Jamf Blog
Data scientist teaching machine to play chess
January 30, 2023 by Jesus Vigo

What is (ML) Machine Learning in Security?

In this blog series on AI, we delve into a subset of this technology called Machine Learning (ML) and how it’s designed to effectively “learn” from all manner of resources available to grow its understanding and skills. In the case of cybersecurity, ML can be taught to increase the security posture of your endpoints – and your organization’s overall network – by monitoring, identifying, hunting, detecting and remediating against known and unknown threats as part of Deep Learning practices.

In the previous blog, we discussed artificial intelligence, covering what it is alongside common misconceptions about the misunderstood technology. We also provided some examples of how AI is making inroads in cybersecurity, helping IT and Security professionals to more easily identify and shut down attacks before they can develop into something far worse.

And while the work of certain organizations is leading the charge in the research and ethical development of AI, the focus of this blog is on Machine Learning, also referred to as ML for short. ML technology is considered a subsection AI – and not the full-blown artificial intelligence often heard of in the news. While the work of Google and OpenAI, among others, is certainly a ways off as they work toward full sentience, ML instead focuses on the benefits that can be obtained right now – today – as this technology leverages the incredible computing power of devices to help any number of industries: from healthcare to finance to genetics and genomics…and of course, cybersecurity.

While we’ll delve further into what separates AI from ML later, for now, let’s focus our attention on how the latter operates.

How does machine learning work?

We should start with this basic question first: What is machine learning?

“The use and development of computer systems that are able to learn and adapt without following explicit instructions, by using algorithms and statistical models to analyze and draw inferences from patterns in data.” – Oxford Dictionary

In lay terms, machine learning is a combination of specialized software and systems that are able to learn through a series of complex algorithms, allowing it to recognize patterns, statistical models and incorporate multiple data sources at the same time to effectively adapt (and get better) over time.

As an important part of the growing field of Data Science, ML is “trained to make classification or predictions and to uncover key insights…”, according to IBM. And while this component continues to see wider-reaching benefits to many key industries as the technology continues to grow through learning and adapting, the focus on how ML can help us to work smarter, not harder is present in many not-so-noticeable-but-oh-so-useful ways surrounding our everyday. For example, self-driving car technologies like those found in Tesla automobiles, Netflix’s useful recommendation engine or the practical use cases for improving business outcomes driven by Amazon AWS.

Each of these use cases leverages ML to achieve its ultimate goal of making the underlying technology we rely on every day and in so many different ways to work just that much better while making things considerably easier for us.

ML meets Security

Cybersecurity is one of those industries that has benefited from AI-based technologies like machine learning (and continues to bear fruit). Not in terms of replacing your entire IT and Security team as some have incorrectly surmised all things relating to the rise of AI. But rather augment your existing teams, helping them to be more proactive when responding to identified threats and attacks in real-time.

Taking it one step further, the automation properties inherent to ML significantly reduce the amount of time spent on managing common tasks while utilizing far fewer resources in carrying out processes.

Going yet one step further, the speed and capability intrinsic to ML allow for the processing of data at levels that are far beyond that of mere mortals. Regardless of how awesome your IT and Security teams are, the fact is that they are human and require basic needs in order to function optimally. Fundamental needs relating to diet, sleep and exercise can cause us to feel sluggish or lack focus and can affect us in a series of physical, mental and emotional ways. Often if the lack of any of these is severe enough, health-related issues can emerge which further impact our ability to function.

…but not computer systems. They don’t need bathroom breaks, power naps, time to relax or even a bite of your favorite fast-food or caffeine-infused beverage to keep the gears turning. They can operate 24x7x365 and continue to operate at the same efficiency level after forty-eight hours of being up as they did during the first hour.

Lastly, and this is really the incredible bit, computers were designed to make short work out of large swaths of data. After all, that’s why we rely on them so heavily, isn’t it? So it really shouldn’t come as a surprise that leveraging ML’s algorithms to make cybersecurity simpler, more proactive, less expensive and far more effective, all thanks due to its capability of quickly processing:

  • threat intelligence information
  • rich telemetry data
  • threat and advanced attack patterns
  • large, complex data sets
  • identified trends and anomalies

Not just that, but ML can also translate the data learned into actionable tasks automatically, such as:

  • make recommendations for greater protection
  • scale up security solutions to defend against threats
  • defend against advanced attacks, polymorphic malware
  • identify unknown threats lurking within systems


Machine Learning is a part of Artificial Intelligence, but make no mistake, it is distinct in its approach and operation, making them different in more ways than similar at an operational level. This description from Columbia University can sum up their differences much more concisely: “Put in context, artificial intelligence refers to the general ability of computers to emulate human thought and perform tasks in real-world environments, while machine learning refers to the technologies and algorithms that enable systems to identify patterns, make decisions, and improve themselves through experience and data.”

As mentioned before, AI is still quite a way from realizing its full-on potential and how that translates into benefits for society at large. ML on the other hand offers just enough of that potential today, that we can measure the benefits in key industries.

ML reasoning works to understand cybersecurity threats and cyber risk by consuming billions of data artifacts, but also to perform analysis on data consumed to determine what relationships exist between a multitude of threat vectors” – Jamf

While ML technology continues to evolve and incorporate itself into more and more ways that befit our day-to-day usage, the driving factor for incorporating machine learning into security solutions is the benefit of analyzing data points to improve an organization’s security posture.


If you’re familiar with Jamf’s machine learning engine, MI:RIAM, nice to see you again! For those yet to have made their acquaintance, allow us to introduce you.

Standing for Machine Intelligence: Real-time Insights and Analytics Machine, MI:RIAM is the advanced machine learning technology that drives threat intelligence while aiding in threat hunting as a component of Jamf Protect.

As a core function of ML technologies, MI:RIAM is able to enhance security protection capabilities to identify more threats and prevent threats from impacting systems. All this alongside the following sample of its abilities to:

  • Scrape articles, technical papers and studies to curate data
  • Catalog data to further enhance and share knowledge globally
  • Prioritize decisions made to best protect endpoints based on formulations
  • Offer holistic protection by providing granular protections that are industry-specific

The result of the ML engine? MI:RIAM is responsible for automating and performing the following tasks to keep your device fleet, users and sensitive data safe and secure from risk and security threats. Below you’ll find a smattering of what MI:RIAM is capable of:

  • Discover zero-day attacks, such as phishing attempts
  • Automatically block sophisticated attacks on the network to prevent loss of sensitive and critical data, such as data exfiltration
  • Perform app insights with vetting workflows to create detailed threat intelligence reports, including listing permissions and embedded URLs that put data at risk
  • Working alone or alongside first- and third-party tools to allow enforcement of security policies while tailoring protections on the fly
  • Automated remediation of endpoint threats based on comprehensive risk assessments and performed in real-time

Not sure how to implement ML-based technologies to strengthen your organization’s security posture?

Get started with machine learning and begin automating your cybersecurity defense workflows today.

Photo of Jesus Vigo
Jesus Vigo
Jesus Vigo, Sr. Copywriter, Security.
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.