Vendors at this week’s RSA cybersecurity show in San Francisco are pushing artificial intelligence and machine learning as the new way to detect the latest threats, but RSA CTO Zulfikar Ramzan is giving visitors a reality check.
“I think it (the technology) moves the needle,” he said on Wednesday. “The real open question to me is how much has that needle actually moved in practice?”
It’s not as much as vendors claim, Ramzan warned, but for customers it won’t be easy cutting through the hype and marketing. The reality is that a lot of the technology now being pushed isn’t necessarily new.
In particular, he was talking about machine learning, a subfield in A.I. that’s become a popular marketing term in cybersecurity. In practice, it essentially involves building algorithms to spot bad computer behavior from good.
However, Ramzan pointed out that machine learning in cybersecurity has been around for well over a decade. For instance, email spam filters, antivirus software and online fraud detection are all based on this technique of detecting the bad from good.
Certainly, machine learning has advanced over the years and it can be particularly useful at spotting certain attacks, like those that don’t use malware, he said. But the spotlight on A.I. technologies also has to deal with marketing and building up hype.
“Now all of a sudden, we’re seeing this resurgence of people using ‘the how’ as a marketing push,” he said, after his speech.
The result has created a “lemons market,” where clients might have trouble distinguishing between useful security products. Not all are equal in effectiveness, Ramzan claimed. For example, some products may generate too many false positives or fail to detect the newest attacks from hackers.
“There’s no doubt you can catch some things that you couldn’t catch with these techniques,” he said. “But there’s a disparity between what a vendor will say and what it actually does.”
Nevertheless, A.I. technologies will still benefit the cybersecurity industry, especially in the area of data analysis, other vendors say.
“Right now, it’s an issue of volume. There’s just not enough people to do the work,” said Mike Buratowski, a senior vice president at Fidelis Cybersecurity. “That’s where an A.I. can come in. It can crunch so much data, and present it to somebody.”
One example of that is IBM’s latest offering. On Wednesday, the company announced that its Watson supercomputer can now help clients respond to security threats.
Within 15 minutes, Watson can come up with a security analysis to a reported cyber threat, when for a human it might have taken a week, IBM claimed.