Cognitive Security Seen as Filling Cyber Gaps
Along with growing cyber threats and the need to respond in real time, the sheer volume of information that must be parsed is fueling the requirement for automating the sifting of threat data. Hence, “cognitive security” specialists such as Cisco Systems and IBM are promoting threat analytics approaches designed to respond to cyber attacks as they unfold.
Among other scenarios, cognitive threat analysis scans web traffic for malware and botnets to pinpoint and isolate attacks on network command and control infrastructure in real time. Cisco Systems (NASDAQ: CSCO), which has been acquiring cognitive security expertise over the last several years, is taking a networking approach to emerging security threats. Meanwhile, IBM (NYSE: IBM) is emphasizing cognitive security as a way of leveraging artificial intelligence and machine learning as tools for automating threat detection.
IBM cited a recent IDC study that forecasts $8 billion in overall revenues this year for cognitive computing, a market that is expected to grow to $47 billion in the next three years. As large players like IBM move aggressively into the cognitive security market, a growing list of startups—including some with military connections—are attracting venture funding.
IBM acknowledges that security specialists are still in the early stages of implementing cognitive security, but argues that the need to make faster decisions based on ever-greater amounts of data is fueling the need for automation tools like cognitive security.
The results of a survey commissioned by IBM and released last week found that only 7 percent of security professionals are currently using cognitive technologies. Still, it said 21 percent of respondents said they plan to implement cognitive security tools over the next two to three years.
“If security analysts were able to stay current on threats and increase accuracy of alerts, they could also reduce response time,” stressed Diana Kelley of IBM Security. “There is just too much data for humans to parse, and response times need to be as rapid as possible.”
As with many areas of data science, respondents to the IBM survey said they currently lack the internal skills to implement cognitive security platforms. Hence, proponents such as IBM are promoting webinars and other training tools to bring security analysts up to speed on how to incorporate cognitive technologies into their cyber defenses.
While many security analysts and vendors maintain security must be baked into corporate networks, most everyone agrees that evolving threats are exposing gaps in security.
Other cognitive security approaches such as Cisco’s use the automation technology to monitor network traffic to verify the legitimacy of a web site, for example. It then assesses the type and size of information returned and looks to see what if any other domains are being communicated with. Finally, it looks for unauthorized transfers of data from computers and servers, a threat known as data exfiltration.
Cisco’s cloud-based approach to cognitive threat analytics also is designed to address gaps in so-called perimeter defenses using behavioral analysis and anomaly detection to spot a data breach or a malware infection.