The above pitch confused detecting an attack with detecting an intrusion. An attack may not be successful; an intrusion is. Suppose you detected five new attacks, but only one was a real intrusion. Wouldn't you want to focus on the one successful intrusion, not the four failed attacks? ML-enabled security may not be robust, meaning that it works well on one data set (more often than not, the vendor's), but not on another (your real network).
Oct-3-2019, 01:06:18 GMT