Ask the tough questions before you invest in artificial intelligence and machine learning technology. The security of your enterprise depends on it.

John Omernik, Distinguished Technologist, MapR

January 9, 2019

4 Min Read

When looking at the artificial intelligence (AI) and machine learning (ML) components of information security products, it's easy to get overwhelmed by the glut of marketing buzzwords. As a decision maker, how do you cut through the jargon to fully understand what you're purchasing?

The key is in asking the right questions before purchasing a product. Here is my short list of key issues to address:

Issue 1: Technical Components
Sometimes vendors make big AI/ML claims but their products only use simple classification algorithms on a single type of data. Buyers need to ask which algorithms and frameworks are being used and whether these are existing algorithms or custom solutions developed by the vendor.

When vendors talk about how they implement AI/ML, buyers can get a better sense of whether they're buying a point solution or a more comprehensive one. Note there is no right or wrong answer here unless a vendor point blank refuses to disclose what goes into its AI/ML. What you're really looking for is transparency and a conversation on how its product will use AI/ML to protect your assets.

Issue 2: Flexibility
It's important to understand whether AI/ML models are flexible and can be altered by the consumer. Vendors may claim their proprietary AI/ML security solution will solve "all your problems." However, this should be a warning sign to any buyer. The truth is that algorithms are only a small component of how data flows through an enterprise security solution. By understanding how flexible a model is, and whether it can be customized after purchase, you'll be able to make a more-informed purchase. Organizations have different needs. There is no one-size-fits-all solution here, especially when it comes to security.

Issue 3: Applications
Before you buy, you need to ask whether a security solution can handle the wide range of data that is only growing in complexity and type. No longer is looking at only log data enough when it comes to modern security practices. Call center audio recordings, video feeds, and other transactional data are the norm. You need to know whether your solution can handle these data sets or whether it's a siloed solution. If your organization's data stretches across silos and the AI/ML only works on certain silos, something may be missing.

Before you buy, ask whether AL/ML models can be applied to different types of data sets. You don't want to find out after the fact that the AI/ML application is limited in scope and doesn't meet your security needs. In addition, ask the vendor to show you examples of the breadth of AI/ML model applications in the product. This is a great way to get to the core of the vendor offering.

Issue 4: AI/ML Updates
AI/ML security solutions must be able to evolve and update as security threats do. To meet the constant onslaught of new threats, vendors must have the ability to update their algorithms. How does the vendor manage these changes in the threat landscape within their product? It's a good idea to ask about how past AI/ML updates have been handled in terms of development, testing, implementation, and licensing.

Licensing is particularly important. You need to know if your organization's data will essentially be held hostage until you've paid to apply a new algorithm. What if you want to apply a different algorithm? Will that also cost you? There isn't one answer here that is the correct answer; however, knowing how this process unfolds in the future will help you prepare for the evolution on the solution that needs to occur.

Issue 5: Security Team Knowledge and Skills
Purchasing a security platform that supports the latest AI/ML toolkits can help build your team's knowledge and skills. Before buying, you need to know whether the solution will build your security team's understanding of your organization's data or whether you will be relying on the expertise of the vendor and its proprietary solution. Ideally, any purchase will help your security team learn how data works internally and increase its understanding of data engineering and data science. It's important to understand the balance between working with vendors and growing your own internal talent pool before you buy.

Another thing to think about: To recruit smart, data-driven security analysts, organizations need to use products and tools that encourage employees' growth and knowledge. Considering how limited the pool of data scientists currently is, using cutting-edge technology is essential for recruiting new talent.

Asking the right questions will help you become a more-informed consumer. Being more informed and purchasing the right security solution means your implementation is more likely to be more successful too. Ask the tough questions before you buy — the security of your enterprise depends on it.

Related Content:

About the Author(s)

John Omernik

Distinguished Technologist, MapR

John Omernik is a recognized expert in detecting security threats and preventing fraud using data analytics. Prior to joining MapR, John was senior vice president, security innovations, at Bank of America where his responsibilities included architecting a next generation security data platform focused on speed-of-delivery and ease-of-use for security practitioners. John's experience in the financial industry includes information security, threat intelligence, and fraud analytics/prevention.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights