Machine learning is still a relatively new field and many people haven’t yet figured the distinction between what’s possible and what’s speculation. One of the most important facets of machine learning from an SAP perspective is security. The crux of the idea behind machine learning with a focus on SAP security is to teach the machine what sort of data is considered normal and what sort of data is considered anomalous. Additionally, the system may be taught to inspect logs in order to determine what constitutes a security breach and what regular activity on the SAP server looks like. However, as with many computer-based solutions, even after teaching the system the basic tell-tale signs it should be aware of, the system is never 100% right all the time.
Machine Learning and SAP Security
SAP, being a database architecture, has a lot of things that serve as potential entry points for exploitation. In the past, dealing with these potential points of entry could be problematic since so many of them are likely to exist in a single install. It would end up as a fight between trying to anticipate where an attack would happen or trying to catch an attack before it could cause significant damage. With SAP’s approach to machine learning, basic things like SQL injection and malicious script upload could be automated. Log entries generated from these issues could be spotted and the requisite action taken to the user or IP as the case may be. There are some significant limitations to this system, however.
Managed Security Alongside Machine Learning
SAP’s benefit is that their data scientists and engineers are well aware of the things that could potentially arise to cause problems for an SAP install. To this end, they can develop machine learning technology based around teaching the system about these things. Each SAP install is unique with its interactions and this may present an issue since an anomalous activity in one particular system might be regular operation in another. Having security personnel that can determine on their own merit what should be investigated and what can safely be ignored is still a necessity. Even though machine learning is quite good at what it does, it can only be used within strictly defined parameters. In the world of security, where it’s a constant arms race against malicious exploits, machine learning might only be semi-equipped to deal with new advances as they occur.
Dealing with Non-Traditional Attacks
While the system can be used with automated attacks, things like social engineering is likely to be on a different level, since it no longer directly deals with the database system on its own. With machine learning we can set up checks and balances that are able to determine whether an attempt at social engineering is being instituted or not. Fraud leaves signs that are machine readable, especially when everything is linked to the same system. Post-editing of email addresses and other seemingly innocent tasks from a CSR (like adding or removing purchase items) happen on a regular basis, but over time the system will spot patterns and are likely to see fraud setups long before they come to fruition. Machine learning these sorts of tasks can only be done over a longer period of observation and while it may set flags up when situations like this occur, it still needs a human to investigate since, at its core, social engineering focuses on the fallibility of humans, and not that of the system itself.
The Future of Database Security?
Machine learning provides a very interesting place to start from when it comes to automated security, but at the current levels of technology, it’s unlikely we will have unsupervised security coming along any time soon. The human element has always been and will continue to be a major part of designing and using exploits. The best we can do at this juncture is to trust SAP’s tools, the latest of which is the implementation of machine learning to help us make decisions about the system’s security. Machine learning isn’t fallible, but its strictures make it inflexible. It operates within rigorously defined parameters which can be a blessing as well as a curse. In system security, adaptability is important, and the addition of a human alongside the machine learning tools can make for a formidable barrier to those wanting to exploit an SAP system.