Silvano Rebai - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Risk & Repeat: MIT CSAIL discusses securing the enterprise

Listen to this podcast

This week's Risk & Repeat podcast discusses the MIT CSAIL Securing the Enterprise conference and how experts there advocated for new strategies and approaches to infosec.

Does enterprise security need to be rebuilt from the ground up or can new technologies like machine learning and artificial intelligence help fill in the holes?

Those were some of the questions raised at the Securing the Enterprise conference last week at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL). Co-sponsored by BT Security, the conference addressed the need to re-evaluate current infosec strategies and move away from the patch and pray mindset.

The cybersecurity event featured such experts as Howard Shrobe, director of Cybersecurity@CSAIL and principal research scientist at MIT CSAIL; Mark Hughes, president of BT Security; and David Clark, internet pioneer and senior research scientist at MIT CSAIL.

In his keynote, Hughes said strategies for securing the enterprise should focus on protecting core assets rather than trying to protect the entire environment. Shrobe argued against the current approach of layering security on top of inherently vulnerable systems, which he said amounted to treading water before ultimately drowning. Clark, however, said the idea of building security into software and systems from the start may not be the best answer.

Has machine learning and AI security technology lived up to the hype? Do vendors and security professionals need an entirely new approach for securing the enterprise? Is it better to redesign technology with security built in as opposed to bolting it on later? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Have machine learning and artificial intelligence lived up to the security hype?
The main problem that we will constantly face as professionals in cybersecurity is the "gruyere cheese" syndrome. Security has been sacrificed to the commercial profits and surely we all ended up "layering security on top of inherently vulnerable systems". The rapid adoption of the "common" technology around the world has made the cyberspace vulnerable. Worst came with the connected SCADA and IoT made by the traditional IT companies offering good opportunities for hackers to attempt bringing down economies. Some may argue that moving away from proprietary systems enabled interoperability and simplification. My answer is simply that it is an illusion, as cost simply moved to other domains while interop has always been possible as long as coding existed. AI can certainly help relieve the security function by processing the security Bigdata faster(events correlation, analysis,etc...), cover for the human weak-link behaviors as well as anticipate in some processes, but AI may still be adding some more wholes to the cheese as a potential of a new layer of vulnerabilities too....there is simply no end to the story as long as we continue complicating the IT world. Surely the MITs and others who can claim part of such responsibilities for the lack of perspectives on security... can start rethinking core technologies. This is where the battle needs to happen.
MIT and CSAIL are definitely rethinking core technologies. I don't see that kind of effort around innovating and developing new tech to be lacking. I think the overall point from many of the experts at the conference was that technology alone isn't going to save us, and enterprises need to first rethink their strategies and approaches. 
MIT and many others, are doing an amazing work with very talented people. They are surely re-thinking core technologies...with the same heritage. Technology alone has never been enough and will still never be indeed. Process will still exist, the tools are changing...
Stepping back from the technology angle, too many organizations are failing to implement the right security organization and the processes.
Re-evaluating security strategies is constant and it happens with a constantly evolving threat landscape and at every large technology change. New frameworks certainly will need to integrate the new dynamics of the new risks as I had to do by creating my own tool to anticipate on some cyber attacks to match the evolving risk profiles when no one was playing that part. AI offers a plethora of possible outcome and the cyber security domain is immense.