* [Blog](https://www2.paloaltonetworks.com/blog)
* [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/)
* [Product Features](https://www2.paloaltonetworks.com/blog/security-operations/category/product-features/)
* Machine Learning: The Ide...

# Machine Learning: The Ideal Ally for Security Analysts

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fmachine-learning-the-ideal-ally-for-security-analysts%2F)  
[](https://twitter.com/share?text=Machine+Learning%3A+The+Ideal+Ally+for+Security+Analysts&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fmachine-learning-the-ideal-ally-for-security-analysts%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fmachine-learning-the-ideal-ally-for-security-analysts%2F&title=Machine+Learning%3A+The+Ideal+Ally+for+Security+Analysts&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/machine-learning-the-ideal-ally-for-security-analysts/&ts=markdown)  
\[\](mailto:?subject=Machine Learning: The Ideal Ally for Security Analysts)  
Link copied  
By [Jane Goh](https://www.paloaltonetworks.com/blog/author/jane-goh/?ts=markdown "Posts by Jane Goh")  
Jul 17, 2018  
4 minutes  
[Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)  
[Cortex XSOAR](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar/?ts=markdown)  
[Incident Response](https://www.paloaltonetworks.com/blog/tag/incident-response/?ts=markdown)  
[Machine Learning](https://www.paloaltonetworks.com/blog/tag/machine-learning/?ts=markdown)  
[SOAR](https://www.paloaltonetworks.com/blog/tag/soar/?lang=ja&ts=markdown)

Machine learning, a subset of artificial intelligence, is the practice of using algorithms and large data sets or Big Data to develop insights ranging from which movie a Netflix user may want to watch next to recommendations about cybersecurity incident handling.

According to consulting firm [McKinsey](https://www.mckinsey.com/industries/high-tech/our-insights/an-executives-guide-to-machine-learning), "the unmanageable volume and complexity of the big data that the world is now swimming in have increased the potential of machine learning---and the need for it."

For security professionals, machine learning capabilities can increase responder productivity and enable leaner, more efficient security operations. Humans however, not machines, must direct and guide machine learning algorithms to achieve the business goals and objectives that the computers are given.

## **Machine Learning, Big Data, and Security**

The best way to understand how machine learning can be beneficial for security analysts is to perhaps look at another field with similar operational efficiency goals that is currently taking advantage of Big Data, and prospering - Marketing.

Marketers are using machine learning for marketing automation to increase profits and operational efficiency, while reducing costs by leveraging new and existing data sets available to their businesses and mining them for insights. Capgemini Consulting [found](https://criteo-2421.docs.contently.com/v/idc-research-can-machines-be-creative) that "58 percent of enterprises are tackling the most challenging marketing problems with AI and machine learning first, prioritizing personalized customer care and new product development." With machine learning tools and platforms, marketers, armed with Big Data are now adding more value to an organization than ever before.

Like marketing automation, the use of machine learning for security is a fast-growing trend due to the large amount of data generated by security incidents and threats. By leveraging machine learning algorithms, security staff can more easily manage their operational environment and focus on higher level strategic tasks that add value to the organization instead of more menial tasks.

## **Machine Learning Use-Cases for Security Analysts**

One security machine learning use case is **security expert suggestions**. End-to-end handling of incident response is rarely an isolated process yet analysts often operate in silos while performing investigations, unaware of their colleagues' specific skill-sets for handling complex incidents. Additionally, junior analysts may operate in the dark while handling incidents that senior analysts could easily solve if they weren't occupied with day-to-day operations.

A machine learning enabled collaborative space can provide a needed platform where analysts can invite their teammates to conduct joint investigations. Machine learning can enable the mining of historical references of all closed incidents, specifically looking at manual actions performed by analysts in the past. After parsing through the data, automated suggestions by the top analysts can provide relevant assistance for an incident.

![Machine Learning Image](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/07/Machine-Learning-Image.jpg)

Such a collaborative space will provide a consistent decrease in resolution times and increase in resolution quality. It will also act as a guide for junior analysts by highlighting which experts can help them through specific incidents, thus reducing error rate and analyst anxiety.

Another machine learning use case is **playbook task creation**. After playbooks make the initial journey from paper onto a Security Orchestration, Automation \& Response (SOAR) platform, they facilitate automated response but may not undergo any further measurement and review. Unless analysts capture better knowledge from elsewhere and feed it into the platform, the benefits of these playbooks plateau after a period of time.

A Security Orchestration, Automation \& Response (SOAR) platform with machine learning enables security staff to better harmonize actions across products, manage incidents within a platform, collaborate in real-time, and learn from the latest data.

By facilitating the creation of **custom playbook tasks using machine learning** to accelerate only the most relevant tasks, analysts can be presented with suggestions for arguments and parameters that fit best with the most relevant inputs and commonly used arguments. This not only reduces alert fatigue and lead to quicker incident triage, but the playbooks that use machine learning also help alleviate the eventual stagnation in efficacy of static playbooks.

## **The Future of Machine Learning for Security Operations**

Machine learning enabled security operations are an emerging trend that will only accelerate as threats and data volumes increase, coupled with the need for knowledge management and expert advice. By leveraging machine learning algorithms, tools and platforms, security staff will more easily be able to manage their operational environment and focus on higher level strategic tasks that add value to their organization. Like the marketers armed with Big Data and machine learning tools and platforms who are increasing profits and operational efficiency while reducing costs, security operations can also now add more value to an organization than ever before.

*** ** * ** ***

To learn more about specific machine learning applications in security operations, you can [download our whitepaper](https://start.paloaltonetworks.com/cortex-xsoar-top-machine-learning-use-cases.html) that highlights how Cortex XSOAR uses machine learning to enhance incident response efficiency.

*** ** * ** ***

## Related Blogs

### [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Using Artificial Intelligence to Enhance Cybersecurity Training](https://www2.paloaltonetworks.com/blog/security-operations/using-artificial-intelligence-to-enhance-cybersecurity-training/)

### [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### How Cortex XSOAR "Jobs" Enable Proactive Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/feature-focus-how-cortex-xsoar-jobs-enable-proactive-security-operations/)

### [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Need For Speed: How Security ChatOps Helps SOCs Reduce MTTR](https://www2.paloaltonetworks.com/blog/security-operations/need-for-speed-how-security-chatops-helps-socs-reduce-mttr/)

### [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Frequently Asked Questions About Security ChatOps](https://www2.paloaltonetworks.com/blog/security-operations/frequently-asked-questions-about-security-chatops/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### What's Next with Cortex](https://www2.paloaltonetworks.com/blog/2023/03/whats-next-in-cortex/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Building a Phishing Email Classifier in Cortex XSOAR](https://www2.paloaltonetworks.com/blog/security-operations/phishing-email-classifier-in-cortex-xsoar/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language