Cybersecurity Trends: AI/ML Readiness, Transparency, and the Value of Visualization

by in Security

Over the last two weeks of June, I’ve had the privilege of speaking with many security practitioners face-to-face at the 2019 Micro Focus Cybersecurity Summit in Dallas, Texas, and the Gartner Security and Risk Management Summit in Washington, D.C. Occasions like these are the best part of my job because they give me an opportunity to have meaningful conversations with those for whom I think analytics can really make a difference.

Throughout conversations with attendees on the show floor and sessions, three trends stood out to me that I’d like to share today.  

1) Most of us believe in artificial intelligence (AI) and machine learning (ML), but we’re not ready to deploy it.

When the Micro Focus Cybersecurity Summit kicked off, I had the chance to join Micro Focus CMO John Delk on stage to introduce attendees to Interset and our approach to anomaly detection and ML. During the session, I polled audience members on their feelings about AI/ML and was pleasantly surprised that the vast majority of voters indicated that they want AI/ML technologies but are not yet ready to deploy them. The image of the live polling below shows 64% of attendees identified with this, and, in fact, we surpassed 70% during the session. This result represents a big shift from the past few years, during which a majority of people I spoke with were skeptical about the real value of AI/ML and people didn’t yet understand how these types of technologies work.

We’ve clearly come a long way. Not only do the vast majority of the audience want to deploy AI/ML and saw value in it, 12% of the audience reported that they already have an AI/ML system fully operational in their environment. That is huge progress compared to a couple of years ago!

AI/ML Poll from Micro Focus CSS
An audience poll revealed most attendees want AI/ML but are not yet ready to deploy it.


2) Transparency and openness are important.

I hosted two sessions at the Micro Focus Cybersecurity Summit explaining specific algorithms (and providing examples of these algorithms) that Interset leverages to detect unusual behavior that might indicate a security threat. This doesn’t seem to happen very often among other vendors. I’ve spoken with many customers who have deployed or evaluated other AI/ML technologies and most have expressed either confusion or downright skepticism about a vendor’s AI/ML claims. Unfortunately, the cybersecurity world is full of snake oil, and transparency and openness are key to building trust.  

Gartner Summit Stephan Jou
Interset’s Gartner Security & Risk Summit presentation, “UEBA: Effective Anomaly Detection & ML, with Examples.”

I sympathize with security professionals that continue to feel disappointed by companies unwilling to speak candidly about the math behind their technologies because understanding how a certain type of analytics functions gives you a better idea of how to use it effectively. The more we know, the more likely we are to succeed.

I had similar conversations at the Gartner Security and Risk Management Summit, where I spent time with CISOs and security directors to help them understand how ML is simply automation using well-understood statistical learning algorithms in order to improve SOC efficiency. Presented in that light, it immediately made sense to the audience and appeared to cut through all the marketing noise in a very real way.

Transparency has always been important to us, and it speaks to principles upheld in the Montreal Declaration for Responsible AI, which we signed as a company early this year. You can read more about our perspective on this in our blog series on ethical AI.

3) Critically, actionable, effective analytics isn’t just math. It’s also visualization and UX.

Math is awesome! But great math alone isn’t enough to create a truly effective analytics solution. Analytics needs to be explainable in order to be actionable. Even the best math in the world doesn’t provide value if the user doesn’t understand it or, worse, misunderstands it. No one in your SOC should be expected or required to have a Ph.D. in order to take advantage of Ph.D.-level analytics. It’s simply not practical.

From the start at Interset, all of our anomaly models have generated visualizations and explainable text in order to give security teams a clear picture of the activity detected and risk being represented. At the Micro Focus Cybersecurity Summit, our work at applying our UX and visualization on top of Interset analytics on Micro Focus ArcSight data was met with a round of applause. We were thrilled by the response, and it reinforced how important this element is to security professionals.

VP of Product Mario Daigle demos Interset analytics on ArcSight data at the Micro Focus Cybersecurity Summit.

I had a truly fantastic time presenting and speaking with attendees at both of these shows. If you didn’t get a chance to connect with us at these events, contact us. Also, keep an eye on upcoming events to see where the Interset team will be next!