A Guide to the Market Promise of Automagic AI-Enabled Detection and Response
Lots of cybersecurity vendors are making claims about how their technologies use Artificial Intelligence (AI) to improve the world of sec ops and protect us from evil.
Examples include using behavioural user and device analytics to dynamically automate security decisions and actions, and threat detection based on network traffic analysis to contain badness.
This talk provides a buyers guide for evaluating such vendor technologies.
First, we'll step back from the security market, and assess the AI marketplace in a broader context. We'll evaluate progress and challenges in AI in other industry sectors. Then we’ll think through the implications for the kind of questions we should be asking vendors to assess their capability and scalability (both current, as well as future). We'll touch briefly on the dynamics of buy vs build decisions in AI. After that, we’ll walk through some real-life examples of testing security technology that promises AI-enabled detection wonderment. In doing so, we’ll explore a framework for ‘vendor selection by the scientific method', based on testing detection efficacy.
Jon runs the Detect function at Photobox Group, which covers Security Operations, Incident Response and Red Team Testing. He also leads the Security Innovation Hub, running projects to evaluate technologies and processes that support data-informed decision making, process automation and a DevOps engineering culture. Prior to Photobox, Jon worked in various roles doing strategy, architecture, product management, project management and data analytics for companies that ranged from startups to federated multi-nationals. When he’s not doing security he’s either longboarding or writing music.