recommended reading

Machine-Learning Technologies Help Agencies Develop Highly Intelligent Security Postures

Sergey Tarasov/


By Dave Mihelcic April 17, 2017

recent posts

Dave Mihelcic is the head of federal strategy and technology at Juniper Networks.

If the recent spate of alleged Russian cyberattacks has taught us anything, security breaches can happen so quickly and stealthily, the damage will be done before anyone even realizes there was a hack.

In fact, as malicious actors become more insidious, federal network security managers are finding the reaction time between identifying and mitigating potential threats has gone from minutes to milliseconds. Factor in the volume and complexity of the threats, and it becomes evident the challenge has grown well beyond what can be managed through manual intervention.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

To successfully combat these challenges, cyber operators should consider incorporating machine-learning capabilities into their toolkit. Once used within the Defense Department primarily for real-world target recognition, machine-learning technologies have evolved to become very effective at quickly detecting and responding to potential cyber threats. Through analytics and predetermined risk factors established by cyber operators, these highly intelligent and adaptable systems can evolve to “learn” about threats as they happen and apply that knowledge to better fortify the network in anticipation of future threats.

Machine-learning tools can interact with other components of the network infrastructure to create a remarkable level of advanced threat protection. The tools can continuously evaluate and monitor web and email files in the hunt for evasive malware and use various cloud-based technologies and resources to identify risks.

They can also be used in combination with other network security solutions, including firewalls and edge and core routing and switching infrastructures, to fend off attacks and isolate infected hosts.

Let’s take a look at a hypothetical example to illustrate how machine learning works for cybersecurity. An agency’s analytics-based machine learning system may include a predetermined set of risk factors. When the system has detected enough of these risk factors have been triggered, it will take a predetermined action to help protect the network—for example, blocking access to the network.

At this point, the network security operator can step in and help “teach” the machine. If the operator examines the incident and determines it does not pose a threat, the IT team may remove some of the mitigation protocols. This effectively trains the machine to recognize something was not a hostile attack, and it is OK to ignore this type of event in the future.

Or the operator can confirm the machine’s action by allowing the block to continue. This effectively confirms to the machine an attack is underway and alerts it that it should respond accordingly to similar events in the future. Over time, the system becomes trained to intelligently determine whether or not the risk factors it is detecting indicate a hostile cyberattack.

It should be noted the treasure trove of real-time network monitoring data and analytics federal organizations have at their disposal can be an effective cybersecurity resource when used in conjunction with machine-learning tools. Instead of having predetermined analytics that always comes up with the same answers to the same questions, analytics can be adjusted and evolve over time to better respond to potential risks.

Machine learning can have a positive impact beyond enhanced security and decreased risk of hostile attacks because it can be used to create a more efficient and automated security apparatus that reduces operator workloads. The combination of machine learning with other automated network technologies, such as software-defined networking and cloud solutions, can allow operators to do more with less and free up time to pursue other mission-critical activities.

It also minimizes the risk of human error and lays the groundwork for faster development of more robust and complex systems that can effectively combat threats with minimal human intervention.

At some point, we must acknowledge without massive automation, there simply are not enough humans on Earth to manage IT infrastructures and security operations globally. Network technologies like SDN scale far too quickly, and security threats are too advanced, to leave the management of these solutions solely in the hands of human beings.

Therefore, we have no choice but to make network infrastructures more programmable, autonomous and secure. Machine learning checks off all of these boxes, all while making life much more manageable for network security operators.


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.