Cognitive

The number one challenge for security leaders today is reducing average incident response and resolution times.” — IBM IBV Cognitive Security Report

In November, IBM’s Institute for Business Value (IBV) released a report titled “Cybersecurity in the Cognitive Era: Priming Your Digital Immune System.” The report provides insights gleaned from a study of over 700 security leaders from across the globe and seeks to uncover the security challenges organizations face, all while shedding light on how to address them. The study also evaluated the impact of cognitive security solutions and gauged the industry’s current level of readiness for the oncoming cognitive era.

The study identified three main gaps that cognitive solutions might fill to improve an organization’s security posture: a speed gap to significantly improve incident response times, an intelligence gap to improve detection and incident response decision-making capabilities, and an accuracy gap to provide increased confidence to discriminate between events and true incidents.

A Short Primer on Cognitive Security

“Cognitive computing has the ability to tap into and make sense of security data that has previously been dark to an organization’s defenses, enabling security analysts to gain new insights and respond to threats with greater confidence at scale and speed,” wrote Marc van Zadelhoff in a previous article.

According to an IBM cognitive security white paper, this type of security is “characterized by technology that is able to understand, reason and learn.” In short, it is about analyzing security trends, distilling enormous volumes of data into information and further refining it into knowledge that can be turned into action.

The Incident Response Speed Gap

Respondents to the IBV study identified the speed gap as the top security challenge. Forty-five percent ranked reducing average incident response and resolution time as the top challenge today, and 53 percent identified the same area as the top challenge for the next two to three years.

45% (today) and 53% (next 2-3 years) say reducing average incident response time is the top challenge

This is somewhat surprising given the fact that 80 percent of the survey participants indicated that their incident response speeds have improved by an average of 16 percent in the past two years. Additionally, 37 percent believe that cognitive security solutions will significantly improve this response time.

Reading between the lines, security leaders have been pushing their teams to improve incident reaction times, but they also realized that the current level of improvements are inadequate to keep up with the ever-increasing pace of attacks. For that 37 percent of security leaders, cognitive security offers a ray of hope.

A Skills Gap Too?

It’s no secret that the cybersecurity field faces a skills gap of enormous proportions. In fact, Forbes estimated that the skills gap has reached 209,000 unfilled positions in the U.S. Additionally, a Cisco report tallied 1 million unfilled positions worldwide, a situation that’s unlikely to change anytime soon given the large volume of senior and highly seasoned security professionals preparing to retire and the relatively small investment in recruiting bright young minds into cybersecurity education and, eventually, cybersecurity careers.

The good news is that cognitive security solutions can help maximize the current workforce by reducing the amount of time before an anomaly is detected. They can provide better context and background information to those tasked with analyzing incidents.

Superhuman Capabilities

According to the IBM Cognitive Security white paper, “a cognitive system comprehends and processes new information at a speed that far surpasses any human.” It also noted that “cognitive computing is driving transformational change by harnessing not just data, but meaning, knowledge, process flows and progression of activity at a lightning-fast speed and scope.”

The prospect of turning over more of our incident response processes to machines might bring chills to those tasked with responding to incidents and analyzing their severity and impact. However, the goal isn’t to replace humans, but to supplement their capabilities, much like an exosuit turns a human into a superhuman. Cognitive security solutions can accomplish in minutes what would take human analysts hours or even days.

Cognitive technology is still in its infancy. Those who get there first, however, will likely reap a significant competitive advantage over those who take a wait-and-see approach. As the saying goes, you don’t have to run faster than the bear — you just have to run faster than the guy behind you. Can your business truly afford to take a wait-and-see approach?

Read the full IBM Report: Priming your digital immune system


Security Intelligence

Authored by David Shipley, Director of Strategic Initiatives, Information Technology Services, University of New Brunswick.

Embracing Cognitive Security Solutions

In many organizations, security is assumed rather than actively pursued. It is my job to make sure that isn’t the case. As the data center for three other universities in our province, my security team at the University of New Brunswick (UNB) protects a large digital bank of information with a fraction of the security resources of larger organizations. We have to protect student records, proprietary research material and other assets that criminals value highly.

A university is like the Mos Eisley spaceport of cybersecurity. We have every bad thing you could imagine: malware, vulnerable devices, patching issues and bring-your-own-device (BYOD) everywhere. We are, by our nature, open and transparent, yet we are supposed to be secure. Those two things do not go well together; we exist in that uncomfortable friction. Because of that, however, we are the perfect breeding ground for new ideas.

After the Gold Rush

We are faced with an exponentially growing volume of attacks due to the proliferation of new tools for cybercriminals. Today, the barriers to entry for cybercrime are tremendously low, creating a kind of gold rush. I feel this is due to a number of different factors, including the lack of a real, global cybercrime framework and national policing resources to address incidents and attacks. I am also worried about the amount of money that cybercriminals are obtaining to reinvest into their capabilities, widening the gap between the attackers and the attacked.

We are outgunned and need new capabilities to use as force multipliers to level the playing field with cybercriminals. UNB is exploring cognitive security solutions with IBM to augment our capabilities to deal with these challenges. UNB is one of eight universities in North America chosen by IBM to help adapt Watson cognitive technology for use in the cybersecurity battle. We are feeding real data into the Watson system as a natural extension of the work we are doing for security information and event management (SIEM).

Stop Fighting Fires

We have high expectations for cognitive security solutions in the coming years. The technology has so much potential to address our labor shortage gap, reduce our risk profile and increase our efficiency of response.

Cognitive systems can leverage unstructured data to provide the context behind attacks and provide an informed second opinion to increase our confidence for making decisions. I read a lot on a daily basis, but that might help me discover roughly 1 percent of what is out there in terms of the latest threats and risks at any given time. How am I supposed to apply only 1 percent against hundreds of active offenses on a daily basis? I hope cognitive security solutions can enable me to take a more holistic view of my cybersecurity situation.

Ultimately, I believe that these Watson-based solutions will allow security professionals to move to a higher level of value for their organizations. Cognitive solutions can help them get away from merely firefighting and into tackling longer-term strategic issues, such as user behavior and organizational culture, that can change the outcome of the present one-sided battle.

Read the IBM Executive Report: Cybersecurity in the cognitive era


Security Intelligence

The shortage of trained cybersecurity professionals is a global challenge, and India is no stranger to the situation. An alarming 87 percent of respondents to ISACA’s “2015 Global Cybersecurity Status Report — India Data” admitted India is facing a severe cybersecurity skills gap, whereas only 41 percent felt prepared to fend off sophisticated cyberattacks.

The National Association of Software and Services Companies (NASSCOM) estimated that India will need 1 million cybersecurity professionals by 2020 to meet the demands of its rapidly growing economy. Demand for security professionals will increase in all sectors due to the unprecedented rise in the number of cyberattacks. Despite having the largest information technology talent pool in the world, India is highly unlikely to produce an adequate number of professionals to close the cybersecurity skills gap.

Skills Shortage Exposes Indian Businesses

The cybersecurity skills gap is ever widening due to the fluid nature of threats, innovative new cybercrime techniques, a lack of formal training and, most importantly, a lack of awareness about careers in cybersecurity. This scarcity exposes Indian businesses to cyberattacks and reduces their ability to quickly respond to complex threats. In the long run, the skills gap may discourage Indian companies from implementing new technologies or making new investments.

The shortage of cybersecurity professionals is also pushing up the cost of hiring experienced cybersecurity staff and forcing Indian businesses to increase their cybersecurity budgets. The “Global State of Information Security Survey 2016” from PwC reported a 117 percent increase in cyberattacks in India and a 71 percent increase in budget.

High Stakes for India

Because several global IT corporations operate in India, the cybersecurity skills gaps also impacts the global economy at large. The IT sector is one of the major employment generators in India, employing over 2.5 million people. A major breach could significantly jeopardize future growth within this critical IT sector.

NASSCOM launched cybersecurity training initiatives in collaboration with key IT companies. Along with the Data Security Council of India (DSCI), it launched a new Cyber Security Task Force (CSTF) to improve the supply of trained cybersecurity professionals. However, it will take some time before the CSTF starts making an impact on the ground. And it’s but a drop in the ocean given the escalating onslaught of cyberattacks that the Indian government and local businesses are facing.

Cognitive Security Bridges the Cybersecurity Skills Gap

While promoting cybersecurity education can help address the skills gap to some degree, it will not be enough to address rapidly multiplying cyberthreats. Luckily, Watson for Cybersecurity can help offset the skill shortage in India.

Watson for Cybersecurity is a first-of-its-kind, cloud-based cognitive technology. It’s trained to reason and learn from unstructured data — or 80 percent of all data on the internet that traditional security tools cannot process, including blogs, articles, videos, reports, alerts and other information.

“By leveraging Watson’s ability to bring context to staggering amounts of unstructured data, impossible for people alone to process, we will bring new insights, recommendations and knowledge to security professionals, bringing greater speed and precision to the most advanced cybersecurity analysts and providing novice analysts with on-the-job training,” said Marc van Zadelhoff, general manager of IBM Security.

Watson can empower cybersecurity professionals with superior capabilities and help them become more efficient. As Caleb Barlow, vice president of IBM Security, aptly told Fortune, “It’s not about replacing humans, but about making them superhumans.”

Discover how Cognitive Security can help bridge the Cybersecurity skill gap


Security Intelligence