Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

11/20/2018
10:30 AM
Joshua Goldfarb
Joshua Goldfarb
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

8 Security Buzzwords That Are Too Good to Be True

If you can't get straight answers about popular industry catchphrases, maybe it's time to ask your vendor: How do you actually use the technology?

There is an important security lesson in this famous saying: "If it seems too good to be true, then it probably is." If we take a step back and think about it, both a great deal and a scam present extraordinarily well. Both appear to offer a must-have solution to a challenge. Yet one is very real and the other very unreal. At the same time, vendors in information security are all too quick to throw buzzwords around in an attempt to convince us that their solutions fit the bill. Given this type of environment, how can organizations understand what is good and true versus what is too good to be true?

It is in this spirit that I offer my thoughts to help organizations navigate eight specific buzzwords that I have repeatedly encountered in the security field:

  1. Artificial intelligence: The list of vendors talking about artificial intelligence (AI) is a long one — and getting longer every day. Don't let the buzzword impress you and throw you off course. Regardless of the problem you're looking to solve, ask the vendor to explain to you how, specifically, it uses AI and how that helps the company solve your problem. For example, if a vendor is praising the AI in its endpoint solution, ask some pointed questions. On what data does it operate? How does it scale and perform on an enterprise scale? At a high level, how does the AI approach identify what is interesting and should generate an alert? What is the false-positive percentage in a large enterprise production environment? How are false positives minimized?
  2. Machine learning: Machine learning is another popular catchphrase. It's easy to be impressed by the science-like sound that "machine learning" has, but at the end of the day, it's just another approach that may or may not help you improve your security posture. As with AI, it's important to understand details around how the vendor uses machine learning. Pointed questions are again your friend. For example, if you're looking at a malware detection solution, you need to understand how the vendor uses machine learning to identify malware while at the same time minimizing false positives. If you can't get straight answers to some simple questions, it's time to ask another question: Does this vendor really use machine learning effectively, or even at all?
  3. Next-generation: My parents are humans. I am a next-generation human. That doesn't tell you anything about me other than the fact that I am one generation newer than my parents. Lots of vendors proffer their next-gen solution. But that just means it's newer than the competitor's. What's more important than how new or old a solution is whether or not it meets your needs and addresses the challenges that you need to address. If salespeople from a vendor start up with the next-gen rhetoric, tell them to stop. Let them know the challenges you face and ask them to describe to you, in a buzzword-free zone, precisely how their solution will help you address your challenges. What should ensue is a straightforward discussion. If it doesn't, it's time to move on to the next vendor.
  4. Data-driven: Can you show me one security solution these days that isn't data-driven? This term isn't so much a differentiator as it is a basic requirement. Every security solution operates on data — we all know that. What is much more important to understand in detail is how exactly a solution obtains data, what type of data is obtained, how it operates on that data, how and where it stores that data, how true positives are identified, how false positives are minimized, and how the solution scales. Leave the buzzwords out of that discussion.
  5. Real-time: Nothing is real-time. Want proof? Stub your toe. It takes about one to two seconds until you feel the pain. All the more so in information security, where we have an enterprise-worth of information flying around the network, endpoints, and cloud environments. If vendor reps come in touting their "real-time solution" for this or that, call them on it. They should be able to give you a reasonable idea of how long it takes for data to be ingested, processed, and analyzed by their solution. In most modern solutions, it's probably anywhere from 30 seconds to a few minutes. And you know what? That's fine. I consider detection within a few hours to be a victory. A few minutes of latency from my tools isn't going to make or break me, particularly if it means that they are going to do a better job at identifying true positives and reducing false positives. If this sounds like a disappointment to you, wake up. And if vendor reps still insist that their solution is real-time, send them packing.
  6. Anomaly detection: Every security professional would love a way to find that stealth anomaly that flew under the radar. You know what, though? On a real enterprise network, there is a lot of strange stuff. So much so that many things look like an anomaly, even though they may be benign. Just doing anomaly detection isn't enough. A vendor needs to be able to explain what it's up to conceptually, and how that is going to help you identify malicious anomalous behavior. If the solution isn't smoke and mirrors, this should be a fairly straightforward conversation.
  7. Analytics: If you think about it, analytics is really just looking at data from a number of different perspectives, angles, and vantage points to find patterns of interest. In any solution that purports to use analytics, it's important to understand what data it operates on, how it identifies activity of interest, and how it filters and refines its findings to ensure high fidelity and low noise. Anything less is just empty marketing talk.
  8. Automation: When done properly, automation can greatly improve efficiency and reduce the load on an organization's human resources. What does "when done properly" mean? It means that automation must be done in support of and in line with the processes and procedures of the organization. Just automating things for automation's sake won't actually help introduce efficiencies. So when vendor salespeople come in boasting about their automation capability, ask them to elaborate on how exactly they can automate specific parts of your processes and procedures that are draining your valuable resources. A very targeted discussion should ensue, and if it doesn't, then something is amiss.

Related Content:

 

Black Hat Europe returns to London Dec. 3-6, 2018, with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Josh (Twitter: @ananalytical) is an experienced information security leader who works with enterprises to mature and improve their enterprise security programs.  Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
The Flaw in Vulnerability Management: It's Time to Get Real
Jim Souders, Chief Executive Officer at Adaptiva,  8/15/2019
Tough Love: Debunking Myths about DevOps & Security
Jeff Williams, CTO, Contrast Security,  8/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5638
PUBLISHED: 2019-08-21
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user accou...
CVE-2019-6177
PUBLISHED: 2019-08-21
A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Le...
CVE-2019-10687
PUBLISHED: 2019-08-21
KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request.
CVE-2019-11601
PUBLISHED: 2019-08-21
A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location.
CVE-2019-11602
PUBLISHED: 2019-08-21
Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure.