November 3, 2016 By Diana Kelley 4 min read

Artificial intelligence (AI), machine learning and cognitive security have emerged as the big security buzzwords of 2016. But in an industry that’s grown weary of talk of the next silver bullet technology, how does the promise of cognitive solutions line up against reality in the eyes of security professionals?

IBM Institute of Business Value (IBV) released the results of a study of over 700 security professionals across the globe to find out just what the industry really thinks about these emerging technologies and their potential. The results show that the era of cognitive security may come upon us sooner than we think.

Early Stages

Cognitive solutions are already seeing widespread adoption in other industries. A report last week from IDC illustrated that cognitive systems are driving $8 billion in revenue in 2016. Additionally, cognitive computing is slated to become a $47 billion industry by 2020.

Yet the security community is still in the early stages of pioneering cognitive security systems, which leverage advanced technologies like AI, machine learning and natural language processing to help security analysts make better, faster decisions from vast amounts of data. IBM is leading the charge on these efforts as we continue to train Watson to help security analysts in the fight against cybercrime.

According to the new IBV survey, only 7 percent of security professionals claim to be using cognitive technologies today. This is not surprising, considering the technology is so new. However, 21 percent said their organizations plan to use these solutions in the next two to three years — meaning that the use of cognitive security is set to triple within the next few years.

While it’s encouraging to see that expectations for cognitive security are high, innovation simply for the sake of new technology isn’t enough. We need to make sure these technologies are actually solving the problems that security professionals are facing, both today and in the future.

The Need for Cognitive Security

The IBV survey began by evaluating the current challenges facing security professionals to identify the top needs cognitive solutions could potentially address.

According to the study, the top challenges in security today are reducing incident response times (45 percent), optimizing accuracy of alerts (41 percent) and staying current on threat research (40 percent). Threat research was also the top challenge cited due to insufficient resources, according to 65 percent of respondents.

These challenges are, in many ways, intertwined. If security analysts were able to stay current on threats and increase accuracy of alerts, they could also reduce response time. This means there are many scenarios in which cognitive could help. It can provide security analysts with the right information to diagnose and respond to threats more quickly, and deliver insights from the thousands of threat research reports with which organizations lack the bandwidth to keep up.

Massive Potential

According to the survey, nearly 60 percent of security professionals believe cognitive security solutions can significantly slow down cybercriminals. While it’s clear that the overall expectations for cognitive security are high, what specific benefits do security professionals expect to see from cognitive?

The most cited benefits expected from a cognitive security solution were:

  • Intelligence: About 40 percent of respondents believe this technology will improve detection and incident response decision-making capabilities.
  • Speed: 37 percent of respondents believe cognitive security solutions will significantly improve incident response time.
  • Accuracy: 36 percent of respondents think cognitive security will provide increased confidence to discriminate between innocuous events and true incidents.

As you can see, many of these perceived benefits closely align with the greatest challenges organizations say they’re facing today.

Watch the on-demand webinar: Cybersecurity in the Cognitive Era

Bumps in the Road

As with any emerging technology, maturity takes time. We must also look ahead and be reasonable about road blocks and challenges that may arise along the journey to applied cognitive security.

Based on the survey, we found that security professionals weren’t confused about the concept of cognitive solutions, nor were they ambivalent about the value or benefits. The biggest challenges they anticipate are due to skills, processes and methods.

The top two adoption challenges were not being ready from a competency perspective and a lack of internal skills to implement, both at 45 percent. Most security practitioners can appreciate this caution: Without proper preparation and training, a new technology can’t be incorporated into the fabric of the security program effectively.

More education, preparation and investment planning can help companies be primed for successful implementation of cognitive cybersecurity solutions.

Making Cognitive Security a Reality

These survey results showed that cognitive security is a necessary next step for many security professionals attempting to keep up with massive amounts of threat data and protect their companies in an increasingly challenging threat environment. There is just too much data for humans to parse, and response times need to be as rapid as possible. Creating tools that will help augment the intelligence and capabilities of security analysts — rather than simply giving them more information to digest — will be critical in the uphill battle against cybercrime.

Although it’s not a silver bullet, automation and cognitive security are part of an evolution necessary to solve some of the biggest security challenges today and in the future. As we continue forward, we need to evaluate use cases and determine together how cognitive technologies can integrate into day-to-day security operations to address our security challenges in a new and better way.

To learn more, read the complete report on cognitive security and watch the on-demand webinar, “Cybersecurity in the Cognitive Era: Priming Your Digital Immune System.”

More from Artificial Intelligence

Could a threat actor socially engineer ChatGPT?

3 min read - As the one-year anniversary of ChatGPT approaches, cybersecurity analysts are still exploring their options. One primary goal is to understand how generative AI can help solve security problems while also looking out for ways threat actors can use the technology. There is some thought that AI, specifically large language models (LLMs), will be the equalizer that cybersecurity teams have been looking for: the learning curve is similar for analysts and threat actors, and because generative AI relies on the data…

AI vs. human deceit: Unravelling the new age of phishing tactics

7 min read - Attackers seem to innovate nearly as fast as technology develops. Day by day, both technology and threats surge forward. Now, as we enter the AI era, machines not only mimic human behavior but also permeate nearly every facet of our lives. Yet, despite the mounting anxiety about AI’s implications, the full extent of its potential misuse by attackers is largely unknown. To better understand how attackers can capitalize on generative AI, we conducted a research project that sheds light on…

C-suite weighs in on generative AI and security

3 min read - Generative AI (GenAI) is poised to deliver significant benefits to enterprises and their ability to readily respond to and effectively defend against cyber threats. But AI that is not itself secured may introduce a whole new set of threats to businesses. Today IBM’s Institute for Business Value published “The CEO's guide to generative AI: Cybersecurity," part of a larger series providing guidance for senior leaders planning to adopt generative AI models and tools. The materials highlight key considerations for CEOs…

Does your security program suffer from piecemeal detection and response?

4 min read - Piecemeal Detection and Response (PDR) can manifest in various ways. The most common symptoms of PDR include: Multiple security information and event management (SIEM) tools (e.g., one on-premise and one in the cloud) Spending too much time or energy on integrating detection systems An underperforming security orchestration, automation and response (SOAR) system Only capable of taking automated responses on the endpoint Anomaly detection in silos (e.g., network separate from identity) If any of these symptoms resonate with your organization, it's…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today