This is Part 2 of our three-part series on how cognitive security can help organizations protect their critical assets. Be sure to read Part 1 to learn how cognitive tools can help security leaders address the incident response speed gap.
Fill In the Gaps With Cognitive Security
“Security analysts are expensive resources. In many organizations, they are overwhelmed with work. Alerts are triaged so that only the most serious get worked. Many alerts don’t get worked at all. That means that some security incidents are never investigated, leaving gaps in threat detection.” — Joseph Blankenship, Senior Analyst at Forrester Research
According to a recent report by IBM’s Institute for Business Value (IBV) titled “Cybersecurity in the Cognitive Era: Priming Your Digital Immune System,” security leaders hope to employ cognitive solutions to address a speed gap, an intelligence gap and an accuracy gap when it comes to their ability to detect, analyze, respond to and recover from security incidents.
The Intelligence and Accuracy Gaps
The report indicated that security leaders are most concerned about the incident response speed gap. The intelligence and accuracy gaps rank second and third, respectively. Sixty-five percent of respondents identified threat research as the biggest challenge due to resource constraints, while 40 percent cited the struggle to stay current on threats and vulnerabilities.
Security leaders also placed high importance on the ability to optimize the accuracy of alerts to reduce the number of false positives. In fact, 61 percent of respondents pointed to identifying and assessing threats as a key hurdle.
2016 was a big year for IBM in the cognitive security space. IBM is currently teaching its flagship cognitive computing powerhouse, Watson, the language of cybersecurity and ingesting thousands of documents into the machine to build a corpus of knowledge. The idea is to help Watson “recognize and automate connections between millions of pieces of data at a scale and speed like never before.”
“Advances in artificial intelligence and robotics are now making it possible for humans and machines to work side by side,” wrote analyst Joseph Blankenship for Forrester Research. Until now, however, attackers have had all the advantages. “Once Watson learns the language and nuance of cybersecurity, it could become a very intelligent security analyst, giving security teams an advantage against the attackers targeting them,” Blankenship continued.
The September 2016 “McAfee Labs Threats Report” used the term “Analytics 3.0” to describe the analytics process that combines “machine learning with big data, deep learning and cognitive computing” to produce “fast, proactive discovery and insight.”
The IBV survey echoed this optimism. Fifty-seven percent of respondents believe cognitive computing-enhanced security can “significantly slow the efforts of cybercriminals.” In terms of the key benefits, leaders cited improved detection and incident response decision-making capabilities (40 percent), significantly improved incident response time (37 percent), and increased confidence to discriminate between events and true incidents (36 percent).
Join the Revolution
While chief information security officers (CISOs) may have cognitive security on their minds, many top leaders are also excited about what cognitive technologies can do for their organization. According to an IBM study, half of the chief executive officers (CEOs) queried said cognitive computing “will revolutionize their business in the next three to five years.”
This realization is fueling very large investments, in terms of both research and development and mergers and acquisitions, in this technology. In fact, the market is expected to be worth $31 billion in 2019.
A 2016 Accenture Operations report, “Cybersecurity and Digital Trust in 2016: Re-thinking ‘State of the Art’,” mentioned cognitive computing as one of the hottest growth areas. It also predicted a large increase in deployments in the next 12 to 18 months. If cognitive security isn’t already on your radar, it should be.
Security leaders should get ready for questions from their CEOs and board directors about the cybersecurity benefits of cognitive computing. You would be hard pressed to point to a single action item that won’t benefit from cognitive computing. If you don’t feel ready to adopt the technology, you’d better have a great argument prepared instead.