AI & Machine learning systems are essential in the modern-day.

In the films, machine-learning usually results in killer robots that take over the world. Fortunately, the reality is that this process is used by the majority of services we use daily. Facebook, Instagram, Twitter, Google, YouTube: these services collect data on our usage and learn the best way to deliver a product. What films you should be suggested to watch next, what ads you are likely to click, and what content you are most likely to engage with. 

There is in fact a great example of AI and machine learning being used in the IT industry, in this very article. Grammar and spell-checking extensions, such as Grammarly, use AI systems to analyse written text and give suggestions to writers. It does this by reading thousands of texts and constantly learning from the data it collects. The system expands its knowledge, be it perhaps on slang or tone of voice, and delivers a product that is far superior to a general spell-check. It’s a case that’s relatively personal to a writer but easily demonstrates how machine-learning works in practice – and is seemingly an example we have all seen first-hand.

Machine learning & Cyber Security

Taking the example from the section above, the reason spelling and grammar AI driven system Grammarly exists, is because the average human can’t be expected to know every single grammar technicality in the English language. Nor can they be expected to be up to date with the ever evolving quirks of the spoken and written word. As such Grammarly steps in to offer machine learning assistance, that goes above and beyond the capabilities of the human brain.

The same premise applies to cyber security, but even more so. It is impossible for even a team of human beings to stay abreast of rapidly growing cyber threat landscape. The current problem in cyber-security is that there is simply too much data for humans to look over, and conventional systems are also unable to keep up with the sheer number of malicious activities leading to vital information being missed. For example, 96% of UK Businesses Suffered a Damaging Cyber Attack in the Last Year.

The fastest growing crime in the world is cyber-crime, and it’s a vicious circle. The threat of cyber crime increases as technologies, designed to make our lives easier and more efficient, evolve and enhance. Attacks are becoming more complex and subtle, and it’s becoming increasingly difficult to correlate outwardly unimportant events across endpoints/networks to identify malicious activity, meaning potential attacks are sometimes not noticed for extended periods: and as we know, the longer it takes to notice an attack, the bigger the impact on the business.

In a nutshell, the issue is that humans and conventional systems aren’t quick enough, or sophisticated enough, to detect complex threats that are hidden amongst huge amounts of information.

This is where machine-learning comes into play. “AI-powered” threat detection and response systems can detect potentially malicious activity by analysing the vast amounts of data across an organisation’s hybrid network, and use machine learning to profile these threats.

Using rapid automated investigation, these security systems highlight suspicious behaviour and monitor correlating events, alerting IT teams to investigate further. According to Palo Alto, by integrating data from multiple sources, a team can view the root cause of alerts from any source, “accelerating investigations by 88%.”


By automatically producing precise models that analyse huge amounts of data, organisations have a much greater chance of apprehending threats early. According to well known analytics academic and senior advisor to Deloitte’s analytics and cognitive practise, Thomas H Davenport, a person can produce perhaps two good models a week, while machine-learning can produce thousands.

Machine learning systems do the heavy lifting by only alerting IT teams to highly suspicious behaviour that can’t be dealt with at the endpoint. These intelligent systems use automation to reduce notification burn out and increase a company’s security posture by vastly improving efficiency.

Avoiding notification blindness

We experience this frequently in our day-to-day lives. We’re online trying to read an article and we’re immediately bombarded with: ‘accept cookies’, ‘sign up to our newsletter’, ‘watch this ten-second advert…’ very quickly, we lose interest in what we wanted to look at. The same can be seen in IT, where teams may miss a certain threat, because they have been ‘blinded’ by the sheer number of alerts they’re receiving, resulting in that malicious activity slipping through the net and infiltrating the network, simply due to human error.

Another benefit of a machine-learning cyber-security system is that it gets better at detecting suspicious activity the longer it runs. Once it notices how to deal with a certain type of behaviour, it will learn and remember how to deal with similar types of threats again. The real added value is when these “AI Based” security solutions collaborate with their central threat databases. They are able to use the intelligence gathered by other devices in other networks, quickly increasing their knowledgebase of worldwide threats and how to defend against them effectively.

Once you’re comfortable that the machine learning in your cyber-security solutions is picking up what you’d expect and making correct decisions on seemingly suspicious activity, you can then tune the automation to decrease the burden on your IT team, freeing up their time to strategically look at how to improve your cyber posture in other areas.


With all of this in mind, it’s clear to see how AI-powered, machine learning cyber-security systems are essential in any modern-day enterprise, thanks to their ability to process mass amounts of data, and constantly learn how to tackle malicious behaviour.

As we’re all aware, cyber-crime is increasing. Not only in terms of quantity, but also in the complexity and variety of attack methods. Cyber security teams around the world are in a constant battle to stay ahead of cyber-crime innovation. I this digital age, machine learning is one of the greatest assets we have to improve our cyber defences. Not only this, it also allows us the ability to share the growing knowledge with fellow organisations, helping enterprise in general mitigate the damage new cyber threats can have, and improving security posture for all.


Your trusted source for innovation, technology insights, and market trend analysis.

Why Choose NCL?

For over a decade, we’ve developed a strong reputation amongst our customers and partners for consistently delivering services which help businesses perform optimally and securely. This is why the relationships we’ve developed over the years have become long-standing and deeply trusted.

We’re very proud to have provided continuous IT support to the MoD for over 12 years. This length of service is a testament to the trust the MoD place in our people to deliver results, time and time again. Today, we provide situational awareness of the MoD’s globally-deployed application performance while assisting in troubleshooting issues and collaborating with other delivery partners to solve problems faster.

The lessons we’ve learned in Defence are applied to our engagements with customers in the enterprise sector too, ensuring robust network and cyber management for medium to large scale organisations. We use our long-standing experience in end-to-end performance management as a foundation for all of our services, so we can better define a customer’s complete requirements and deliver a more effective solution, whatever the field of technology. Offering market-leading technology and trusted managed services from ‘Floodlight’ - our own UK sovereign SOC, we work closely with customers in Driving Digital Vigilance across industry sectors.

NCL ‘Industry Insights’ Monthly Newsletter

The NCL monthly newsletter will provide a concise roundup of all the need to know information for IT teams and leaders.