Skip to main content
Introducing Polarity Intel Edition: Streamlining Intel Distribution for SecOps
Polarity Intel Edition
Request a Demo

Don’t Get Caught Up in the Hype of AI for Security

Don’t get caught up in the hype of artificial intelligence or machine learning. Does the product correlate and analyze alerts?

When Nails are Exciting, Everyone Wants to Talk about Hammers…

Sticking with the tool theme from my last post, data is ushering in “better” products in every industry, but why are we so enamored with Artificial Intelligence and Machine Learning?

Soon you’ll be able to make coffee where the temperature and grind is unique to the particular bean and roast you are using. The connected coffee maker will crowdsource ratings from all it’s owners, will analyze data collected, and produce insights and recommendations which will then be fed back down to your coffee maker – all in support of a better cup of coffee.  

These types of use-cases of data are very exciting to me. The downside is that although I’m a big fan of coffee — and think this type of technology is pretty cool — most people don’t need to worry about how the sausage, I mean the coffee, is made. They simply want a better cup of joe.  

At the RSA Conference in a couple of weeks, you’re going to see many cyber security companies talking about their Artificial Intelligence (AI) and Machine Learning (ML). Here is an example of how one company might speak about their product when you ask them what they do.  “…applies AI and machine learning to automate the correlation and analysis of threats.”

Frankly, I don’t — and you shouldn’t — care about their usage of AI or ML. The real question to ask the vendor is: does the product correlate and analyze alerts, and can they prove that their product does it better than their competitors?

Now, you’re thinking, doesn’t ThreatConnect do analytics and don’t you say that your Platform is better because of the data and analytics you are using?  The answer is yes and yes. But, we are honest about what our analytics do and don’t do, and we absolutely don’t throw around terms like AI and ML with our customers as value propositions by themselves.

Our focus at ThreatConnect has been to leverage our real world experiences, and those of our customers, to scale repeatable processes that help you understand your data. We’re less focused on buzzwords that might trigger your news alerts. Rest assured, we’ve designed these repeatable processes both within the Platform and in CAL™ (Collective Analytics Layer) to make a great cup of coffee. Our data scientists have curated these analytics and statistical models to score indicators, provide insights across datasets, and improve our ability to confidently recommend actions. For the sake of mankind, we hope to never build the fancy newest “Skynet machine learning algorithm.” What we will do is use data and analytics (and hype-free marketing) to promote security automation and decision-making in a pragmatic, achievable, and non-world-ending-killing-machines way.  

About the Author

ThreatConnect

By operationalizing threat and cyber risk intelligence, The ThreatConnect Platform changes the security operations battlefield, giving your team the advantage over the attackers. It enables you to maximize the efficacy and value of your threat intelligence and human knowledge, leveraging the native machine intelligence in the ThreatConnect Platform. Your team will maximize their impact, efficiency, and collaboration to become a proactive force in protecting the enterprise. Learn more at www.threatconnect.com.