Machine Learning for Enterprise Security.

Enterprise security is about protecting an enterprise's computing infrastructure and the enterprise's sensitive information stored and processed by the infrastructure. We secure the infrastructure and the information by combining three steps: (a) prevention, i.e., preventing security breaches to the extent possible, (b) detection, i.e., detecting breaches as soon as possible since prevention is not fool-proof, and (c) recovery, i.e., recovering from and responding to breaches after detection. Prior work, both in academia and in industry, has focused on prevention and detection, whereas recovery is a relatively unexplored area. Machine learning as a discipline has had a significant impact over the state of the art in enterprise security in the last few years, especially in the prevention and detection steps. However, widespread adoption remains a challenge for several reasons. In this talk, we describe current uses of machine learning in the prevention and detection steps, and highlight a few key challenges. We then discuss future opportunities for machine learning to improve the state of the art in recovery.