Vulnerabilities / Threats

1/9/2019
02:30 PM
John Omernik
John Omernik
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail vvv
50%
50%

Cutting Through the Jargon of AI & ML: 5 Key Issues

Ask the tough questions before you invest in artificial intelligence and machine learning technology. The security of your enterprise depends on it.

When looking at the artificial intelligence (AI) and machine learning (ML) components of information security products, it's easy to get overwhelmed by the glut of marketing buzzwords. As a decision maker, how do you cut through the jargon to fully understand what you're purchasing?

The key is in asking the right questions before purchasing a product. Here is my short list of key issues to address:

Issue 1: Technical Components
Sometimes vendors make big AI/ML claims but their products only use simple classification algorithms on a single type of data. Buyers need to ask which algorithms and frameworks are being used and whether these are existing algorithms or custom solutions developed by the vendor.

When vendors talk about how they implement AI/ML, buyers can get a better sense of whether they're buying a point solution or a more comprehensive one. Note there is no right or wrong answer here unless a vendor point blank refuses to disclose what goes into its AI/ML. What you're really looking for is transparency and a conversation on how its product will use AI/ML to protect your assets.

Issue 2: Flexibility
It's important to understand whether AI/ML models are flexible and can be altered by the consumer. Vendors may claim their proprietary AI/ML security solution will solve "all your problems." However, this should be a warning sign to any buyer. The truth is that algorithms are only a small component of how data flows through an enterprise security solution. By understanding how flexible a model is, and whether it can be customized after purchase, you'll be able to make a more-informed purchase. Organizations have different needs. There is no one-size-fits-all solution here, especially when it comes to security.

Issue 3: Applications
Before you buy, you need to ask whether a security solution can handle the wide range of data that is only growing in complexity and type. No longer is looking at only log data enough when it comes to modern security practices. Call center audio recordings, video feeds, and other transactional data are the norm. You need to know whether your solution can handle these data sets or whether it's a siloed solution. If your organization's data stretches across silos and the AI/ML only works on certain silos, something may be missing.

Before you buy, ask whether AL/ML models can be applied to different types of data sets. You don't want to find out after the fact that the AI/ML application is limited in scope and doesn't meet your security needs. In addition, ask the vendor to show you examples of the breadth of AI/ML model applications in the product. This is a great way to get to the core of the vendor offering.

Issue 4: AI/ML Updates
AI/ML security solutions must be able to evolve and update as security threats do. To meet the constant onslaught of new threats, vendors must have the ability to update their algorithms. How does the vendor manage these changes in the threat landscape within their product? It's a good idea to ask about how past AI/ML updates have been handled in terms of development, testing, implementation, and licensing.

Licensing is particularly important. You need to know if your organization's data will essentially be held hostage until you've paid to apply a new algorithm. What if you want to apply a different algorithm? Will that also cost you? There isn't one answer here that is the correct answer; however, knowing how this process unfolds in the future will help you prepare for the evolution on the solution that needs to occur.

Issue 5: Security Team Knowledge and Skills
Purchasing a security platform that supports the latest AI/ML toolkits can help build your team's knowledge and skills. Before buying, you need to know whether the solution will build your security team's understanding of your organization's data or whether you will be relying on the expertise of the vendor and its proprietary solution. Ideally, any purchase will help your security team learn how data works internally and increase its understanding of data engineering and data science. It's important to understand the balance between working with vendors and growing your own internal talent pool before you buy.

Another thing to think about: To recruit smart, data-driven security analysts, organizations need to use products and tools that encourage employees' growth and knowledge. Considering how limited the pool of data scientists currently is, using cutting-edge technology is essential for recruiting new talent.

Asking the right questions will help you become a more-informed consumer. Being more informed and purchasing the right security solution means your implementation is more likely to be more successful too. Ask the tough questions before you buy — the security of your enterprise depends on it.

Related Content:

John Omernik is a recognized expert in detecting security threats and preventing fraud using data analytics. Prior to joining MapR, John was senior vice president, security innovations, at Bank of America where his responsibilities included architecting a next generation ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Well, at least it isn't Mobby Dick!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4035
PUBLISHED: 2019-03-22
IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X...
CVE-2019-4052
PUBLISHED: 2019-03-22
IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthenticated users to discover login ids of registered users. IBM X-Force ID: 156544.
CVE-2019-9648
PUBLISHED: 2019-03-22
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information.
CVE-2019-9923
PUBLISHED: 2019-03-22
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
CVE-2019-9924
PUBLISHED: 2019-03-22
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.