The global and independent platform for the SAP community.

The final technologies to solve all IT security problems

Whether touted as the "Holy Grail," the "Egg-Laying Wooly Pig" or the "Silver Bullet: Every year, new technologies are presented at IT security trade fairs that supposedly solve all security problems better and more cost-effectively than anything before.
Raimund Genes, Trend Micro
November 1, 2016
it security header
avatar
This text has been automatically translated from German to English.

But just as theory differs from practice, one must distinguish between technology and its implementation.

A technology that is recognized as "safe" according to the current state of research may nevertheless be unsafe in a concrete implementation.

This is what happens with public key infrastructures (PKI). The theory behind it - i.e. symmetrical and asymmetric encryption, digital Signatures and certificates - are established and proven technologies.

Nevertheless, the implementation of PKI has weak points. In this specific case, two "certificate authorities", namely Startcom and Wosign, issued false or at least questionable certificates.

The technology behind it worked flawlessly.

Nevertheless, the incorrect or improper use or implementation created a security problem.

So if you limit yourself to just the technology view, everything was flawless - yet there were gaps in the implementation and thus security problems.

Insecure certificates despite secure cryptography. Now cryptographic algorithms and PKI, at least in our IT age, very old. So to speak from the stone age of computer science...

So the current technology buzzword is "Machine Learning"especially in the IT security sector. If you believe some marketing statements, this makes machine learning all other technologies obsolete.

But also ML is "only" a technology. And strictly speaking, it's not even new: Many basic algorithms and procedures have been known for decades.

Even though ML as a technology has a lot of potential, especially in detecting new unknown threats, it is well worth looking at the implementation.

One of the most important factors in implementing ML is training. This includes the amount and quality of training data as well as the training method.

The quality of an ML implementation thus depends directly on the quality - and to some extent the quantity - of the training data. It is therefore not enough to have a good command of the pure technology ML.

Rather, external factors, in this case the training data, also play a - if not "the" - decisive role. To put it casually: "Garbage in, garbage out."

Machine Learning vs. Training

In addition to the "technology" dimension, there is suddenly another dimension to consider when evaluating ML implementations: the "training set."

This is an example of how a technology must always be evaluated in the context of its implementation.

Another aspect that implementation can throw a spanner in the works is "false positives". That is, legitimate content that is incorrectly classified as undesirable.

Many ML algorithms historically suffer from this problem. They may very efficiently detect new threats that other technologies do not, but at the same time report a lot of harmless content as dangerous.

In the context of an optimization, therefore, further noise reduction measures are often used.

The influence of new technologies is indispensable for IT security. If only to be able to meet the creativity of cybercriminals on an equal footing.

However, technology affiliation does not lead to the desired results. The implementation and its context must always be considered.

If this is not done, there is always the danger of creating the impression of a "perfect" technology. A theory that is all too often disenchanted by practical implementation.

https://e3mag.com/partners/trend-micro-deutschland-gmbh/

avatar
Raimund Genes, Trend Micro

Raimund Genes was CTO at Trend Micro.


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 24, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.