The average enterprise deals with 200,000 security-related events per day, and according to the 2015 IBM Cyber Security Intelligence Index most of them are false alarms. These companies spend an average of $1.3 million and waste 21,000 hours each year essentially running up blind alleys. To make matters even more daunting, all this is happening against the backdrop of a skills shortage that will leave 1.5 million cybersecurity jobs unfilled by 2020.
Our traditional approaches to cybersecurity are no longer effective. Attackers are growing more sophisticated, and our classic defenses won’t prevail in the face of billions of new mobile and ‘Internet of Things’ devices.
We need to rethink our approach to cybersecurity and make the shift from a focus on prevention and detection to a balance of prevention, detection and…response. However, most teams are woefully short of appropriate resources when it comes to that last step.
When in balance, organizations can more effectively manage, mitigate, respond to and then move on from cyber-attacks. In short, our cybersecurity strategy should be about resilience.
Unfortunately, the path to resilience is currently heading in the wrong direction. A new global survey of almost 3000 security professionals by the Ponemon Institute found that only 32% of respondents believed their cyber resilience is high, down from 35% last year. The time it took to respond to an attack has increased in 41% of the responding companies, and underpinning these data is the fact that 75% of those who responded said they did not have a uniform cyber incident response plan in place.
Resilience demands a new set of skills and tools. It needs to be centered on arming security teams with game-changing technology that helps them prepare and respond faster and more intelligently. Hence the rise of platforms dedicated to incident response, like Resilient. A substantial step in the right direction and a huge advantage to those who have the technology.
So, what next? Enter cognitive computing. Companies must filter massive amounts of data found in network and system logs, directories, database access records and other machine information. By using cognitive systems to mine security-related data for insights, organizations can identify patterns that can indicate breaches.
Cognitive machines such as IBM’s Watson sort through millions of log file entries, emails, blog posts, research papers and other structured and unstructured data to find patterns that even the smartest of us can’t possibly see. They’re also ideally suited to process billions of entries in log files, applying machine learning and predictive analytics to become smarter as they work. All to better arm security analysts with relevant information.
One immediate effect is a reduction in incident response times, a challenge that respondents to IBM’s recent Cyber Security in the Cognitive Era study identified as their number one priority. Speedy response is now critical, with 201 days currently being the average amount of time a breach goes undetected, according to Ponemon.
To flesh this out a little, cognitive systems support an organization’s security efforts in the following ways:
Identify threats through analytics – Combing through billions of entries in a network or system log to find correlations is beyond the capacity of human operators, but machines excel at this kind of rote work. Big data analytics technologies like machine learning, graph mining, and entity relationship modeling enable cognitive systems to detect anomalies that humans would never see.
Enhance human intelligence – Like Watson, cognitive systems can ingest billions of records to deliver only the most relevant insight. They can crawl websites to scrutinize academic research, incident reports, security bulletins and blog posts to identify best-practice data.
They also supplement efforts to find solutions. For example, Watson can analyze millions of email messages to identify common patterns that enable better phishing filters to cut down on the alarming spread of ransomware.
Improve enterprise risk management – Resilient organizations understand the value of different kinds of data and apply security policies accordingly. Cognitive systems use natural language processing to categorize data so that appropriate protections can be applied and valuable data isn’t overlooked.
Our cyber world today faces three major security challenges:
- There are too many incidents and not enough time to deal with them
- Environments are becoming more complex as are the attacks gaining complexity
- Organizations lack appropriate resources to contend with the responses required
Cognitive systems contribute in all three areas:
- They help organizations filter incidents to identify the ones that matter
- They deal with scope and complexity that is beyond human capabilities
- They mine unstructured data to pull out best practices that inform response plans quickly, making security teams more intelligent
Cognitive systems don’t obviate the need for security professionals. Rather, they alleviate the critical skills shortage by helping people make smarter choices in a fraction of time it would take a human. Cognition is the next wave in security, and not before time.
This is part of a point-counterpoint debate. The other article can be found here (will be available from Monday 17th April)