Big data and machine learning will play increasingly critical roles in improving information security, predicts Will Cappelli, a vice president of research at Gartner.
Even today, the demand for the technologies is strong, he points out. "In terms of market size, Gartner estimates that in 2016 the world spent approximately $800 million on the application of big data and machine learning technologies to security use cases," he says in an interview with Information Security Media Group. "About 80 percent of that was big data; about 20 percent was machine learning."
Enterprises are looking at these technologies as two components of a single architecture, he says. A typical use case would be to deploy a big data log management platform and then deploy some kind of machine learning capability on top of that platform to enable the automated discovery of hidden patterns in this data that indicate, for example, unauthorized access, he says.
"For instance we see many of our big clients use big data technologies to ingest application logs, and then use machine learning to discover the departures from normal behavior," he says. The use of these two technologies will prove essential for more organizations in the years ahead as a powerful cybersecurity tools, he predicts.
In this interview (see audio link below photo), Cappelli also discusses:
- The evolution of big data and machine learning from broader IT applications to specific security functions;
- Emerging use cases for the technologies;
- Prerequisites to deploying these technologies.
Cappelli is a Gartner Research vice president in the enterprise management area, focusing on the application of big data and machine learning technologies to IT operations as well as application performance monitoring. Previously, he was a research director at Meta Group and held a variety of analyst and management positions at a number of research firms, including Forrester/Giga Information Group, Ovum, New Science Associates and Real Decisions Corp.