Machine Learning In Security: Good & Bad News About Signatures

First in a series of two articles about the history of signature-based detections, and how the methodology has evolved to identify different types of cybersecurity threats. Used in the context of an outdated and manually intensive technology focused on older classes of threats, there's little wonder why vendors would seek to distance the legacy term "signature" from their advanced detection technology. Vendors haven't necessarily been deceptive in the labeling of their latest generation of techniques; it's often just easier to create a new label for something than to fully explain the context and evolution of what preceded it. Over the years, signature-based systems have changed and advanced, but the core concepts still lie at the heart of all modern detection systems – and will continue to be integral for the foreseeable future. To understand what a "signature system" is in reality, we need to understand the evolution of the detection path as directed and discovered by human intervention.