Security threats Toolkit

RSA calls for 'thinking' security systems

Tom Espiner ZDNet.co.uk

Published: 09 Apr 2008 11:27 BST

Security company RSA has called for security systems to use artificial intelligence, but some experts claim the technology is not sufficiently advanced.

Speaking in a keynote session at the RSA Conference in San Francisco on Tuesday, Art Coviello, the president of RSA, said security systems needed to start "thinking".

"Targeted ads and search have been empowered by a growing understanding of human behaviour. We need intelligent security, and thinking security systems," said Coviello. "Thinking security systems should be autonomous, and should address human operators only as a last resort."

Watch this

Schneier: Perceptions of security are flawed

Coviello gave the example of a fileserver "seeing" that it contains sensitive payment cards industry information, and being able to devise a policy that "locks down those assets while still allowing them to function."

"In the human world we control information by content," said Coviello. "We judge the sensitivity of content and apply appropriate controls. There must be a way of getting the information out of CISOs' [chief information security officers] brains and into security systems.

However, BT's chief security technology officer Bruce Schneier said, for the foreseeable future, systems still needed to be overseen by humans. According to Schneier, the problem with artificial-intelligence security is systems falsely identifying threats.

"The problem is with false positives," Schneier told ZDNet.co.uk. "Humans have to check so systems don't kill all the real security benefits. We're not at the stage where we can tune out false positives. We've done a lot of automising but we still need smart humans looking at security."