Over the past few years, the number of network protection technologies that purport to include machine learning (ML) based features has grown exponentially. Unfortunately, most people in purchasing positions for network defense software are unfamiliar with the field of ML. Oftentimes it can be difficult to tell how effectively the software is applying ML, what types of ML is being applied, and whether the software really includes ML at all. On the other side of the spectrum, correctly applied ML can look like magic, and sometimes a healthy dose of skepticism prevents companies from purchasing and applying valid capabilities that can significantly benefit their organization.
This talk aims to help you become an educated ML consumer. We’ll discuss what constitutes ML and what doesn’t and what types of ML you should expect to see. We’ll give a brief overview of different types of ML capabilities. This will be followed up with a discussion on what capabilities you can expect from different types of software, as well as what may be overselling capabilities. By the end of this discussion I hope that you have a better understanding regarding how ML can (and should!) help you monitor and secure your network.
Note that we will not be reviewing or recommending specific packages, but rather looking at the field as a whole.