I have now had couple of months to familiarise with the major vendors offering what they each call “Cognitive Cybersecurity” and it is very interesting.
They all essentially mean the same – taking advantage of advanced business analytics to create better view and understanding about cyber universe and its threats. What the solutions actually do, is totally different.
There seems to be two major rules when talking about Cognitive Cybersecurity solutions (and this is the part where people gets irritated).
Rule number one. If you started as a network solution provider, your security concentrates on network security. If you started as anti-virus company, your security concentrates on virus detection and prevention on clients and servers. They have all kinds of fancy stuff, but the basic principles stay the same.
Rule number two. The more you pay, the better solution you get. To get a real Cognitive Cybersecurity solution, you have to pay a lot. There is no way to get round of it. It just costs a lot of money and resources. Period.
So if you are planning to have a solution not from client/server/network concentrated vendor and it will cost a lot more than $100K you are on the right track.
What should Cognitive Cybersecurity solution do? Most important thing you always need, is a lot of data. With out several data sources and big data you cannot have proper analytics.
When you have the data, it needs to be subjected to cognitive analysis. Proper data contains the traditional threat intelligence feeds and network analysis, but also audio, video, news, stock information, radio and even TV-news. Analysing Twitter tells you a lot more, than just waiting something to happen to your web service.
Analysed data is inserted to proper Security Incident and Event Management system and distributed to peers via intelligence sharing systems. On top of the all, you need a threat operations center or a Security Operations Center as usually called.
This sounds like a complex and expensive setup and it is. On the other hand, cybercrime is the worlds second most profitable criminal activity and even most of the governments do it. So you need to clarify how secure you need to be and act accordingly. I just want to point out, that there are solutions out there, providing the ultimate situational awareness and protection – not 100%, but close enough to make attackers turn away.