The title of this blog is Security Informatics, and one of the most frequent questions is: what is that, exactly? I use Informatics to span pretty much anything data analysis related: X-Informatics is the general study of Data Science and its applications. I’m not sure how helpful such a statement is, though. Relevant examples would likely work better. The second most frequent question I hear is: what do you think of all this new AI/ML technology in security tools? I think you start by understanding the concepts and vocabulary, and next understanding how applying the concepts can solve problems you are having.
David Robinson, Chief Data Scientist at DataCamp, participated in a panel discussion at SXSW where he discussed ways of talking about Data Science with management, including examples: he has a nice blog article along the same lines that does a nice job of describing and distinguishing AI, DS, and ML:
- Data Science produces insights
- Machine Learning produces predictions
- Artificial Intelligence produces actions
I recommend taking a look at his article and the ensuing discussion as it’s a useful way of talking about these things with managers and executives. Of course, there is no widespread agreement on what is AI versus what is ML: a popular contrasting point of view is that ML is simply a category of AI.
In the context of Security Informatics, these distinctions are useful to think about and to be able to relate to others because so many tools claim to incorporate AI or ML capability. There is a growing sense that traditional security–rules based security–has reached a plateau. Kevin Skapinetz of IBM Security articulates this precisely in his video on AI in Cyber Security.
Kevin’s example: Chemical sniffing dogs are great for chemical threats that we know about, that they have been trained and validated on. How about when the threat landscape changes so rapidly that one can’t catalog or ‘train’ all the threats, and instead must rely on a massive aggregate of signals and data to extract and detect threats.
This might be the beginning of a guiding principle on how to assess the value of next-generation security tools that claim AI/ML. What can you no longer reliably do under the old paradigms (e.g. instincts, rule-based, training-based, …) –what problems are emerging? How does the new AI or ML equipped tool handle the problem and bridge the gap? Having answered that for yourself, the next step is to relate it in a meaningful way up the organization.