in finding and preventing new attacks. For security operations practitioners, this makes machine learning an important ally in the identification of threats and the proactive blocking of known bad activity so more focus can be placed on investigation and incident response.

Machine learning detection uses mathematical algorithms and statistical models to find and identify patterns, both benign and malicious, in an organization’s network security. There are two main types of machine learning detection: supervised machine learning and unsupervised machine learning. Supervised machine learning detection is based on manual human feedback whereas unsupervised machine learning detection groups together all related evidence and then investigates them to find out whether they are indicative of an attack or not.