Cognitive computing for cyber security

Old wine in new skins?

Every now and again, a “disruptive” technology captures the imagination of innovators and entrepreneurs. By most standards, the “disruptive” label may be applied to “cognitive computing”, which describes a range of technologies that automatically extract concepts and relationships from data, “understand” their meaning, and learn from data patterns and prior experience¹.

For a long time, computers have been able to outperform humans in raw calculative power. Cognitive computing however, is seeing machines encroach into the historically human strengths of thought, reason, and the processing of unstructured data.

In the “Cognitive Computing Era”, today’s computer systems have evolved into powerful, intelligent systems that can emulate human reasoning². In more technical terms, the field of cognitive computing lies at the intersection of machine learning, image processing, natural language processing, and Big Data, allowing the rapid ingestion of enormous quantities of both structured and unstructured data.

The beginning of the Cognitive Computing Era is often marked by the unveiling of IBM’s Watson, which won a special edition of the US quiz show Jeopardy in 2011. A quiz show-winning robot doesn’t sound useful in itself, but the implications of its abilities are profound and far-reaching. The underlying technology will find use in applications from customer service calls to healthcare, anywhere where structured or, more importantly, unstructured data needs to be sorted and interpreted². Moreover, cognitive computing technologies are considered a game-changer for risk management, by mining often ambiguous and uncertain data to find indicators of known and unexpected risks³. The following text provides a brief outlook on how cognitive computing, applied to organisations’ cyber security functions, can be expected to be paradigm-shifting.

Applying cognitive computing to the cyber domain

With the increase of data volumes, the growing sophistication of cyber attackers and the shortage of skilled cyber security experts, new approaches are required to keep pace with the modern array of cyber threats. Cognitive computing promises to help.

Enhanced SOC operation

A pillar of a mature cyber security programme is the ability to detect when an attack is occurring. Today, tools already exist to aid first-and second-level support functions in detecting attacks and incidents. However, with increasing sophistication of both IT systems and attackers, the cost of labour required to keep systems safe can increase to untenable levels. Here enters cognitive computing, where the ability to automatically ingest, weigh, discriminate and evaluate immense quantities of data can be expected to represent a centrepiece of modern threat detection. While human attention may fail, and simpler algorithms may misdiagnose threats, the cognitive computer promises to be powerful enough to see the whole system at once, and clever enough to see through subtle anomalies and attack patterns. Moreover, it can not only automatically identify a threat, but also actively scan for vulnerabilities in a systems’ configurations, and propose corrective actions. All at speeds that could define the success or failure of a cyber-attack. For example, by using a cognitive computing based platform, a security operations centre (“SOC”) provider has been able to reduce the average time for threat investigation and root cause determination from 3 hours to 3 minutes⁴. This may serve to increase the coverage of an organisation’s SOC, also helping to bridge the gap in skills and talent that many SOCs experience today, since fewer security engineers are required for triage and first-responses.

Automated threat intelligence

So far, much of cyber security has depended on reactive strategies, responding to threats as and when they manifest. While cognitive technologies can achieve this, they also have the potential to proactively protect their owners’ systems by turning their skills of massively parallelised information analysis towards the vast repositories of cyber security information that exist today. Vendors of cognitive technologies promise the ability to ingest data from millions of disparate information sources so as to identify actionable threat intelligence that is meaningful to individual companies, allowing them to prepare proactively. Such intelligence consists in hints and early indicators of threat actors’ intentions, targets, and methods used. When the speed and accuracy of your response determines the impact of attacks, the promise of cognitive computing to tap millions of information sources in search of early indicators can be invaluable.

The other side of the coin – applying cyber security to protect cognitive computing

Security plays an equally important but often neglected role as an enabler for cognitive computing. To take full advantage of cognitive computing, it is crucial to build and maintain preventative and detecting cyber security capabilities to ensure the confidentiality, integrity, and availability of underlying systems and data. Medical diagnostics, another strong example of the power of cognitive computing⁵, is one such case where the security of information being handled (private medical data), is of paramount importance. Furthermore, solving more complex problems may require additional computing power that needs to be provided by external distributed systems, such as public clouds. Additionally, the effectiveness and accuracy of predictive analyses based on neural networks and associated insights will rely on the availability of correct data sources that are neither corrupted nor manipulated. In all these cases, the implementation and enhancement of well-known cyber security capabilities such as rigorous and fine-granular identity and access controls, data leakage prevention mechanisms, strong encryption technologies, as well as system-health monitoring capabilities remain equally important as any investments in cognitive computing technologies themselves.

Cognitive outlook

At this stage, cognitive computing is still complementing human security specialists by suggesting strategies and calculating probabilities of outcomes. However, major industry players have already launched cognitive-based services for threat detection and security analytics. An example close to home is SIX, the operator of the Swiss financial market infrastructure, who is in the process of deploying IBM Watson for cyber security in a new “Cognitive Security Operations Center”⁶.

As humans and computers are learning to collaborate in ways that were impossible in the past, it is expected that more security capabilities based on cognitive computing will evolve over time. One day, such systems may even become capable of protecting themselves from threats, hence addressing the need for security in cognitive computing. While this may still be years out, the journey has definitively begun.

¹Deloitte University Press, “Cognitive technologies in the technology sector - From science fiction vision to real-world value,” Deloitte University Press, 2015.

²J. E. Kelly, “Computing, cognition and the future of knowing,” IBM Corporation, 2015.

³Deloitte, “Why artificial intelligence is a game changer for risk management”, 2017.

⁴IBM Corporation, “Reducing threat investigation and root cause determination from three hours to three minutes,” 2017.

⁵Memorial Sloan Kettering Cancer Center, “Watson Oncology,” 2017. 

⁶SIX Group, “SIX Leverages IBM Watson for Cognitive Security Operations Center,” 2017.