Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

1/9/2019
02:30 PM
John Omernik
John Omernik
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail vvv
50%
50%

Cutting Through the Jargon of AI & ML: 5 Key Issues

Ask the tough questions before you invest in artificial intelligence and machine learning technology. The security of your enterprise depends on it.

When looking at the artificial intelligence (AI) and machine learning (ML) components of information security products, it's easy to get overwhelmed by the glut of marketing buzzwords. As a decision maker, how do you cut through the jargon to fully understand what you're purchasing?

The key is in asking the right questions before purchasing a product. Here is my short list of key issues to address:

Issue 1: Technical Components
Sometimes vendors make big AI/ML claims but their products only use simple classification algorithms on a single type of data. Buyers need to ask which algorithms and frameworks are being used and whether these are existing algorithms or custom solutions developed by the vendor.

When vendors talk about how they implement AI/ML, buyers can get a better sense of whether they're buying a point solution or a more comprehensive one. Note there is no right or wrong answer here unless a vendor point blank refuses to disclose what goes into its AI/ML. What you're really looking for is transparency and a conversation on how its product will use AI/ML to protect your assets.

Issue 2: Flexibility
It's important to understand whether AI/ML models are flexible and can be altered by the consumer. Vendors may claim their proprietary AI/ML security solution will solve "all your problems." However, this should be a warning sign to any buyer. The truth is that algorithms are only a small component of how data flows through an enterprise security solution. By understanding how flexible a model is, and whether it can be customized after purchase, you'll be able to make a more-informed purchase. Organizations have different needs. There is no one-size-fits-all solution here, especially when it comes to security.

Issue 3: Applications
Before you buy, you need to ask whether a security solution can handle the wide range of data that is only growing in complexity and type. No longer is looking at only log data enough when it comes to modern security practices. Call center audio recordings, video feeds, and other transactional data are the norm. You need to know whether your solution can handle these data sets or whether it's a siloed solution. If your organization's data stretches across silos and the AI/ML only works on certain silos, something may be missing.

Before you buy, ask whether AL/ML models can be applied to different types of data sets. You don't want to find out after the fact that the AI/ML application is limited in scope and doesn't meet your security needs. In addition, ask the vendor to show you examples of the breadth of AI/ML model applications in the product. This is a great way to get to the core of the vendor offering.

Issue 4: AI/ML Updates
AI/ML security solutions must be able to evolve and update as security threats do. To meet the constant onslaught of new threats, vendors must have the ability to update their algorithms. How does the vendor manage these changes in the threat landscape within their product? It's a good idea to ask about how past AI/ML updates have been handled in terms of development, testing, implementation, and licensing.

Licensing is particularly important. You need to know if your organization's data will essentially be held hostage until you've paid to apply a new algorithm. What if you want to apply a different algorithm? Will that also cost you? There isn't one answer here that is the correct answer; however, knowing how this process unfolds in the future will help you prepare for the evolution on the solution that needs to occur.

Issue 5: Security Team Knowledge and Skills
Purchasing a security platform that supports the latest AI/ML toolkits can help build your team's knowledge and skills. Before buying, you need to know whether the solution will build your security team's understanding of your organization's data or whether you will be relying on the expertise of the vendor and its proprietary solution. Ideally, any purchase will help your security team learn how data works internally and increase its understanding of data engineering and data science. It's important to understand the balance between working with vendors and growing your own internal talent pool before you buy.

Another thing to think about: To recruit smart, data-driven security analysts, organizations need to use products and tools that encourage employees' growth and knowledge. Considering how limited the pool of data scientists currently is, using cutting-edge technology is essential for recruiting new talent.

Asking the right questions will help you become a more-informed consumer. Being more informed and purchasing the right security solution means your implementation is more likely to be more successful too. Ask the tough questions before you buy — the security of your enterprise depends on it.

Related Content:

John Omernik is a recognized expert in detecting security threats and preventing fraud using data analytics. Prior to joining MapR, John was senior vice president, security innovations, at Bank of America where his responsibilities included architecting a next generation ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
APT Groups Set Sights on Linux Targets: Inside the Trend
Kelly Sheridan, Staff Editor, Dark Reading,  9/11/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5605
PUBLISHED: 2020-09-18
Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors.
CVE-2020-5606
PUBLISHED: 2020-09-18
Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page.
CVE-2020-5628
PUBLISHED: 2020-09-18
UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.
CVE-2020-5629
PUBLISHED: 2020-09-18
UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via a malicious App created by the third party. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.
CVE-2020-25756
PUBLISHED: 2020-09-18
** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice."