With its breadth of knowledge and ability to understand human languages, cognitive computing is the next line of defence in the fight against cyber crime

Part of a technology risks series supported by

Cyber world

In an attempt to tackle some of the major cyber risks of our time, IBM is developing ‘cognitive computing’ technology. “We focus on what I call ‘security intelligence’ – the process of getting useful information from all the data that we are gathering by pulling it all together and analysing it visually, in such a way that it is really possible learn about what’s going on,” says Martin Borrett, director of the IBM Institute for Advanced Security, Europe.

“In this realm, there is already machine learning – or cognitive computing – involved, and this technology is becoming important to tackle the challenges posed by the volume, veracity and sophistication of the attacks everyone is facing.”

As criminal gangs are increasingly using the ‘dark web’ or the ‘deep web’ to share information, their attacks, such as Dyre Wolf (see box, p11), are becoming far more sophisticated and precise.

“The question is whether the resources – and, more importantly, the expertise – are available to avoid or mitigate these attacks?” says Borrett. “This is where our security intelligence comes in, because it enables us to keep experimenting and look to the art of the possible.

“This is concerned with trying to [establish] the potential in technology and then applying it to problems where it can really add value. Its ability to view language in natural form, to score and give weighting to data – these give it real potential in the security space.

“You load a corpus of knowledge, you teach and train it. It ingests data from a whole load of IBM sources and other, external sources to build up this huge breadth of knowledge and you teach it about key relationships. Then you can test it, ask it questions and really get to grips with the problems you face.”

Future potential

This is potentially a powerful tool in a fast-moving security environment. “Cognitive computing will have the potential in the future to augment what we are doing today,” says Borrett. “People often describe security as a game of cat and mouse, and it is. It never stands still. Things are always changing. Security intelligence has the power to offer a different perspective.

“A lot of what IBM does at the moment is analytic: bits and bytes and very numerical. The power of cognitive computing is in its capacity to use natural language to bring a whole new range of data to us. It can look far and wide, explore multiple hypotheses, come to a judgement on them and then come back with a series of suggestions and proposals. It can help establish what is behind an attack and even when another attack will be likely to happen.

“It won’t replace what we do now, but it may well make it a lot better.”