The technologies behind cognitive systems have matured greatly in recent years, which has expanded the number and types of applications for the technology. One such initiative involves applying cognitive computing to cybersecurity.
Cognitive computing has five core capabilities. Looking at the ways these can be applied to the security arena may illuminate some interesting possibilities for IT professionals.
The Core Capabilities of Cognitive Systems
Cognitive technology creates a deeper human engagement. Cognitive security systems analyze all available structured and unstructured data to find what really matters — to a person or group. By being able to better understand an individual, users can gain insight into an attacker’s motives as well as the defender’s needs.
The pattern of how a system is used, based on actual operational patterns rather than just specifications, can point to areas that may be part of the attack surface that has gone unnoticed by an observer. Similarly, the attack patterns as a whole can lead to a better understanding of the true goals of the attacker instead of a simple list of targets.
Another capability these systems offer is the ability to scale and elevate the expertise brought to a problem. Cognitive computing can serve as a companion for professionals to enhance their performance. A wider range of experience and insight can be applied to the problem at hand through cognitive’s collection and analysis of data that might have otherwise been overlooked.
Products and services can be infused with cognitive systems as well. This means the augmentation of their capabilities to deliver uses that had not previously been imagined. Techniques currently used for cybersecurity purposes can expand their use cases when the relevant security tool capabilities are increased or amplified, for example.
When processes are integrated with cognitive capabilities, they can collect data from internal and external sources. These processes can then learn from unstructured data — something that has vexed other kinds of computing. That is huge, because unstructured data is what will drive the greater use of coincident information in automated decision-making.
It’s a great pool of currently unused information not found in current databases that should lead to a wider perspective of data relations.
How It’s Impacting Security
Cognitive can enhance exploration and discovery. Its core capabilities are exactly what the cybersecurity field needs.
Discovering and processing data allows cognitive to assist the professional who must make decisions about a given situation. It serves as a valuable tool to the decision-maker by searching remote areas for information and connections.
It could also make data collection a truly ongoing background process that is only accessed when needed. That way, you could have data that you didn’t even know you needed available because it had been automatically collected. Cognitive widens the data that can be surveyed, giving a greater breadth to the analysis that ensues.
IBM Security announced that, right now, California State Polytechnic University, Pomona; Pennsylvania State University; Massachusetts Institute of Technology; New York University; the University of Maryland, Baltimore County; the University of New Brunswick; the University of Ottawa; and the University of Waterloo are all working on marrying cognitive computing and cybersecurity. They are also finding ways to best communicate analysis results to the people who need to know, increasing the odds that the results will actually get used.
Raw computing power by itself can be useless if it’s unfocused. Cognitive systems are focusing on identifying the most important aspects of security incidents and communicating those critical results. This characteristic — ease of use, even with complex queries — is part of the reason why cognitive will make its biggest security impact in the days to come.