14 Science fiction movie released in 《 Transcendent hacker 》, The hero will upload his self-awareness to the Internet , Invade all networked devices , And by this way, the ability of knowledge storage and processing has been improved beyond imagination .
Although the final movie ending is inseparable from “ Human victory ” Necessity of , But imagine , If there is such a system , It's a collection of huge data that can't be measured and is still being generated on the Internet , Have human like “ cognitive ability ” As well as the existing hardware equipment for massive data storage and analysis capabilities , And apply this to the field of information security , So what kind of subversive changes will take place in our attitude towards security and the way we deal with security issues ？
in fact ,“ Cognitive security ” The concept is no longer on paper .
What is? “ Cognitive security ”
“ cognition ”（Cognition） In biology, it means that an individual gains knowledge （ Study ）、 understand 、 The process of training and finally realizing the prediction of the development of things in a certain probability . Human beings are higher creatures with cognitive ability . By reading books that record the wisdom of our predecessors , By talking to the teacher 、 Parents and their predecessors at work , To study , And constantly revise their own understanding of a certain field or even the whole world , Finally form their own way to solve problems and make decisions （ Judge ） Ability .
however , The analytical ability of a person or group of people , It's very limited , Especially when it comes to huge amounts of data . So is safety . In addition to the local network environment real-time log 、 Network flow data and constantly updated external threat intelligence （ Loophole 、 malice IP Etc ） Outside , And the safety reports issued by major companies , Academic papers , Many third-party vulnerability collection platform security event warning , And our Sina Weibo 、 Zhihuzhong safety University V Our technical Q & A and wechat circle of friends “ Be caught off guard ” Security incident swipe the screen ……
This information , Even if you want to do a timely and comprehensive collection , It's also quite difficult , Not to mention that a security analysis team should analyze certain events and apply the analysis results to the actual security operation and maintenance work . Because attackers don't give you enough time , And the amount of data you have to process , It's still increasing every day .
We take advantage of leak scanning 、SIEM Tools such as , utilize SOC, Realize to “ Machine readable ” Data “ Automation Security ”; We make use of STIX and TAXII Equal standard , Access to the latest threat intelligence sources . however , For more “ Unstructured ” data , But it can't be processed and applied effectively .
According to statistics , The world produces about 2.5 Ebyte （EB） data , And only 20% It's structured data that we can use directly . Can you take the rest 80% Use the data from , To a large extent, it determines the emergency response ability of the security analysts in the face of security threats , This is also directly related to the business losses caused by security problems .
in addition to , Security analysts discover attacks from , To track down 、 Confirm the safety incident , And then to respond 、 Eliminate the threat , This time window , It could be a few hours , It could be a few days , Even weeks . There is a general shortage of safety practitioners 、 Uneven level 、 Lack of effective tools , These are all It is difficult to achieve rapid analysis and timely response .
in fact , As early as 14 end of the year 15 Beginning of the year , When “ Threat Intelligence ” This concept is still a problem in China's security circle “ unfamiliar faces ” When , Enterprise security “ Invisible giant ”IBM Has begun to use it in “ data ”、“ technology ” as well as “ Security experts ” And so on , Take the lead in “ Cognitive security ” Field power , And it will be launched by the end of this year Watson for Cyber Security.
The development of cognitive security
Cognitive system is essentially a self-learning system , You can use data mining 、 machine learning 、 Natural language processing and human-computer interaction to imitate the way the human brain works .
IBM Watson Access to the world's nearly 80 Ten thousand blogs , All personal tweets and all kinds of document data on the Internet . Realize the active search and crawling of structured and unstructured data of the whole network , And using natural language processing technology , Preprocessing text data , Into machine readable data ; At the same time, with its huge “ A team of security experts ” Advantages and machine learning technology , By asking and answering , church IBM Watson “ What is safety ”.
Yes IBM Watson Do something about “ Security ” Training for
IBM Watson At the same time of safety incidents, we are constantly learning and revising our understanding of safety , And perhaps the most difficult part of this process is how to understand these words , This requires the security experts to constantly analyze IBM Watson Correct the output result and re-enter the corrected result into IBM Watson. for example “ Honeypot ” And “ A jar full of honey ” The difference between . When IBM Watson about “ The understanding of safety ” With a certain foundation , Here again “ The baseline ” On the use of “ Security ” The language of IBM Watson Do further training .
about “ Cognitive security ”,IBM I think the following three points are most important ： Ability to understand （Understand）、 Reasoning power （Reason） as well as Learning ability （Learn）. And these three points are mainly manifested in IBM Watson The ability to process text data and to “ Security ” In terms of cognitive ability .
Security analysts often “ be lost ” In the use of various event monitoring and tools , A series of false positives can also create a real anomaly “ noise ”, So that potential threats are missed by security personnel . And borrow from IBM Watson Our threat identification capabilities , Combined with embedded with X-Force Modular QRadar Data analysis and threat detection capabilities of the platform , as well as IBM In the near future 1 A hundred million dollars Resilient System Provided by the “ Event response ” technological process , Security analysts in enterprises have made great progress in dealing with security incidents and threats “ testing ” To “ distinguish ” Until then “ Respond to ” The complete solution .
IBM Lin zefen, general manager of information security in Greater China, once told the media that ,“ Security intelligence + Big data analysis + Cognitive security , This is IBM The biggest security guarantee that can be provided to enterprises ”. And that is “X - Force” + “QRadar” + “Watson for Cyber Security”,IBM The ability to integrate resources .
IBM General manager of information security in Greater China Lin zefen
Watson for Cyber Security How to apply
Watson for Cyber Security Currently not available as a separate product , It's integrated into... As a capability IBM QRadar platform , Similar to a App Deployed in the cloud .
QRadar After detecting anomalies and potential threats ,IBM Watson The use of QRadar Correlation analysis of the feedback local network environment data , Quickly give information about an abnormal behavior , Such as the number of abnormal behavior , Documents involved 、 Domain names and assets, etc , meanwhile IBM Watson According to what you have learned “ Safety knowledge ” Generate one's own “ Judge the point of view ”（Watson Insight） And the supporting details （Supporting Details）.
Local security analysts based on IBM Watson The information given is combined with QRadar After the local real-time network data analysis provided confirms the security event , One click submit to Resilient And get instant event response scheme . This greatly saves the analysis and response time of security personnel , For enterprises to reduce risks to a certain extent 、 Recover the loss .
Watson for Cyber Security In addition to combining your cognitive abilities （Cognitive） And the QRadar Platform integration provides SaaS Out of service （Cloud）, Open collaboration （Cooperation） It's also IBM Watson Emphasized “3C” One of . Through open standards and interfaces , With domestic and foreign manufacturers and Threat Intelligence through API Connect , give IBM Watson More accurate identification . To join “ Work together to plan ” China's domestic security companies may also be IBM Security To recommend to foreign enterprises in need .
in addition to , at present IBM The plan is for this year Q4 To launch the Watson for Cyber Security Our target customers are more Financial industry , Because the financial industry has the strongest demand for security capabilities , The most direct security risk , And the most investment in security .
“ Cognitive security ” It's a very new field , Almost all security companies in the world are rarely involved , And it has now been IBM This “ Blue giant ” Put on your own label . By the end of this year Watson for Cyber Security After official release , How about the specific effect ？ Is it enough “ Grounding gas ”？ We'll see ！