President Barack Obama recently sat down for an interview on emerging technologies with Wired Magazine. “Traditionally, when we think about security and protecting ourselves, we think in terms of armor or walls,” he said. “Increasingly, I find myself looking to medicine and thinking about viruses, antibodies … It means that we’ve got to think differently about our security.”

The idea of cybersecurity as a digital immune system is an apt metaphor. We can’t block everything, but we have to deal with everything. That’s where cognitive security solutions come in.

Embracing Cognitive Security Solutions

To help us manage everything, we need more complete and high-quality security information. There is no shortage of security content — both structured and unstructured content is generated on an enormous scale. However, it’s not feasible to review all this information in a timely fashion to make it actionable.

We are beginning to see the emergence of artificial intelligence, machine learning and cognitive computing tools that can help security teams take advantage of this information deluge and prompt better actions. These new systems can complement human tasks and provide better direction to our digital immune systems, enabling improved speed, more context and better management of the complex threat and risk landscapes. The goal is to bring together the best of both human and computer intelligence to create a more secure future.

Building a More Secure Future

In short, cognitive security solutions can understand, reason and learn about constantly evolving security threats. They are being developed to help tap the tremendous amount of security knowledge created for human consumption. The ultimate goals for cognitive security solutions are to move beyond the limits of manual efforts and enhance the work of security operations center (SOC) analysts, speed up response time with external intelligence and identify threats with advanced analytics. This all helps to reduce enterprise risk.

To better understand the current security landscape and how security leaders are thinking about and applying cognitive security technologies, IBM conducted a survey of 700 chief information security officers (CISOs) and other security leaders from 35 countries, representing 18 industries. The report, titled “Cybersecurity in the Cognitive Era: Priming Your Digital Immune System,” provides insights into the current security operations context. It explains what the expectations and perceived benefits of cognitive security solutions are, whether security leaders are ready to implement the technology and what might be holding them back.

The Context for Cognitive

First, let’s examine the current environment that security leaders are dealing with to understand the need for cognitive security solutions. Security leaders are challenged by the complexity of threats and the speed with which they are able to respond to them. They identified reducing average incident response and resolution time as a top cybersecurity challenge.

Additionally, leaders are worried about how security incidents affect their operations today, and how they may shape their reputations tomorrow. About 68 percent of respondents said loss of brand reputation presents the greatest future concern.

Security leaders don’t feel they are as effective as they could be in addressing network and data protection and rapid, intelligent threat response. However, they are working to address these deficiencies, with 57 percent planning to improve monitoring of network, application and data-level security in the next few years.

Acquiring the right resources to address these issues will be difficult. Seventy-eight percent have seen the cost for cybersecurity increase in the last two years, and 84 percent expect it to increase in the next two to three years. Faced with these growing costs, security leaders are seeking better ways to justify their investments to business leaders.

Filling In the Gaps

Today, many organizations look to cognitive security solutions to help address their interrelated gaps in intelligence, speed and accuracy. Even though this technology is in its infancy, there is great hope and optimism about its potential. In fact, 57 percent of participants in the IBM survey believed these solutions can significantly slow down cybercriminals.

Survey respondents listed improved detection and response decision-making capabilities, significantly improved incident response times, and increased confidence to discriminate between events and true incidents as the top features and benefits of cognitive-enabled security solutions.

Early adoption will grow in the next few years. Seven percent of those surveyed said they are currently working to implement cognitive-enabled security solutions, and 21 percent plan to implement the capability in the next few years.

Despite the great promise, however, widespread adoption requires more education and preparation. Most are convinced of the value and benefits of cognitive security solutions, but 45 percent indicated they were unprepared to adopt the technology due to a shortage of skills. Cognitive security solutions are being designed for widespread consumption — this should not place more burdensome education demands on the backs of security analysts.

Preparing for the Cognitive Era of Security

We identified a group that is “primed for the cognitive era” of security solutions. When we analyzed security effectiveness, cognitive readiness and understanding, we found enthusiastic security leaders ready to enter the cognitive era of security solutions today.

This group made up about 22 percent of those we surveyed. In general, these organizations tend to be more familiar with cognitive solutions, more confident in their security capabilities and well-equipped with the requisite resources.

Technologies like machine learning, artificial intelligence and cognitive computing are here today and are beginning to be adopted. The bad guys are looking at these new tools to improve their capabilities, and organizational security leaders need to look at them as well. Cognitive security solutions provide the opportunity to truly think differently about security and how it can be improved.

If you think that cognitive security solutions may be right for your organization, there are a couple of things you can do to get started on the journey. First, assess and recognize your weaknesses. What specific shortcomings do you want to address with cognitive security solutions? Next, become educated about cognitive security capabilities. Learn about potential use cases and identify what manual activities, if automated, can yield improvements in accuracy, speed and intelligence.

In an environment where investment justification and return on investment (ROI) are requirements, spend time developing and communicating the benefits of cognitive security solutions to your business stakeholders. Treat cognitive security as a new capability, not just another point solution.

In the Wired interview, President Obama said, “Don’t worry as much yet about machines taking over the world. Worry about the capacity of either non-state actors or hostile actors to penetrate systems… It just means that we’re going to have to be better, because those who might deploy these systems are going to be a lot better now.”

To meet this formidable challenge, it is imperative that security professionals get primed for the cognitive era of cybersecurity.

Read the complete report on Cybersecurity in the cognitive era

More from Artificial Intelligence

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Cybersecurity Awareness Month: 5 new AI skills cyber pros need

4 min read - The rapid integration of artificial intelligence (AI) across industries, including cybersecurity, has sparked a sense of urgency among professionals. As organizations increasingly adopt AI tools to bolster security defenses, cyber professionals now face a pivotal question: What new skills do I need to stay relevant?October is Cybersecurity Awareness Month, which makes it the perfect time to address this pressing issue. With AI transforming threat detection, prevention and response, what better moment to explore the essential skills professionals might require?Whether you're…

3 proven use cases for AI in preventative cybersecurity

3 min read - IBM’s Cost of a Data Breach Report 2024 highlights a ground-breaking finding: The application of AI-powered automation in prevention has saved organizations an average of $2.2 million.Enterprises have been using AI for years in detection, investigation and response. However, as attack surfaces expand, security leaders must adopt a more proactive stance.Here are three ways how AI is helping to make that possible:1. Attack surface management: Proactive defense with AIIncreased complexity and interconnectedness are a growing headache for security teams, and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today