Security AI is not just about an algorithm, data is important


Barbara Kay, Senior Director of Security at Extrahop, has written a rather interesting article about artificial intelligence and machine learning in security, which talks about the effectiveness of AI, and how it is not all about a special algorithm, but rather the data that is actually important.

The artificial intelligence (AI) and machine learning (ML) have become big and important topics and while many information security vendors are receiving services from mostly focusing on special algorithms, the article written by Barbara Kay suggests that the effectiveness of AI is focused mostly on the volume, velocity and variety of data, which is used to generate a model for detecting and countering threats.

The AI security systems use models that include rules and algorithms to simulate intelligence, understand context, and make decisions when faced against a known or a new threat. Since the AI system can process large amounts of both structured and unstructured data, it is obvious that the more data it has, the better it becomes in detecting and countering threats.

While IT administrators might be successful in detecting and countering some threats, a machine learning solution can spot an issue, generate an alert, and quarantine the potential threat much faster, but it still needs to have a high level of confidence that issue is an actual threat rather than just an admin doing maintenance or some other task.

With this in mind, the AI/ML solution needs a lot of training and a lot of data to understand user/admin behavior in order to create a precise model so it can accurately distinguish a threat from normal usage.

With this in mind, it is obvious that security companies should stop convincing the market that it is all about a special algorithm that makes their security solution better than the next one, but rather about the amount of data that security solution has and can absorb and how fast it can learn to successfully protect the system, detect and counter threats.

You can check out the full article over at


Previous articleFireEye cybersecurity predictions for 2018
Next articleCybersecurity in Healthcare Industries
Slobodan Simic is foremost an IT enthusiast who discovered his knack for writing, which lead to becoming both an IT journalist and later an Editor for a number of publications. He has been covering anything from the consumer- and professional-oriented hardware to software markets and networks. With a focus on chasing down leads, making sure that fresh content is ready for publishing, as well as keeping up with the evergrowing and evolving IT world, writing has become more of his passion rather than just a job.