Machine Learning in the SOC--Part 3: Best Practices for Success

Machine learning has the power to transform your security operations, but as with any powerful technology, it needs to be approached strategically. Through our first-hand experience with helping organizations across the world implement and operationalize machine learning in their SOCs, we have identified four best practices that are critical for achieving success. Terms like artificial intelligence (AI) and machine learning are popular in our industry, but there's a lot of snake oil with vendors claiming to use these technologies. Do your homework to understand what type of machine learning a vendor uses and whether or not that type of machine learning meets your security team's needs. Knowing just a little bit about how machine learning works can help you ask better questions when evaluating a vendor, like "What threats are not covered with existing tools and techniques?" or "Which data feeds contain valuable information but are currently underutilized?"