Data science can be just a numbers game if it is not used to its full potential.

SwissCognitiveA key part of digital transformation and the move to digital services is data science. Data science enables people to respond to problems in a better way, and to also understand those problems in a way that would not have been possible 50 years ago.

But data science can be just a numbers game if it is not used to its full potential. Utilised properly, data science can help people and decisions to become ‘predictive’. In the case of cybersecurity, IT professionals may be able to predict bad events before they occur. Forcepoint’s Asia Pacific strategic business director Nick Savvides explains more.

“There is one thing that security teams, firewalls, antivirus programs, email protection, intrusion detection systems have in common – they’re all tasked with determining if an action or event is ‘good’ or ‘bad’. This is a classification problem, and one that has advanced over time.” Savvides says.

Machine learning and artificial intelligence have been key to the data science revolution because they approach these classification problems in a way that can lead to predictive behaviour.

Here are five critical steps in applying data science to cybersecurity, and how they come together to create an action plan.

1. Signals

Signals is another way of describing inputs such as data from applications and users. “Obtain as many signals as you can from the things that you can control,” says Savvides. The more signals an organisation has, the easier it is to understand what’s going on.

Thank you for reading this post, don't forget to subscribe to our AI NAVIGATOR!


Indicators of compromise (IoCs) are related to a particular security threat, which act as ‘fingerprints’ or traces that attackers leave behind. These can help businesses determine whether they have been – or may soon be – compromised.

“We can take those signals, apply data science and then say, ‘I predict that this IoC might be a risk to the organisation’. A system can then can automatically implement controls that stop an unwanted action before it happens.”

“A system can also take signals from devices and the cloud, analyse them, and form a predictive approach. It could go even further and integrate at the network layer – not just at the points where the user and data leaves, but also in the transit in between.”

Solutions based on the Secure Access Service Edge (SASE) architecture sit at the edge of the cloud between the user and the application data. SASE solutions can capture signals from the user, the machine, applications, internet connections, and connectivity. It’s a powerful way to use signals to shape prediction.

2. Behaviour
Indicators of behaviour (IoBs) focus on events generated by users interacting with data and applications. They outline how a user or a threat behaves in an environment.

By understanding how an employee or contractor typically behaves, it’s possible to identify high-risk behaviour that could indicate a malicious insider or compromised account. These work in conjunction with signals to determine different behaviours from different actions. […]

Read more: