Machine learning tool helps county detect cyber risks -- GCN

To modernize cybersecurity for Livingston County, Mich., officials turned to a machine learning tool that can find anomalies in behaviors without previous knowledge of what to look for. Darktrace's Enterprise Immune System is powered by unsupervised machine learning, meaning county officials didn't have to tell it what to watch out for using rules or signatures. Instead, they plugged it in and let it run for three weeks so that it could learn about the network's typical behavior, establishing what's called a "pattern of life." Then when the system detects something out of the ordinary, an alert is issued in real time. "A tool like this works best when it's placed where it can see the traffic we're most interested in," county Deputy Chief Information Security Officer Paul Curylo said. "We placed it such that we can see traffic of interest traversing through our core as well as traffic traversing out to the internet."