Weissblick - Fotolia

Cognitive security is key to cyber arms race, says KuppingerCole

Cognitive computing technology is an area of artificial intelligence that is expected to help provide businesses with the security tools they need to deal with new and emerging cyber threats

The data breaches that are frequently making news headlines indicate that businesses need new tools and approaches to cyber security, according to Martin Kuppinger, principal analyst at KuppingerCole.

“Attackers are becoming increasingly professional, so we need to find better ways to defend organisations,” he told Computer Weekly.

There is a growing realisation that there is a need to move from prevention alone to add capabilities to detect, respond to, and recover from attacks, he said. But in order to do so, organisations need better tools to identify threats and react, especially to zero-day or previously unseen attacks.

“To tackle zero-day attacks, defenders need to be able to identify significant anomalies in activity in the company IT environment, and this is where cognitive security becomes important,” said Kuppinger.

Cognitive computing is the simulation of human thought processes in a computerised model, and involves self-learning systems that use data mining, pattern recognition and natural language processing to mimic the way the human brain works. 

“Basically, it is about expanding human capabilities, for example to deal with vast amounts of data quickly to make connections and identify patterns,” said Kuppinger.

One of the key areas this approach can be applied in security is providing insights into the security events that fall into a “grey area” that lies between the well-known threats for which there is a recognised way of dealing with them and those that are non-critical and are easily dealt with, he said.

Incidents in this “grey area” are the most challenging because although they are potentially fairly serious, they are not well known, he added.

“These are events that are suspicious and we know we have to respond, but we do not really know what this response should be,” he said. “The better our [security] technologies are, the more they allow us to reduce this grey area and focus on the really problematic events.”

Kuppinger believes cognitive computing has an important role to play here, with the most advanced application of this technology in the security context being IBM’s Watson for Cyber Security program.

“Reducing the number of ‘grey area’ events means that internal security analysts or managed security service partners will have fewer events to analyse,” he said.

Neural networks and cognitive technologies promise to enable organisations to better understand complex relationships between data points through rapid analysis of large amounts of data.

IBM has made significant progress in using a cognitive approach to get the right information to the right person at the right time, he said.

This means that cognitive computing could also help organisations cope with fewer security professionals in the face of a worldwide cyber security skills gap.

Irish managed security services provider (MSSP) Smarttech told Computer Weekly in April 2017 that it had increased its speed and capacity to analyse cyber attacks using IBM Watson for Cyber Security.

Organisations need these new tools to be able to identify risk, fraud and other malicious activity as soon as it begins to counteract it more effectively than in the past, said Kuppinger.

“Neural networks and other cognitive computing technologies are the latest in the evolution from rule-based approaches to pattern-based systems, but represent a big step forward,” he said.

Thinking about new tools

While organisations will still need basic security controls, such as firewalls, to filter out the most common, high-volume threat, Kuppinger believes firms should be thinking about what new tool they need.

“Only if organisations have the right technologies at their disposal will they be able to catch up with and counter attackers – otherwise they will fail,” he said.

In addition to IBM, many other security suppliers are moving towards cognitive computing capabilities, with some making strategic acquisitions in this area.  

Cisco, for example, in February 2013 announced the completion of its acquisition of Cognitive Security, which is focused on applying artificial intelligence techniques to detect advanced cyber threats.

At the time, Cisco said the acquisition was part of its efforts to deliver an intelligent network by providing customers with enhanced security analytics capabilities.

Kuppinger said he expects many other suppliers to follow IBM’s lead in applying cognitive computing approaches to security.

“In particular, the top players in the security intelligence platform market are looking at these technologies and are likely to move forward in applying them,” he said.

Kuppinger is one of three panellists to discuss the topic of intelligent identity in the era of cognitive security in more detail at the European Identity and Cloud Conference 2017 in Munich from 9-12 May 2017.

Read more on Hackers and cybercrime prevention