Faster Delivery = Happy Users
Automated Process = Fewer Errors
Standards = Cost Reduction
Order Visibility = Confidence
Linking Systems = Efficiency
There is a disappointing trend in cybersecurity – there’s more cybersecurity spending than ever, with fewer returns.
This year, Gartner projects that enterprises will spend 8% more on security than in 2017. Meanwhile, according to the Identity Theft Resource Center, the number of significant data breaches grew 37% last year.
There’s no one answer to why this is. But, surely, a part of it is the increasing variety of threats. We simply can’t expect security operators to hold all the data about emerging exploits in their heads. The cornucopia of new security research is only valuable to the extent that it can be harnessed. If there’s an interesting security whitepaper somewhere, but security operators don’t have the energy or time to put it to use, it’s just marks on a page.
This is especially true of security research because much of it is unstructured. Security research takes the form of prose. Security researchers don’t psychically transmit knowledge. They express themselves with academic papers or blogs. These documents are valuable, but prose is inherently slow. No matter how much reading security operators do—professional or recreational—they’re not going to catch up to this endless flow of data.
Fortunately, this is something that machine learning (ML) can help with. Machine learning is really good at natural language processing. ML systems can impose structures on free-flowing language. Which brings us back to IBM’s cognitive solution: Watson Advisor. Among Watson’s many roles, perhaps the most important is that it manages this flow of security-related verbiage.
When security operators analyze a threat with the Watson console, they’re looking at accumulated experience. They’re seeing a conglomeration of what researchers have discovered about the nature of that threat. They’re not just looking at the results of an algorithm that detects a malicious-looking signature. (Although, of course, that’s present as well.)
This speeds up and enhances threat analysis. Security operators can provide their specific knowledge, while harnessing Watson’s general knowledge. They don’t have to worry about keeping abreast of all the latest security data. Instead, they can focus on their own personal expertise. Things like the history of attacks on their organization, likely vulnerabilities, and where mission-critical data is located. Moreover, they can fine-tune the rules that Watson uses to analyze their firm’s traffic on an ongoing basis. They can use human intuition to perfect machine intelligence.
From Cyber to Cyborg
Watson Advisor, then, is a solution that creates cyborg security. It performs the same function as those fictional goggles that soldiers wear in science fiction movies. It provides real-time knowledge of the enemy. This speeds up analysis. Threats can be dealt with more quickly. Damage can be contained faster because security operators can instantly know about the pain that a given piece of malware inflicts.
It’s obviously good news. It’s also good news that’s especially needed right now. Everyone knows about the cybersecurity skills gap. More security staff are needed than ever before, and, as a result, security staff are scarce. This is clearly a huge issue, and there are clearly two things you can do about it if you’re running a security team. You can either hire more staff, or you can somehow make your existing staff more efficient.
Watson Advisor is the answer to “somehow.” For example, IBM reports that its client Sogeti obtained a 50% reduction in analysis times with Watson Advisor—an effective doubling of their personal power. It’s too early to tell what the ultimate effect of cognitive systems will be on security. But they appear to be the current best hope of turning the security fight around. With tools like Advisor, hopefully, companies can start getting more security for less, instead of the opposite.