Cognitive Security Tames the Big Data Monster


The volume of event data that could be harnessed for security analysis bloats very fast even in small networks causing the risk of resource wastage on the wrong data while possibly missing good information, hence the reason why cognitive security is important.

In data-driven security, the goal should be to measure what matters, as not all data is useful. However, without a real reason to discriminate one set of data over another, the prudent path is to analyze everything. The result of that is strained resources including time, computing, and storage resources.

(Image: Pixabay)

(Image: Pixabay)

Cognitive analytics is an interesting subject in this context as it begins to offer a solution to the unwieldiness of big data. There are numerous tools now for the processing of data of various forms, but the problem is how to reduce the search for useful insight to center around what is known to be the most valuable information over time. In that sense, the cognitive security paradigm takes a machine learning approach to data processing to determine which is the data that really matters. In a white paper, IBM describes cognitive security as the implementation of self-learning systems that use data mining to mimic the functioning of the brain.

Cognitive insights, as one example, refers to the algorithm behind its version of cognitive analytics solution as automated signature construction, which as they discuss enables a security system tell when something irregular is happening that could indicate a threat even though the specific event does not match any existing threat signature.

The essence of cognitive analytics is the following: a human analyst can design a logical pattern of correlating and analyzing data and then give it to a machine that can apply this reasoning at a massive scale and also retain memory of the important outcomes for future application. For example, SparkCognition mentions that its artificial intelligence infrastructure can read through billions of pages of manufacturers' instructions and maintenance manuals. If an AI system can have access to this type of data in its complete form and for all components of a large system, then it can form correlations among possible causes of defects and failure in one component with possible sets of behavior in another component.

As a result, whenever actual behavior data starts flowing in, this AI analyst system can identify data that identifies potentially important relationships immediately to flag possible threats and potential failure. Additionally, with the ability to take a component and thoroughly research it in relation to potential threats and failures, cognitive analytics AI can also model potential failures not yet experienced and enabling the system to recognize future events if they begin to follow a potentially risky trajectory.

Cognitive analytics relies on data available within the network and data publicly available from the internet and other sources to continuously model threat patterns. This data includes attacks, exploits, threat signatures, solutions, threat evolution patterns, and other details of anomalous behavior in networks as well as data on different system components, their manufacturing, variation of models, failure patterns, and unsolved problems. All this data can then be applied with human expert-like reasoning while operating at large scale to cut through tons of data that would otherwise be hard to make optimal use of because of sheer volume.

At this level of analytics, data that is not meaningful can be identified as such immediately, and even though it may be processed or preserved in some way it doesn't present a risk of diverting useful resources towards analysis of useless data at crucial points in time. Even useful data can be analyzed based on known previous patterns in the sense that where the outcome of processing such data is always the same then previous information can be utilized while it remains reasonable. Over time cognitive analytics usage might make a big difference in helping organizations determine detect a threat in time, one moment too late, or never.

Nancy Mogire, IT & Systems Security Researcher

Nancy Mogire, a Kenyan, is a researcher in IT and systems security. She is a graduate student in information systems at Strathmore University, where she is working on a project with IT faculty to establish a curriculum for training in mobile applications and interactive mobile and Web technologies. She has been in the information field for about four years, previously focused on Web design and Web content production. Mogire is an avid reader of technology publications and blogs. When not doing any of the above, she finds time to play a game of chess or watch a TV series, usually legal, investigative, or political drama, and often with a twist of high-level technology.

Big-Data Analytics Stakes a Claim in Securing the Enterprise

A data-driven approach provides increased ability to anticipate and block threats based on timely, accurate information about good and bad defenses.

Beyond the Words: A Case for Handwriting Analysis in the Hiring Process

Looking for patterns in handwritten work can help hiring managers detect personality traits a company might want (or not want) in potential employees.


Re: Cognitive analytics
  • 3/21/2017 6:22:45 PM
NO RATINGS

..

Hopefully cognitive security algorithms will incorporate enough AI as to be able to deal intelligently with the outliers ...

..

Re: Cognitive analytics
  • 2/12/2017 11:45:48 AM
NO RATINGS

In the "the search for useful insight to center around what is known to be the most valuable information over time," I would guess it might be easier said than done. Our brains are often fooled into "explaining" past results and our explanations may prove actually faulty. Just how we can train our machines to figure out some complexities might not be so easy. And of course the more data we have over an extended time should be the most reliable, but probably never will be even close to 100% in prediction I would guess.

Re: Cognitive analytics
  • 2/7/2017 1:00:31 PM
NO RATINGS

Excellent parsing of this blog, Lyndon... thank you for that. Some basic definitions really help us all get on the same page, and also set parameters for a more informed discussion.

Re: Cognitive analytics
  • 2/6/2017 5:24:09 PM
NO RATINGS

Thanks indeed and for adding the broader perspective. It seems that in the broader  sense cognitive analytics will be at the core of AI's advancement even to be able to get to making sound autonomous decisions on crucial questions. For example if a person was using their weapon to try to shoot the masses at an airport, what if their weapon knew when to stop without also stopping at a different time when the owner was using it to defend himself at his home. The gun subject may have it's own controversy and hence a bad example perhaps but if it were possible to achieve that result with AI, there could be other less controversial applications where such AI could be immediately useful.

Cognitive analytics
  • 2/4/2017 11:10:13 AM
NO RATINGS

..

This is a quite interesting analysis of the application of cognitive analytics to a specific major problem area to process gargantuan quantities of big data to search for potential threats and render solutiuons to deal with them.

To understand congitive analytics in broader context, I found the following definition from Techopedia.com helpful:


Cognitive analytics can refer to a range of different analytical strategies that are used to learn about certain types of business related functions, such as customer outreach. Certain types of cognitive analytics also may be known as predictive analytics, where data mining and other cognitive uses of data can lead to predictions for business intelligence (BI).


 

Techopedia also provides a more elaborate explanation of this aspect of analytics:


Business professionals generally refer to cognitive analytics when talking about various uses of big data for business intelligence. The general concept here is that enterprises collect or aggregate large amounts of data from very diverse sources. Specific software programs or other technologies analyze these in depth to provide specific results that help a business get a better view of its own internal processes, how the market receives its products and services, customer preferences, how customer loyalty is generated or other key questions where accurate answers are used to provide a business with a competitive edge.

Many of the practical issues surrounding high-level analytics involve core issues, such as the precise methods used to collect and store data in a central location, as well as the tools used to interpret this data in various ways. Companies need to build good systems for cross-platform data usage and the processing of this data to a particular end. Technology vendors can provide analytics services and other helpful assistance, but in the end, the practical use of analytics is up to the people who work in a company, where business leaders must not only know how to gather data, but also how to use it correctly.


 

The security analytics described in Nancy's post highlight a particularly interesting augmentation of cognitive analytics with AI and machine learning.

 

INFORMATION RESOURCES
ANALYTICS IN ACTION
CARTERTOONS
VIEW ALL +
QUICK POLL
VIEW ALL +