Vulnerabilities / Threats

1/9/2019
02:30 PM
John Omernik
John Omernik
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail vvv
50%
50%

Cutting Through the Jargon of AI & ML: 5 Key Issues

Ask the tough questions before you invest in artificial intelligence and machine learning technology. The security of your enterprise depends on it.

When looking at the artificial intelligence (AI) and machine learning (ML) components of information security products, it's easy to get overwhelmed by the glut of marketing buzzwords. As a decision maker, how do you cut through the jargon to fully understand what you're purchasing?

The key is in asking the right questions before purchasing a product. Here is my short list of key issues to address:

Issue 1: Technical Components
Sometimes vendors make big AI/ML claims but their products only use simple classification algorithms on a single type of data. Buyers need to ask which algorithms and frameworks are being used and whether these are existing algorithms or custom solutions developed by the vendor.

When vendors talk about how they implement AI/ML, buyers can get a better sense of whether they're buying a point solution or a more comprehensive one. Note there is no right or wrong answer here unless a vendor point blank refuses to disclose what goes into its AI/ML. What you're really looking for is transparency and a conversation on how its product will use AI/ML to protect your assets.

Issue 2: Flexibility
It's important to understand whether AI/ML models are flexible and can be altered by the consumer. Vendors may claim their proprietary AI/ML security solution will solve "all your problems." However, this should be a warning sign to any buyer. The truth is that algorithms are only a small component of how data flows through an enterprise security solution. By understanding how flexible a model is, and whether it can be customized after purchase, you'll be able to make a more-informed purchase. Organizations have different needs. There is no one-size-fits-all solution here, especially when it comes to security.

Issue 3: Applications
Before you buy, you need to ask whether a security solution can handle the wide range of data that is only growing in complexity and type. No longer is looking at only log data enough when it comes to modern security practices. Call center audio recordings, video feeds, and other transactional data are the norm. You need to know whether your solution can handle these data sets or whether it's a siloed solution. If your organization's data stretches across silos and the AI/ML only works on certain silos, something may be missing.

Before you buy, ask whether AL/ML models can be applied to different types of data sets. You don't want to find out after the fact that the AI/ML application is limited in scope and doesn't meet your security needs. In addition, ask the vendor to show you examples of the breadth of AI/ML model applications in the product. This is a great way to get to the core of the vendor offering.

Issue 4: AI/ML Updates
AI/ML security solutions must be able to evolve and update as security threats do. To meet the constant onslaught of new threats, vendors must have the ability to update their algorithms. How does the vendor manage these changes in the threat landscape within their product? It's a good idea to ask about how past AI/ML updates have been handled in terms of development, testing, implementation, and licensing.

Licensing is particularly important. You need to know if your organization's data will essentially be held hostage until you've paid to apply a new algorithm. What if you want to apply a different algorithm? Will that also cost you? There isn't one answer here that is the correct answer; however, knowing how this process unfolds in the future will help you prepare for the evolution on the solution that needs to occur.

Issue 5: Security Team Knowledge and Skills
Purchasing a security platform that supports the latest AI/ML toolkits can help build your team's knowledge and skills. Before buying, you need to know whether the solution will build your security team's understanding of your organization's data or whether you will be relying on the expertise of the vendor and its proprietary solution. Ideally, any purchase will help your security team learn how data works internally and increase its understanding of data engineering and data science. It's important to understand the balance between working with vendors and growing your own internal talent pool before you buy.

Another thing to think about: To recruit smart, data-driven security analysts, organizations need to use products and tools that encourage employees' growth and knowledge. Considering how limited the pool of data scientists currently is, using cutting-edge technology is essential for recruiting new talent.

Asking the right questions will help you become a more-informed consumer. Being more informed and purchasing the right security solution means your implementation is more likely to be more successful too. Ask the tough questions before you buy — the security of your enterprise depends on it.

Related Content:

John Omernik is a recognized expert in detecting security threats and preventing fraud using data analytics. Prior to joining MapR, John was senior vice president, security innovations, at Bank of America where his responsibilities included architecting a next generation ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11378
PUBLISHED: 2019-04-20
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code.
CVE-2019-11372
PUBLISHED: 2019-04-20
An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
CVE-2019-11373
PUBLISHED: 2019-04-20
An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
CVE-2019-11374
PUBLISHED: 2019-04-20
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
CVE-2019-11375
PUBLISHED: 2019-04-20
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.