Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:30 AM
Joshua Goldfarb
Joshua Goldfarb
Connect Directly
E-Mail vvv

8 Security Buzzwords That Are Too Good to Be True

If you can't get straight answers about popular industry catchphrases, maybe it's time to ask your vendor: How do you actually use the technology?

There is an important security lesson in this famous saying: "If it seems too good to be true, then it probably is." If we take a step back and think about it, both a great deal and a scam present extraordinarily well. Both appear to offer a must-have solution to a challenge. Yet one is very real and the other very unreal. At the same time, vendors in information security are all too quick to throw buzzwords around in an attempt to convince us that their solutions fit the bill. Given this type of environment, how can organizations understand what is good and true versus what is too good to be true?

It is in this spirit that I offer my thoughts to help organizations navigate eight specific buzzwords that I have repeatedly encountered in the security field:

  1. Artificial intelligence: The list of vendors talking about artificial intelligence (AI) is a long one — and getting longer every day. Don't let the buzzword impress you and throw you off course. Regardless of the problem you're looking to solve, ask the vendor to explain to you how, specifically, it uses AI and how that helps the company solve your problem. For example, if a vendor is praising the AI in its endpoint solution, ask some pointed questions. On what data does it operate? How does it scale and perform on an enterprise scale? At a high level, how does the AI approach identify what is interesting and should generate an alert? What is the false-positive percentage in a large enterprise production environment? How are false positives minimized?
  2. Machine learning: Machine learning is another popular catchphrase. It's easy to be impressed by the science-like sound that "machine learning" has, but at the end of the day, it's just another approach that may or may not help you improve your security posture. As with AI, it's important to understand details around how the vendor uses machine learning. Pointed questions are again your friend. For example, if you're looking at a malware detection solution, you need to understand how the vendor uses machine learning to identify malware while at the same time minimizing false positives. If you can't get straight answers to some simple questions, it's time to ask another question: Does this vendor really use machine learning effectively, or even at all?
  3. Next-generation: My parents are humans. I am a next-generation human. That doesn't tell you anything about me other than the fact that I am one generation newer than my parents. Lots of vendors proffer their next-gen solution. But that just means it's newer than the competitor's. What's more important than how new or old a solution is whether or not it meets your needs and addresses the challenges that you need to address. If salespeople from a vendor start up with the next-gen rhetoric, tell them to stop. Let them know the challenges you face and ask them to describe to you, in a buzzword-free zone, precisely how their solution will help you address your challenges. What should ensue is a straightforward discussion. If it doesn't, it's time to move on to the next vendor.
  4. Data-driven: Can you show me one security solution these days that isn't data-driven? This term isn't so much a differentiator as it is a basic requirement. Every security solution operates on data — we all know that. What is much more important to understand in detail is how exactly a solution obtains data, what type of data is obtained, how it operates on that data, how and where it stores that data, how true positives are identified, how false positives are minimized, and how the solution scales. Leave the buzzwords out of that discussion.
  5. Real-time: Nothing is real-time. Want proof? Stub your toe. It takes about one to two seconds until you feel the pain. All the more so in information security, where we have an enterprise-worth of information flying around the network, endpoints, and cloud environments. If vendor reps come in touting their "real-time solution" for this or that, call them on it. They should be able to give you a reasonable idea of how long it takes for data to be ingested, processed, and analyzed by their solution. In most modern solutions, it's probably anywhere from 30 seconds to a few minutes. And you know what? That's fine. I consider detection within a few hours to be a victory. A few minutes of latency from my tools isn't going to make or break me, particularly if it means that they are going to do a better job at identifying true positives and reducing false positives. If this sounds like a disappointment to you, wake up. And if vendor reps still insist that their solution is real-time, send them packing.
  6. Anomaly detection: Every security professional would love a way to find that stealth anomaly that flew under the radar. You know what, though? On a real enterprise network, there is a lot of strange stuff. So much so that many things look like an anomaly, even though they may be benign. Just doing anomaly detection isn't enough. A vendor needs to be able to explain what it's up to conceptually, and how that is going to help you identify malicious anomalous behavior. If the solution isn't smoke and mirrors, this should be a fairly straightforward conversation.
  7. Analytics: If you think about it, analytics is really just looking at data from a number of different perspectives, angles, and vantage points to find patterns of interest. In any solution that purports to use analytics, it's important to understand what data it operates on, how it identifies activity of interest, and how it filters and refines its findings to ensure high fidelity and low noise. Anything less is just empty marketing talk.
  8. Automation: When done properly, automation can greatly improve efficiency and reduce the load on an organization's human resources. What does "when done properly" mean? It means that automation must be done in support of and in line with the processes and procedures of the organization. Just automating things for automation's sake won't actually help introduce efficiencies. So when vendor salespeople come in boasting about their automation capability, ask them to elaborate on how exactly they can automate specific parts of your processes and procedures that are draining your valuable resources. A very targeted discussion should ensue, and if it doesn't, then something is amiss.

Related Content:


Black Hat Europe returns to London Dec. 3-6, 2018, with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.

Josh (Twitter: @ananalytical) is currently Director of Product Management at F5.  Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye.  Prior to joining nPulse, ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-17
An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability in the login page allows an attacker to craft a URL, with a constructor.constructor substring in the username field, that executes a payload when the user visits the /Account/Login page.
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
PUBLISHED: 2021-01-15
Docker Desktop Community before on macOS mishandles certificate checking, leading to local privilege escalation.
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...