Re: nipper studio experiences?

[Mike Lloyd <drmike () redsealnetworks com>]

Marcus,

Definitely fair comment, except for one point: I certainly didn't refer to my own product as "smart", since I share 
your worries about the vacuity of that label.  Indeed, I think I can fairly say, on a re-read, that I offered no 
characterization of my own work at all.

I see the merit of your broad point that all security products take some input, and process it by some rules.  This is 
simultaneously interesting but shallow.  It's a little difficult to see how ANY computer program wouldn't meet the 
description you're using (unless, say, we special case industrial control systems, which take "kinetic domain" 
feedback).  I don't mean "shallow" to belittle your point; I like it, I'm just saying that it's a bit like saying all 
humans are cabon-based - true, and a good basis for going on to say other things, but not all that deep in itself.

My point is more about connotation than denotation.  Consider the example I offered: a document spell checker.  By your 
terms, this takes inputs and processes it by a set of rules.  It's legitimate to call this an "expert" system, 
referring to the "expertise" of the careful speller who set it up.  Technically, fair enough.  But in common parlance, 
I don't think that's what most people are thinking about when they say "expert system" - I believe they mean something 
closer to rarified or esoteric experience that is expensive when purchased (or rented) in human packaging.  
Dictionaries aren't expensive.

For what it's worth, I wouldn't even call my own work an "expert system" in my sense (even though it certainly is in 
yours), but that's because of my own academic history, which gave me a mild aversion to the label.  (It became a byword 
for "clever technology that sits on a shelf, because nobody trusts it when real decisions are on the line".  Skynet is 
not really all that likely, for the simple reasons that humans don't like such things, and that in practice, they don't 
actually deliver on the hype/expectation.)  If it's interesting - I'm not here to advertise, but you did imply I needed 
to defend a position - I'd call what I do "network security analytics".  The "analytics" label sits better, for me, 
than "expert system", because it carries a mild sense that it's used BY experts (firewall wizards, let's say), not to 
REPLACE experts.

Happy to discuss, although anyone should feel free to suggest we move to the firewall-philosophers list instead :-)

Mike

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards