Hype in Enterprise Protection
As a serial entrepreneur, I’ve surfed my fair share of hype waves to garner client and investor traction. And like most founders, I’ve principled that ride by ensuring the reality was very close to the hype – real, unique value delivered by our solutions. But I also saw many situations where the hype was confusing to the market as purchasers often can’t differentiate between fact and fiction; and it’s happening again. Artificial Intelligence (AI) and Machine Learning (ML), possibly the most hyped area in our industry, has pundits emphasizing the opportunities and value if applied to big data. But is it true or is it just hype? The great news is AI/ML concepts are actually not very new. Decades and decades old in fact. The only thing that has changed is that processing and storage capabilities have advanced to make many of the concepts implementable for “big data” where some value can be realized.
As financial professionals struggle to add the protective value of analytics to their own or their clients’ operations, they may be enticed to consider the use of AI/ML as a quick and easy answer to meet their needs. But it is neither quick, nor easy; and moreover, they do not address the full problem and alone, leave massive gaps in protection. The reality is AI/ML has it place in enterprise protection, but its place is limited in the practical world.
My position is based upon experiences from the world of network security. A network has huge amounts of data traversing its paths at any point in time. And sadly there are malicious players out there attempting to commit fraud and abuse. Any enterprise who takes data security seriously will utilize network monitoring - scanning all of these huge amounts of data looking for threats. Sound familiar? There are two complimentary approaches to network monitoring – using a quality set of pre-defined rules (heuristics) to look for known threats. And the use of AI/ML to look for suspicious patterns that may be an indication of unknown threats (threats that have not been seen before) or what are called zero-day threats. Both approaches have their place in network monitoring, but make no mistake, the heuristic approach provides by far the most protection. Searching for unknown threats is a good practice but it can also be rife with many false positives. And by far the bulk of the threats to an enterprise are from threats that are already well known. Bottom line: you would never protect a network with just AI/ML alone. A network with quality heuristics is well protected – a network with just AI/ML is not.
Let’s bring it back to financial operations protection. Threats related to financial operations are well known. Like network protection heuristics, it does take experience to create quality heuristics but if you’re looking for robust protection without suffering from analytics fatigue related to false positives, a proven set of heuristics is by far the best approach. Yes, AI/ML can add value by looking for unknown threats, but it is not a replacement for heuristics and its not the place for a financial professional to start their analytic journey. Don’t let the hype confuse you.
CEO and Founder