Cybersecurity requires a specialized skillset and a lot of manual work. We depend on the knowledge of our security analysts to recognize and stop threats. To do their work, they need information. Some of that information can be found internally in device logs, network metadata or scan results. Analysts may also look outside the organization at threat intelligence feeds, security blogs, social media sites, threat reports and other resources for information.
This takes a lot of time.
Security analysts are expensive resources. In many organizations, they are overwhelmed with work. Alerts are triaged, so that only the most serious get worked. Many alerts don’t get worked at all. That means that some security incidents are never investigated, leaving gaps in threat detection.
This is not new information for security pros. They get reminded of this every time they read an industry news article, attend a security conference or listen to a vendor presentation. We know there are not enough trained security professionals available to fill the open positions.
Since the start of the Industrial Revolution, we have strived to find technical answers to our labor problems. Much manual labor was replaced with machines, making production faster and more efficient.
Advances in artificial intelligence and robotics are now making it possible for humans and machines to work side-by-side. This is happening now on factory floors all over the world. Now, it’s coming to a new production facility, the security operations center (SOC).
Today, IBM announced a new initiative to use their cognitive computing technology, Watson, for cybersecurity. Watson for Cyber Security promises to give security analysts a new resource for detecting, investigating and responding to security threats.
I’m an avid Jeopardy fan (much to my wife’s chagrin), so I am painfully aware of the thrashing Watson gave Ken Jennings and Brad Rutter back in 2011. Even the smartest Jeopardy champions of all time couldn’t keep pace with the machine.
Once Watson learns the language and nuance of cybersecurity, it could become a very intelligent security analyst, giving security teams an advantage against the attackers targeting them. Up to now, the attackers have had all the advantages. As the security cliché goes, “The attacker only has to be right once, we have to be right 100% of the time.”
Personally, I believe this is a turning point for cybersecurity. Human security analysts are the bottleneck in security operations. Even with improvements in security analytics technologies for threat detection, analysts are still overwhelmed with alerts and data. Cognitive Security (IBM’s term for the use of cognitive computing in security) and emerging automation technologies will help to alleviate the bottleneck. In time, once they are proven successful, we may even start trusting the machines to make security decisions on their own. To hear more, check out my latest report: Quick Take: Your Next Security Analyst Could Be A Computer