Be warned: AI won't fix all your security issues

With ransomware attacks and data breaches now regular mainstream headlines, cyber-security is more pressing than ever. And plenty of companies are now offering ever-more extravagant ways to protect your company’s information.

For AlienVault, however, the message is always about simplicity. The San Mateo, California-headquartered company’s main offering is USM (Unified Security Management) and the Cloud-based USM Anywhere; a five-point, pre-integrated and pre-configured security stack combining Asset Discovery, Behavioral Monitoring, Vulnerability Scanning, SIEM, and IDS.

“It's like the Anti-Ikea,” says Javvad Malik - Security Advocate at Alienvault. “Rather than giving you a bunch of tools and then leaving you to follow the diagram and assemble it yourself, we assemble everything for them.”


Security hygiene vs machine learning

Given this focus on making everything as simple and user-friendly as possible, it’s little surprise that Malik and AlienVault Threat Engineer Chris Doman don’t put much stock in the recent trend for pushing ‘AI’ into every aspect of cyber-security.

“There is a mentality whereby people predict technologies are a lot closer than they actually are in reality,” says Malik. “And this is why we have themes coming up year in and year out at these conferences; the Cloud was being spoken about 10 years ago, and it's only really matured in the last couple of years.”

“Similarly, machine learning isn't there at the moment. Either you use it internally as a vendor to compliment your processes or you're only really selling that capability to the top 1% of companies out there that really, really on the front foot on the security front, and say ‘I'm really looking for this specific type of fraud or another indicator’.

“That's not to say all the vendors are bad or what have you, but I think that the use cases and the applications are quite limited at the moment.”

Both agree with the assertion that many of these companies are simply just nice features – which Malik compares to offering someone ‘the best skateboard wheel in the world’ when they are in fact after a full skateboard and hence no good as a solution – or are just waiting to be acquired by a larger player and therefore largely unconcerned about the value they actually offer to the customer.

“It does look like a lot of startups are going to machine learning as the buzzword to get funding,” says Doman. “I used to work at a company that did just machine learning and I think snake oil is a big problem in the industry.”

“We do actually do machine learning at Alien Vault but we mix it with humans. We use it as part of everyday tasks.”

Both agree, however, this AI/Machine Learning trend is just the latest in the security startup industry cycle.

“If you look at a few years ago, Insider Monitoring was a big thing when Red Owl won the innovator award at RSA,” says Malik. “And based on that, there was a dozen other companies that sprung up within the year.”

“But the thing is most of them have just stagnated. It's a great feature, it's a great thing, but it doesn't solve the wider problems of the company. And machine learning is about three years behind that.”

“The majority of other companies, basic hygiene; patching, segregation, having some base level of admin controls, Identity Access Management, and threat detection; by just focusing on that you cover 80-90% of stuff and will make your company unattractive enough of a target to get overlooked and [then cyber-criminals will] move on to someone else.”


Also read:
Sophos: Basics needed to swerve security apocalypse
Zonefox: AI snake oil and hype cycles
The future of machine learning in cybersecurity: What can CISOs expect?


« The CMO Files: Ben Geller, Datical


C-suite career advice: Neil Eatson, Appraise Digital »
Dan Swinhoe

Dan is a journalist at CSO Online. Previously he was Senior Staff Writer at IDG Connect.

  • twt
  • twt
  • twt
  • Mail

Recommended for You

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Amazon Cloud looms over China: Bezos enters Alibaba home ground

Lewis Page gets down to business across global tech


Do you think your smartphone is making you a workaholic?