IBM’s Institute for Business Value recently conducted a survey which found that adoption of cognitive security solutions is currently at 7% but is expected to grow three-fold (to 21%) within the next 2-3 years
Cognitive computing is an advanced type of Artificial Intelligence (AI) that leverages various forms of AI, including Machine-Learning algorithms and Deep-Learning networks, that get stronger and smarter over time. This essentially helps businesses respond to cybersecurity threats with greater confidence and speed. A cognitive security operations centre (SOC) is the necessary evolution of the industry to keep pace with increasing volume and sophistication of threats, says Vikas Arora, chief transformation officer, IBM India/South Asia. “The cognitive SOC is not a specific piece of technology, but rather an integrated architecture by which IBM brings its cognitive solutions to market,” he tells Sudhir Chowdhary in a recent interview. Excerpts:
Why is AI a necessary evolution in combating increasingly sophisticated threats in India?
Artificial Intelligence is changing the game for cyber security analysing massive quantities of risk data, to speed up response times and augment the capabilities of security operations. One of the best places to see the need for a convergence of human and machine intelligence is in modern security operations centres (SOCs). These centres are a hotbed of activity, with the average company sifting through 200,000 potential security events per day—hundreds of which are incidents that require analysts to take action and resolve. By leveraging the power of AI to understand the full context of various types of threats, and automation of specific actions via intelligent orchestration, we can use machine intelligence to handle more remedial yet time-intensive tasks, and free up analysts to focus their attention on more complex and priority threats. Developing both AI and cyber security skill-sets will be a key area that organisations will need to look at.
Where do you see the future of AI in security in 2019?
By weaving advanced intelligent technologies into existing security operations, companies can reduce the tedious manual tasks of their skilled employees, while providing the most relevant and up-to-date intelligence needed to make the absolute best and fastest decisions. As per a 2018 IBM Ponemon study, the average mean time to identify data breach in India increased from 170 days from the previous year to 188 days. Malicious or criminal attacks took 219 days on an average to be identified. The report further highlighted that the average mean to contain data breach in India, increased from 72 days from the previous year to 78 days. Average time to contain malicious or criminal attacks took 99 days. Hence, cognitive security tools and skilling employees for the new AI security era should be an important part of security strategy in 2019 to keep pace with the advanced threats. IBM’s Institute for Business Value recently conducted a survey which found that adoption of cognitive security solutions is currently at 7% but is expected to grow three-fold (to 21%) within the next 2-3 years.
What are the verticals which are actively looking at infusing AI in their security solutions?
From security intelligence to application security, we see the relevance of security across verticals. However, we are seeing increased adoption across financial services, telecom, information and communications technology, retail, and professional services, which are looking at infusing AI in their core security solutions.
How do you ensure the data security since Watson for Security lives in the cloud?
Watson for Cyber Security does not ingest an organisation’s security logs or intellectual property. It learns from publicly available security information and allows security tools like QRadar to pull that data from Watson (in the cloud) into the security operation centre to correlate with event information from a company’s tools/systems. So, it is pulling security intelligence from the cloud—versus pulling company information into the cloud. Hosted on the IBM Cloud, it is one of the most secure enterprise grade cloud
What is the difference between cognitive and AI? Aren’t other vendors already using AI and Machine Learning in security?
We are inventing this market, and the reality is that Machine Learning isn’t cognitive. Watson for Cyber Security can reason, whereas other Machine Learning or even Deep Learning solutions are focused on recognition. Watson may employ recognition steps, but it is using reasoning to mimic the behaviour of an analyst, formulating a hypothesis, compiling evidence support or refute that hypothesis and make a conclusion. Additionally, what the market currently is doing is applying advanced algorithms on the same data each organisation has on the security environment, to find a specific threat, new malware, or determine if a URL is bad. We are augmenting that with the volume of unstructured data in the world that is currently dark to those algorithms.