Most Recent Blogs

RSA - Detaching Hype from Reality

Posted: February 16, 2017   /   By: Dan Conde   /   Tags: Cloud Computing, cybersecurity, networking

IMG_20170215_111235349.jpg

As the RSA Conference continues to grow, along with interest in cybersecurity, many solutions presented at the show strive to rise above the fray of similar messages and voices. Of interest in the last few years have been the application of AI, machine learning, and big data analytics to the problem of improving security.

That is a fine thing, provided it is not treated as a magic bullet. If it gets overhyped, there will be a danger of backlash.

 

Automation is a great way to try to solve part of the cybersecurity skills shortage. Bruce Schneier, who spoke at an event hosted by BMC, made that point. We see great examples in spam protection, where you rarely see false positives in Gmail. However, automation can’t solve all problems. If you’re going against a predictable adversary, then relying on the data helps. If you’re going up against something unpredictable, you need better execution. Unpredictable attacks require you to be smart and execute appropriate counter measures, and simply throwing more horsepower designed for older attacks won’t work against a new form of attacks. Furthermore, adversaries are using automated methods too, so it's a losing game to try to simply deliver a high volume of “dumb” responses, since the adversaries will raise their volume, attempt to outwit you, or just win the arms race.

This was echoed at a panel hosted by Gigamon that also discussed the dangers of relying too much on AI. First, people confuse AI and machine learning. They are different things, and ought to be used for different purposes. Furthermore, you need a human element. Lessons from experts need to be fed into these systems (to make the system learn) and you cannot expect a blank slate to evolve to become a proficient security analytics system without a baseline to start from.

What people often neglect is that automation is an augmentation of existing human knowledge and skills sets and processes may be the key basic lessons that all IT organizations can benefit from. If the SecOps team does not talk to the NetOps team, the organization may be ultimately doomed to a breach since it never has the holistic view of what’s going on, and gaps may exist between the two teams. So the lesson ought to be to apply common sense and fix the basics at the organizational level, making your staff more effective. On top of that good foundation, you can apply whatever automation or AI tools you need.

 

campus network

Dan Conde

Dan is an analyst covering distributed system technologies including cloud computing and enterprise networking. In this era of IT infrastructure transformation, Dan’s research focuses on the interactions of how and where workloads run, and how end-users and systems connect to each other. Cloud technologies are driving much of the changes in IT today. Dan’s coverage includes public cloud platforms, cloud and container orchestration systems, software-defined architectures and related management tools. Connectivity is important to link users and applications to new cloud based IT. Areas covered include data center, campus, wide-area and software-defined networking, network virtualization, storage networking, network security, internet/cloud networking and related monitoring & management tools. His experience in product management, marketing, professional services and software development provide a broad view into the needs of vendors and end-users.

Posts by Topic

see all