Security threats are growing in volumes and sophistication. Despite the implementation of best of breed detective and preventive controls from edge to endpoints, attackers can get into the organization’s network to steal information or hold organizations data hostage for ransom. Like latest ransomware attack impacted over 200 countries.
In this age of IoT, BYOD and social networking – monitoring, analyzing and identifying the subtle signs of the security breaches are like finding a needle in a haystack at dark night. A scarcity of trained security resources makes the problem more difficult.
The study says, rather than organization’s security teams, up to 70% of data breaches are reported by the 3rd party. The average time to identify breach is 201 days and to contain breach is 70 days. This shows that current security monitoring methods and tools are not adequate.
The manual task of analyzing thousands of events, identifying false positive, qualifying incident and dealing with the ever-increasing volume of alerts is time-consuming and error prone.
More than a third of our survey participants still think it unlikely they would be able to identify a sophisticated cyber attack
Ken Allan, Global Advisory Cybersecurity Leader, EY, UK
Time has come to go for cognitive enabled security solutions.
What is Cognitive Computing for Security?
The generally accepted definition of cognitive computing is, it is human brain functions including thoughts and thought processing, simulated using the computing hardware and software. This means the systems will learn by themselves, understand the patterns and process, natural languages the way human brain processes information.
In simple words, computers will take over the task of a human mind, the way machines took over physical tasks of labors during the industrial revolution.
Cognitive Security is a use of cognitive systems in security area to analyze the enormous structured and unstructured security data, identify the patterns and exceptions to provide actionable information.
There are solutions like “Cognitive Security Operation Center” from IBM, powered by Watson have already made their way to the market. A security firm by the name of SparkCognition showcased, what is said to be, the first AI-powered cognitive antivirus system called DeepArmour.
Key Benefits of Cognitive Security
There are various benefits using cognitive security, in following paragraphs we will elaborate key benefits from the point of, reducing security breach impact and helping CISO and security teams to function effectively.
Speed for threat detection
As per Ponemon 2016 study, the average time to detect the breach is 201 days. Delay in detection can impact organization adversely, It will cost reputation and money. The biggest challenge for CISOs is increasing the speed of breach detection .
Cognitive security can enhance understanding of threat landscape, reduce the false positive, respond to the subtle changes, and identify anomalies. Also, detect risky user behavior faster and provide the better context and reasoning for incident qualification.
Cognitive Security can manage the complexity of detection through better threat analytics. This will improve the speed and accuracy of the breach detection.
Improved Incident Response Time
Reduction in false positive and threat context for the analysis will provide right inputs to security teams for taking appropriate action to improve incident response.
Cognitive Security integrates the external intelligence like global threat intelligence feeds, the blog post and other discussion forums to help teams to take action before the signature or patch is released. In the current situation for any security analyst, it is impossible to go through all the threat intelligence, blogs, and other discussion forum and keep knowledge up to date. Cognitive Security can do this at very high speed. The capability of cognitive systems to read the structured and unstructured data will reduce these knowledge gaps.
In the current situation for any security analyst, it is impossible to go through all the threat intelligence, blogs, and another discussion forum, and keep knowledge up to date. The capability of cognitive systems to read the structured and unstructured data will reduce these knowledge gaps.
As state in the latest report “Cyber Security: For Defenders, It’s About Time”, conducted by Aberdeen Group,
By doubling the speed of incident response time, organizations can cut the impact of a disruptive cyberattack by 70%.Businesses can lessen the effects of a data breach by 30% by doubling the speed of their incident response time.
Automation of Repetitive Tasks
Cognitive systems can automate security monitoring. These systems can go through the humongous security data, alerts and events to define patterns, identify exceptions and anomalies. If the “dark security data” is made available to these systems, it will further improve the efficiency of automation by providing the context to non-exposed vulnerabilities or zero-day kind of attacks. The Automation can be extended to technical controls, analysis, and processes.
Optimizing Operational Security Resources
Getting and retaining security talent is one of the CISO’s challenges. The automation will free security analysts from mundane, repetitive task like an eyeball on the glass and can be efficiently utilized to define the risk score for qualified incidents and plan mitigation for identified threats. Automation will help to reduce the impact of the breach. Also, the analyst will have time to upgrade their knowledge about security best practices, insights of the compliance requirements and learn soft skills like communication and persuasion.
How Cognitive Computing Will Impact Future of Security
Cognitive security will not resolve all security challenges, it can help to automate security analysis for the speedy response but cannot replace human security analyst. As a part of breach investigation, there are many things involved such as research of the breach, testing to confirm analysis, many times internal people needs to be interviewed and all this needs human expertise. Going forward cyber security will be hybrid and will use best capabilities of both cognitive systems and humans.