10 security buzzwords that need to be put to rest

Having trouble getting your message across? Banning these buzzwords may help.

man with megaphone yelling buzzwords
Thinkstock

Can we — please! — retire these tired buzzwords?

Sales teams talk about ‘synergy’ and ‘paradigm shifts.’ Technology professionals bandy about ‘next-generation,’ ‘disruptive,’ and ‘cutting-edge.’ But no matter how many times otherwise intelligent people claim to “leverage their technology to…” it won’t lever the noun ‘leverage’ into a verb.

Information security, too, has its share of overused buzzwords. If you live in this world, you've probably heard them so many times that they barely register anymore.

[ Learn why bad analogies may be killing your security training program ]

Here are ten terms we would like to see permanently retired.

1 cyber

Cyber

‘Cyberspace.’ ‘Cybersecurity.’ ‘Cyber defense.’ ‘Cybercrime’. ‘Cyber army.’ ‘Cybernaut.’ ‘Cyber sleuth.’ ‘Cyber-‘ is a handy prefix to refer to anything in the online world. But it has been overused to the point that the resulting word loses all connotation. There is no reason to say “cyber shopping” when ecommerce and online retail are perfectly good words people can understand.

Cyber was initially a useful prefix for referencing concepts that straddle the boundary between technology and society. ‘Cybersecurity’ helped raise awareness of how security concepts applied to the ways people used technology. However, lumping everything under the ‘cyber’ umbrella has long ceased to be helpful. In fact, conflating everything to the point where an attack on critical infrastructure is considered on par with a phishing attack or a disinformation campaign doesn’t improve anyone’s understanding of the challenges we face. They are different problems requiring different solutions. But when they are all labeled as cyber, it is harder to identify the approaches necessary to tackle them.

2 ai

AI

We were promised a futuristic world, enriched by smart robots capable of doing things humans currently have to do manually. The future of security depends on automation, but that doesn’t mean every security technology that performs complex analysis and computation is an AI. ‘Artificial intelligence’ has a very specific definition for computer scientists. We are perilously close to dumbing down a whole field of study just to make all kinds of machine-based defense sound edgy and cool.

‘Machine learning,’ ‘deep learning,’ and ‘AI’ are increasingly being used as synonyms when describing what security technology can do. This is a terrible idea! ‘Machine learning’ lets us access and manipulate data using multiple algorithms and models and to use the same data to refine the models without needing to be explicitly programmed. ‘Deep learning’ refers to networks that can take unstructured or unlabeled data and derive patterns or learn something it didn’t know before. These are subsets of artificial intelligence but using them interchangeably ignores different ways they improve what security defense and offense teams can do.

[ Related: 5 top machine learning use cases for security ]

3 apt

APT

Originally, ‘APT’ stood for “advanced persistent threat.” But it is increasingly being used to refer to any attack the defenders didn’t notice. Yes, the attack was clearly a threat, and it frequently was persistent because the attackers spent some time in the organization’s infrastructure. But it rarely falls under the category of ‘advanced.’ A look at most of the recent headline-grabbing breaches involved either run-of-the-mill phishing emails or poor password practices.

‘APT’ has become a handy excuse that organizations trot out to explain why they didn’t notice an attack in progress or stop the attackers from causing too much damage. Instead of acknowledging that information security is difficult and having an honest conversation about the many things defenders must do, organizations duck behind the term ‘APT’ as cover. It has become almost as meaningless as the bland trope, “We take security seriously.”

4 threat intelligence

Threat intelligence

Analyst firm Gartner defines threat intelligence as “evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.”

That’s a mouthful, and it still leaves many in the dark about what all those words strung together might mean.

Simply put, threat intelligence is what you get after you collect and aggregate data from different sources, enrich it by applying relevant information, and analyze the resulting package to find answers.

Raw data are often mislabeled as intelligence. Log files and systems for aggregating events data are being relabeled as ‘threat intelligence.’ Collecting and analyzing data aren’t enough—the result has to feed into some kind of business purpose to be called ‘intelligence.’

Threat intelligence requires context, and it must be delivered in a form that can be used. ‘Contextualized intelligence’ contributes to the cacophony of noise without adding any new meaning. For a bonus eyeroll, let’s ban the word-soup that is ‘cyber threat intelligence.’

5 next generation

Next-generation

Information security isn’t the only culprit when it comes to dubbing every product launch and release as ‘next-generation.’ But it certainly contributes to the problem. The phrase once referred to an advancement in technology. It reflected a change in how a problem was solved. Unfortunately, it now seems that all current security tech on the market is next-generation.

Next-generation is over-used to promote redesigned user interfaces, user-friendly features, and the ability to handle more traffic, users, and endpoints. The term needs to be reclaimed so that it refers to new architectures and redesigned approaches to handling emerging threats.

Otherwise, what will the next wave of innovation be called? Next-next-generation? Actually, that explains why everything is now all about ‘AI.’

6 cloud

Cloud

These days, everything is in the cloud. But what does that mean? That you took a file or application off your computer and put it on someone else’s? It doesn’t even matter if the application is running on a virtual machine or if the data is stored on a server in a different data center. Infrastructure-as-a-service, software-as-a-service, and hosting platforms all get hand-waved away as ‘cloud.’

This term glosses over a lot of hard questions, such as how to secure the environment, how to protect the data, and how to control who is using the applications. Taking advantage of someone else’s infrastructure doesn’t mean all your problems go away. It also doesn’t mean you can do the same things you were doing when you worked locally. The concept of the network perimeter is very different when talking about cloud applications, and there are a whole host of different identity and authentication challenges once you leave the safety of your data center.

The technology pendulum is swinging away from cloud computing towards “edge computing,” where you rely on your own local datacenter--i.e., your own computer, your own storage device. Perhaps it’s time to de-cloud?

[ Learn about the cloud security controls you should be using and the 12 top cloud security threats for 2018 ]

7 data driven

Data-driven

The explosion of data collection means we are all drowning in data. Sensors, application logs, system events, and transaction details all can be analyzed to uncover patterns. Practically every security technology is data-driven, whether it’s looking at malware samples and events data to detect malicious activity or scrutinizing access logs and login attempts to spot account takeovers and breaches. Throw users into the mix, and you get behavioral analytics data.

Having data doesn’t necessarily mean there is valuable insight buried in it. Sure, there are ways to display collected data that are useful. But the existence of a database or log doesn’t necessarily result in a security product that is ‘data-driven’. Just as ‘threat intelligence’ requires context, ‘data-driven’ implies the information is being used in a practical way.

8 real time

Real-time

Real-time is a security promise that keeps popping up because technology keeps getting faster and more efficient. Security is now far more data-driven (for real) than it used to be because there is so much information being collected. But analyzing data and executing payload takes time, no matter how tiny and efficient that time window is.

‘Real-time’ comes up a lot as analytics become a bigger part of security, especially when it comes to aggregating user patterns. I prefer ‘near real-time’ which is more honest and acknowledges that there is a lag when gathering information and displaying it in ways that make sense.

9 thought leader

Thought Leader

A ‘thought leader’ is someone who is authoritative and influential. Many people consider the title an emblem that comes with achieving the epitome of professional success. The information security industry is full of thought leaders. But not all are on the forefront of the industry. Some keep up with the trends, technologies and philosophies. But there are those who are merely good with buzzwords and pushing their agenda in an online bubble.

Thought leaders come in many forms, sharing insights and ideas via interviews with journalists, contributing guest articles, speaking regularly on the information security conference circuit, or just quietly bringing groups of like-minded professionals together to share and solve problems.

If someone you trust says someone is a ‘thought leader,’ that is a far more accurate assessment than someone self-identifying as such. Thought leadership isn’t bad, but information security is a field where what you’ve done is more influential that what you say.

10 actionable

Actionable

This is a word that, truly, has no meaning. That doesn’t stop ‘actionable’ from being used—frequently—in many contexts. For the most part, it is intended to emphasize that enterprise defenders can do something with the technology it is describing. But that is the entire reason for investing in the shiny appliance, latest service, or complicated software in the first place. Everything should be actionable! Defenders don’t want security intelligence or a security product that won’t do anything in response to a threat or issue. No one wants to observe a security incident and say, “Wow, that just happened.” They want to respond to what happened.