Vendors at this week's RSA cybersecurity show in San Francisco are pushing artificial intelligence and machine learning as the new way to detect the latest threats, but RSA CTO Zulfikar Ramzan is giving visitors a reality check.
"I think it (the technology) moves the needle," he said on Wednesday. "The real open question to me is how much has that needle actually moved in practice?"
It's not as much as vendors claim, Ramzan warned, but for customers it won't be easy cutting through the hype and marketing. The reality is that a lot of the technology now being pushed isn’t necessarily new.
In particular, he was talking about machine learning, a subfield in A.I. that’s become a popular marketing term in cybersecurity. In practice, it essentially involves building algorithms to spot bad computer behavior from good.
However, Ramzan pointed out that machine learning in cybersecurity has been around for well over a decade. For instance, email spam filters, antivirus software and online fraud detection are all based on this technique of detecting the bad from good.
Certainly, machine learning has advanced over the years and it can be particularly useful at spotting certain attacks, like those that don’t use malware, he said. But the spotlight on A.I. technologies also has to deal with marketing and building up hype.
“Now all of a sudden, we’re seeing this resurgence of people using ‘the how’ as a marketing push,” he said, after his speech.
The result has created a “lemons market,” where clients might have trouble distinguishing between useful security products. Not all are equal in effectiveness, Ramzan claimed. For example, some products may generate too many false positives or fail to detect the newest attacks from hackers.
“There’s no doubt you can catch some things that you couldn’t catch with these techniques,” he said. “But there’s a disparity between what a vendor will say and what it actually does.”
Nevertheless, A.I. technologies will still benefit the cybersecurity industry, especially in the area of data analysis, other vendors say.
“Right now, it’s an issue of volume. There’s just not enough people to do the work,” said Mike Buratowski, a senior vice president at Fidelis Cybersecurity. “That’s where an A.I. can come in. It can crunch so much data, and present it to somebody.”
One example of that is IBM's latest offering. On Wednesday, the company announced that its Watson supercomputer can now help clients respond to security threats.
Within 15 minutes, Watson can come up with a security analysis to a reported cyber threat, when for a human it might have taken a week, IBM claimed.
Recorded Future is another security firm that’s been using machine learning to offer intelligence to analysts and companies about the latest cybercriminal activities. The company’s technology works by essentially scanning the internet, including black market forums, to pinpoint potential threats.
That might include a hacker trying to sell software exploits or stolen data, said Andrei Barysevich, director of advanced collection at the company.
“When you cover almost a million sources and you only have 8 hours a day, to find that needle in the hay stack, you have to have some help from artificial intelligence,” he said.
Customers attending this week’s RSA show may be overwhelmed with the marketing around machine-learning, but it’ll only be a matter time, before the shoddier products are weeded out, Barysevich said.
“We have hundreds of vendors here, from all over the country. But among them, there are five or ten that have a superior product,” he said. "Eventually, the market will identify the best of the best.”