Machine Learning & Threat ProtectionDamballa's Newman on How to Put Data Analytics to Work
When it comes to advanced threat protection, security leaders increasingly turn to new machine learning solutions. Stephen Newman of Damballa discusses key skills and strategies necessary for success.
His first bit of advice: Understand exactly what machine learning is and how it works best in an enterprise security environment.
"In my experience, most [security leaders] really don't understand machine learning, beyond the general concept that a computer predicts some outcome based on data," says Newman, VP of products at Damballa.
The best analogy is to compare machine learning to the human brain. "Software-based machine learning attempts to emulate the way the brain works in processing data," he says. "In software-based [machine learning], we gather data. In the brain ... we gather information around our surroundings."
In the context of advanced threat protection, solutions are developed with certain classifiers, Newman says. "Those classifiers consider a lot of different features that describe the behavior of any device in an enterprise network and its communications from that device, over time, to determine if that device is compromises."
But Machine Learning Systems alone are not sufficient, Newman says. They require data scientists and subject matter experts to maximize the value of the analytics.
In an interview about using machine learning for advanced threat protection, Newman discusses:
- How to make machine learning most efficient;
- The critical role of data scientists;
- Practical ways to improve threat protection.
Newman brings over 17 years of product management leadership to Damballa. He has designed products and product strategies for leading, innovative technologies throughout his career. Since joining Damballa in 2009, his team has successfully built upon the company's 16 patented/patent-pending innovations to create advanced threat detection solutions that harness big data science. Specific contributions include the creation of contextual-based detection engines; the Case Analyzer, an intelligence platform that makes automatic decisions about the status of infected devices; and Risk Profilers, which prioritize compromised assets so incident responders can take immediate action on incidents. Prior to joining Damballa, Stephen developed a range of security products for companies like EarthLink, MegaPath, Secure Computing and McAfee.