Difference between revisions of "Cognitive Security"

Definition of Cognitive Security

Cognitive Security is the application of artificial intelligence technologies, modeled on human thought processes, to detect security threats.^[1]

Like other cognitive computing applications, self-learning security systems use data mining, pattern recognition and natural language processing to simulate the human brain, albeit in a high-powered computer model. Such automated security systems that are designed to solve problems without requiring human resources. Machine Learning algorithms make it possible for cognitive systems to constantly mine data for significant information and acquire knowledge through advanced analytics. By continually refining methods and processes, the systems learn to anticipate threats and generate proactive solutions. The ability to process and analyze huge volumes of structured and unstructured data means that cognitive security systems can identify connections among data points and trends that would be impossible for a human to detect. Cognitive security may be particularly helpful as a way to prevent cyberattacks that manipulate human perception. Such attacks, sometimes referred to as cognitive hacking, are designed to affect people's behaviors in a way that serves the attacker's purpose. Cognitive security efforts in this area include non-technical approaches to making individuals less vulnerable to manipulation as well as technical solutions designed to detect misleading data and disinformation and prevent its dissemination.^[2]

The Concepts of Cognitive Security^[3]

The concepts about cognitive security, are presented below:

• It is focused on the application of artificial intelligence to detect advanced cybersecurity threats, through the data analysis in real time.
• Uses non-technical approach to make individuals less vulnerable to the manipulation of human perception known as cognitive hacking and of technical solutions to detect misleading data and disinformation and prevent their diffusion.
• Are self-learning systems that use data mining, machine learning, natural language processing and human-computer interaction to simulate human behavior. It is based on the use of cognitive systems to analyze security trends and distill the huge volume of structured and unstructured data and convert it into actionable knowledge to enable continuous security and business improvements.
• Is the use of learning machines to understand the totality of information relevant to a situation, increasing the human cognition in order to help them make more effective decisions.
• Is based on the continuous learning to increase the knowledge of a security system, which identifies behavioral anomalies, but is able to evaluate the subject and take its own hypotheses by using artificial intelligence, freeing task analysts from defining strict rules or security traps and can provide insight that could be elusive and considerably faster than humans generating accelerated intelligence.
• Is based on the use of artificial intelligence, data mining and data analytic, complementary to the computer security operations in order to strengthen the security of an organization.
• Provide a certain level of intelligence to computer systems by generating knowledge of patterns identified as normal that are obtained through sensorization and analytic data of variables of the system itself and its environment.

Benefits of Cognitive Security^[4]

There are various benefits using cognitive security, below are key benefits from the point of, reducing security breach impact and helping CISO and security teams to function effectively.

• Speed for threat detection: As per Ponemon 2016 study, the average time to detect the breach is 201 days. Delay in detection can impact organization adversely, It will cost reputation and money. The biggest challenge for CISOs is increasing the speed of breach detection . Cognitive security can enhance understanding of threat landscape, reduce the false positive, respond to the subtle changes, and identify anomalies. Also, detect risky user behavior faster and provide the better context and reasoning for incident qualification. Cognitive Security can manage the complexity of detection through better threat analytics. This will improve the speed and accuracy of the breach detection.
• Improved Incident Response Time: Reduction in false positive and threat context for the analysis will provide right inputs to security teams for taking appropriate action to improve incident response. Cognitive Security integrates the external intelligence like global threat intelligence feeds, the blog post and other discussion forums to help teams to take action before the signature or patch is released. In the current situation for any security analyst, it is impossible to go through all the threat intelligence, blogs, and other discussion forum and keep knowledge up to date. Cognitive Security can do this at very high speed. The capability of cognitive systems to read the structured and unstructured data will reduce these knowledge gaps. In the current situation for any security analyst, it is impossible to go through all the threat intelligence, blogs, and another discussion forum, and keep knowledge up to date. The capability of cognitive systems to read the structured and unstructured data will reduce these knowledge gaps. As state in the latest report “Cyber Security: For Defenders, It’s About Time”, conducted by Aberdeen Group, "By doubling the speed of incident response time, organizations can cut the impact of a disruptive cyberattack by 70%.Businesses can lessen the effects of a data breach by 30% by doubling the speed of their incident response time."
• Automation of Repetitive Tasks: Cognitive systems can automate security monitoring. These systems can go through the humongous security data, alerts and events to define patterns, identify exceptions and anomalies. If the “dark security data” is made available to these systems, it will further improve the efficiency of automation by providing the context to non-exposed vulnerabilities or zero-day kind of attacks. The Automation can be extended to technical controls, analysis, and processes.
• Optimizing Operational Security Resources: Getting and retaining security talent is one of the CISO’s challenges. The automation will free security analysts from mundane, repetitive task like an eyeball on the glass and can be efficiently utilized to define the risk score for qualified incidents and plan mitigation for identified threats. Automation will help to reduce the impact of the breach. Also, the analyst will have time to upgrade their knowledge about security best practices, insights of the compliance requirements and learn soft skills like communication and persuasion.

See Also

References