Don't Get Caught Up in the Hype of AI for Security

Don’t get caught up in the hype of artificial intelligence or machine learning. Does the product correlate and analyze alerts?

When Nails are Exciting, Everyone Wants to Talk about Hammers…

Sticking with the tool theme from my last post, data is ushering in “better” products in every industry, but why are we so enamored with Artificial Intelligence and Machine Learning?



Soon you’ll be able to make coffee where the temperature and grind is unique to the particular bean and roast you are using. The connected coffee maker will crowdsource ratings from all it’s owners, will analyze data collected, and produce insights and recommendations which will then be fed back down to your coffee maker – all in support of a better cup of coffee.  

These types of use-cases of data are very exciting to me. The downside is that although I’m a big fan of coffee — and think this type of technology is pretty cool — most people don’t need to worry about how the sausage, I mean the coffee, is made. They simply want a better cup of joe.  

At the RSA Conference in a couple of weeks, you’re going to see many cyber security companies talking about their Artificial Intelligence (AI) and Machine Learning (ML). Here is an example of how one company might speak about their product when you ask them what they do.  “…applies AI and machine learning to automate the correlation and analysis of threats.”

Frankly, I don’t — and you shouldn’t — care about their usage of AI or ML. The real question to ask the vendor is: does the product correlate and analyze alerts, and can they prove that their product does it better than their competitors?

Now, you’re thinking, doesn’t ThreatConnect do analytics and don’t you say that your Platform is better because of the data and analytics you are using?  The answer is yes and yes. But, we are honest about what our analytics do and don’t do, and we absolutely don’t throw around terms like AI and ML with our customers as value propositions by themselves.

Our focus at ThreatConnect has been to leverage our real world experiences, and those of our customers, to scale repeatable processes that help you understand your data. We’re less focused on buzzwords that might trigger your news alerts. Rest assured, we’ve designed these repeatable processes both within the Platform and in CAL™ (Collective Analytics Layer) to make a great cup of coffee. Our data scientists have curated these analytics and statistical models to score indicators, provide insights across datasets, and improve our ability to confidently recommend actions. For the sake of mankind, we hope to never build the fancy newest “Skynet machine learning algorithm.” What we will do is use data and analytics (and hype-free marketing) to promote security automation and decision-making in a pragmatic, achievable, and non-world-ending-killing-machines way.  

Adam Vincent
About the Author
Adam Vincent

Adam is an information security expert and is currently the CEO and a founder at ThreatConnect, Inc. He possesses over a decade of experience in programming, network security, penetration testing, cryptography design & cryptanalysis, identity and access control, and a detailed expertise in information security. The culmination of this knowledge has led to the company’s creation of ThreatConnect, the first-of-its-kind threat intelligence platform. He currently serves as an advisor to multiple security-focused organizations and has provided consultation to numerous businesses ranging from start-ups to governments, Fortune 500 organizations, and top financial institutions. Adam holds an MS in computer science with graduate certifications in computer security and information assurance from George Washington University. Vincent lives in Arlington, VA with his wife, four children, and dog.