All indicators suggest that 2017 is shaping up to be the year of artificial intelligence and machine learning technology for cyber security. As with most trends in our industry, the available protection solutions range from elegantly-designed platforms to clumsily-arranged offerings. The problem is that many enterprise security teams cannot always tell the difference.
Amidst my investigations, a few practical suggestions have emerged – ones that I feel compelled to share with you here. These tips are intended for cyber security professionals who are actively engaged in the evaluation process for AI and ML offerings, presumably to deal with advanced threats. I hope my guidance is useful to you.
My first suggestion is to review the underlying mathematics that drive your potential vendor’s offering. You can do this by writing down a prose description of each mathematical method you are shown to highlight your understanding. For example, if your vendor brags about conditional predictive probabilistic algorithms based on volumetric attacks and customer usage patterns, then jot down that “the vendor checks to see if DDOS will occur when your website is busy.”
My second suggestion to take note of any human assistance that might be occurring during any execution analysis – and this includes initial installation periods. One approach is that upon installation, you might demand that the AI or ML tool run without VPN access or manual intervention from the vendor. We all know from The Wizard of Oz what can happen when a wizard waves his arms behind a curtain.
My third suggestion is to demand that your AI and ML solution demonstrate rapid results. Start by creating a clear definition of what the tool seeks to accomplish – in most cases, detection of some advanced threat condition. Then do what every scientist does: Grab your lab notebook and accurately record on a timeline when such defined accomplishments occur. If the automation works properly, you should see a distribution that makes sense.
Like many of you, I am super-excited at the prospect of employing advanced algorithmic analysis to stop hackers. This is a natural application of our best thinking in computing, a direct descendant of Knuth trying to search and sort lists. But also like many of you, I am fearful of being tricked by the syntactic sugar of AI marketers, and by promises that are based more on aspiration than real computing.
If we are diligent and mindful as buyers, then I believe we can have the best of both worlds: We can have great cyber security support from the most advanced AI and ML techniques, packaged into solutions that realize the rapid and powerful results that come from true automation.
- by Edward Amoroso, Founder & CEO, TAG Cyber LLC