Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:30 AM
Joshua Goldfarb
Joshua Goldfarb
Connect Directly
E-Mail vvv

8 Security Buzzwords That Are Too Good to Be True

If you can't get straight answers about popular industry catchphrases, maybe it's time to ask your vendor: How do you actually use the technology?

There is an important security lesson in this famous saying: "If it seems too good to be true, then it probably is." If we take a step back and think about it, both a great deal and a scam present extraordinarily well. Both appear to offer a must-have solution to a challenge. Yet one is very real and the other very unreal. At the same time, vendors in information security are all too quick to throw buzzwords around in an attempt to convince us that their solutions fit the bill. Given this type of environment, how can organizations understand what is good and true versus what is too good to be true?

It is in this spirit that I offer my thoughts to help organizations navigate eight specific buzzwords that I have repeatedly encountered in the security field:

  1. Artificial intelligence: The list of vendors talking about artificial intelligence (AI) is a long one — and getting longer every day. Don't let the buzzword impress you and throw you off course. Regardless of the problem you're looking to solve, ask the vendor to explain to you how, specifically, it uses AI and how that helps the company solve your problem. For example, if a vendor is praising the AI in its endpoint solution, ask some pointed questions. On what data does it operate? How does it scale and perform on an enterprise scale? At a high level, how does the AI approach identify what is interesting and should generate an alert? What is the false-positive percentage in a large enterprise production environment? How are false positives minimized?
  2. Machine learning: Machine learning is another popular catchphrase. It's easy to be impressed by the science-like sound that "machine learning" has, but at the end of the day, it's just another approach that may or may not help you improve your security posture. As with AI, it's important to understand details around how the vendor uses machine learning. Pointed questions are again your friend. For example, if you're looking at a malware detection solution, you need to understand how the vendor uses machine learning to identify malware while at the same time minimizing false positives. If you can't get straight answers to some simple questions, it's time to ask another question: Does this vendor really use machine learning effectively, or even at all?
  3. Next-generation: My parents are humans. I am a next-generation human. That doesn't tell you anything about me other than the fact that I am one generation newer than my parents. Lots of vendors proffer their next-gen solution. But that just means it's newer than the competitor's. What's more important than how new or old a solution is whether or not it meets your needs and addresses the challenges that you need to address. If salespeople from a vendor start up with the next-gen rhetoric, tell them to stop. Let them know the challenges you face and ask them to describe to you, in a buzzword-free zone, precisely how their solution will help you address your challenges. What should ensue is a straightforward discussion. If it doesn't, it's time to move on to the next vendor.
  4. Data-driven: Can you show me one security solution these days that isn't data-driven? This term isn't so much a differentiator as it is a basic requirement. Every security solution operates on data — we all know that. What is much more important to understand in detail is how exactly a solution obtains data, what type of data is obtained, how it operates on that data, how and where it stores that data, how true positives are identified, how false positives are minimized, and how the solution scales. Leave the buzzwords out of that discussion.
  5. Real-time: Nothing is real-time. Want proof? Stub your toe. It takes about one to two seconds until you feel the pain. All the more so in information security, where we have an enterprise-worth of information flying around the network, endpoints, and cloud environments. If vendor reps come in touting their "real-time solution" for this or that, call them on it. They should be able to give you a reasonable idea of how long it takes for data to be ingested, processed, and analyzed by their solution. In most modern solutions, it's probably anywhere from 30 seconds to a few minutes. And you know what? That's fine. I consider detection within a few hours to be a victory. A few minutes of latency from my tools isn't going to make or break me, particularly if it means that they are going to do a better job at identifying true positives and reducing false positives. If this sounds like a disappointment to you, wake up. And if vendor reps still insist that their solution is real-time, send them packing.
  6. Anomaly detection: Every security professional would love a way to find that stealth anomaly that flew under the radar. You know what, though? On a real enterprise network, there is a lot of strange stuff. So much so that many things look like an anomaly, even though they may be benign. Just doing anomaly detection isn't enough. A vendor needs to be able to explain what it's up to conceptually, and how that is going to help you identify malicious anomalous behavior. If the solution isn't smoke and mirrors, this should be a fairly straightforward conversation.
  7. Analytics: If you think about it, analytics is really just looking at data from a number of different perspectives, angles, and vantage points to find patterns of interest. In any solution that purports to use analytics, it's important to understand what data it operates on, how it identifies activity of interest, and how it filters and refines its findings to ensure high fidelity and low noise. Anything less is just empty marketing talk.
  8. Automation: When done properly, automation can greatly improve efficiency and reduce the load on an organization's human resources. What does "when done properly" mean? It means that automation must be done in support of and in line with the processes and procedures of the organization. Just automating things for automation's sake won't actually help introduce efficiencies. So when vendor salespeople come in boasting about their automation capability, ask them to elaborate on how exactly they can automate specific parts of your processes and procedures that are draining your valuable resources. A very targeted discussion should ensue, and if it doesn't, then something is amiss.

Related Content:


Black Hat Europe returns to London Dec. 3-6, 2018, with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Josh (Twitter: @ananalytical) is an experienced information security leader who works with enterprises to mature and improve their enterprise security programs.  Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. T...
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. Howeve...
PUBLISHED: 2020-09-23
An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar...
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory a...
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains...