The truth about "NextGen Security
A number of new providers of IT security solutions are focusing on "NextGen Security" and want to convince users with AI (artificial intelligence) and machine learning. Often enough, this is backed by aggressive marketing that does not shy away from false claims, as a fact check of an established provider shows.
Technologies such as AI (artificial intelligence) and machine learning (ML) are currently spreading rapidly and are also finding their way into IT security products. In particular, new players, so-called NextGen vendors (NGs), which rely exclusively on AI and ML for detection, are directing their marketing strategies against established manufacturers. This leads to uncertainty among security managers and users who have already been very satisfied with the level of protection provided by solutions from experienced vendors for many years.
Criticism of "NextGen Security
It therefore seems necessary to provide factual information about the differences between NextGen and "traditional" security products - and to clear up the half-truths of marketing strategists. "With the self-chosen designation NextGen, new manufacturers primarily want to distinguish themselves from established providers," explains Thomas Uhlemann, security expert at ESET. This European company, headquartered in Bratislava, is one such "established" security software manufacturer. Uhlemann is correspondingly aggressive in defending himself against NextGen providers. "The focus here is on criticism of a supposedly purely reactive approach, for example via signature databases," the expert continues. "While the new market entrants supposedly use many new technologies, they actually make use of many mechanisms and technologies that have been developed, refined and deployed by the established manufacturers over many years. "
The (allegedly) latest technologies
Some of the technologies cited by NGs, such as whitelisting and machine learning, have been integrated for years into security solutions from providers with many years of experience. For example, findings from research into neural networks have been incorporated into the protection products and technologies of providers such as ESET since as early as 1997, and behavior recognition has been integrated since 2002.
False claim: Established manufacturers rely only on signatures
No single vendor in the security market relies solely on signatures. ESET, for example, has not relied solely on signatures since the late 1990s, but pursues a multi-layered security approach that combines various mechanisms.
False alarms are unavoidable, but also not bad - but!
A 100 percent detection rate must be the goal of every IT security solution. Every false alarm, in turn, causes high additional efforts for the IT admin. By using a solution that relies on several interlocking technologies, the false positive rate can be reduced to zero, which ESET, for example, has repeatedly proven in various independent tests (such as those conducted by AV-Comparatives).
Machine learning replaces updates - but not
NGs argue that updates to incumbent signature databases are untimely and biannual vulnerability fixes of self-learning software are sufficient. However, a database that learns only from its users and its own network without receiving external matching data will inevitably make mistakes sooner or later. Regular updates are imperative to continuously integrate threat intelligence to avoid non-detections and false positives.
Sandboxing: Smarter than algorithms
NGs claim that sandboxing is an outdated technology made obsolete by algorithms. However, it is true that the insights gained from sandboxing are important to learn more about threats and to keep optimizing detection. Because AI is still far from being superior to human intelligence. Malicious code is being encrypted and obfuscated in increasingly sophisticated ways. If you can't see behind the facade, you won't understand it and won't be able to build defenses against it.
Source and further information: ESET
