Cognitive security can be interpreted as the application of AI technologies patterned on human thought processes to detect threats and protect physical and digital systems.
Like other cognitive computing applications, self-learning security systems use data mining, pattern recognition and natural language processing to simulate the human brain, albeit in a high-powered computer model. Such automated security systems that are designed to solve problems without requiring human resources.
Machine learning algorithms make it possible for cognitive systems to constantly mine data for significant information and acquire knowledge through advanced analytics. By continually refining methods and processes, the systems learn to anticipate threats and generate proactive solutions. The ability to process and analyze huge volumes of structured and unstructured data means that cognitive security systems can identify connections among data points and trends that would be impossible for a human to detect.
Cognitive security may be particularly helpful as a way to prevent cyberattacks that manipulate human perception. Such attacks, sometimes referred to as cognitive hacking, are designed to affect people's behaviors in a way that serves the attacker's purpose. Cognitive security efforts in this area include non-technical approaches to making individuals less vulnerable to manipulation as well as technical solutions designed to detect misleading data and disinformation and prevent its dissemination.
Data protection at rest - data storage has encryption applied, at the OS, Container, or DB level. a bad actor cannot defeat the security controls and read the data by accessing copying the drive, container, or other storage
Data protection in transit - data being transported "outside" of, or between, trusted home environment(s) has encryption applied, such as an SSL tunnel, VPN, or IPSec-enabled route. "trusted" in this definition is wherever the data is stored, or processed, and assumes that such an environment has sufficient controls to block 3rd party access.
Data protection in use (even though you didn't ask :) ) - data is encrypted or otherwise protected (such as pseudo anonymization for privacy data) while being processed, within an application or service (e.g. AWS Lambda). the intent is that malicious software with access to the service/process RAM or temp storage cannot discover meaningful data through that access.
"Data protection at rest" means when it is stored on the hard drive, tape backup, USB dongle, external drive, or anything where the data is stored to be retrieved later it is encrypted. However, when you access that data to use the file it is unencrypted so that it can be utilized.
"Encryption in transit" means that as you transfer a file from one drive to another, Email, FTP, etc. it is also encrypted so that it can not be intercepted while being moved.
I use Microsoft BitLocker full disk encryption for local storage and IPSEC between my computers at home. When connecting externally I use SSL, HTTPS VPN. I use Outlook for email and connect to Office 365 using IMAP/SMTP using SSL encryption protocols.
Thanks,
Patrick
Managing Director at a tech services company with 1-10 employees
10 January 22
Well, I suppose it really depends on the reason you ask the question.
Is it because you've been bitten by issues in the past?Is it because you have business users complaining or management wondering about user productivity?Is it because of teleworking and the recent workplace changes?I'm not sure the answers would be the same in every case you see or at least the tools and methods could differ depending on your priorities.If your role is measured on not having issues at all then you should ensure you have a BAM solution that's supported by several aspects of monitoring such as APM, BSM and ITSM.
APM constantly captures the user experience and measures specific metrics such as round trip time, connectivity time, response time, transaction rates, queue lengths so you have a good idea of what they're experiencing and what may cause that to degrade. Set up properly with synthetic probes it can provide early warning of issues or degradation that will lead to them well before anyone raises a callBSM should consume APM measures to correlate down the food chain and help identify the root cause. Dependency mapping is worthwhile for that, but if you consume SP services then you won't always easily get access to information that of what's gone or is going wrong. When other entities' services can degrade yours, then I'd recommend providing them with a Business value dashboard that shows that issues are coming from them and their impact on your business. It will help to find responsible providers and also negotiate penalties.But penalties aren't going to help you in your service delivery. Your business users will still bicker at you no matter how much you penalise the SPs you contract with.So you may need to monitor several SP's services and have the means to quickly switch i.e. you act as a broker finding and switching between services sometimes automatically. Thus monitoring those SPs and cloud services is going to be a must if your business depends on them.
It's not always easy. One of our customers queried us to see if we could improve the visibility of issues concerning virtual services his IT was responsible for. Issues with Microsoft Teams, Sharepoint and other vendors' services weren't easy to diagnose. We were able to research that and find ways to query Microsoft Azure services and correlate service reports with his own IT resources to see if issues were his, Microsoft's network SPs or something or the user's device.
Yes, these users were complaining that their devices dropped calls, were slow, had dropouts, couldn't access data and had slow synchronization. Does it sound familiar? You "could" decide that you want to collect the user machine logs files. Be careful, if you've seen Microsoft event logs - you'll know that those OS's generate tons of data.
You'll never have the time to search them all. Yes, Splunk or Elastic Search and similar tools can search but you'll need to know what you're looking for. Best practice-based search algorithms and templates usually come at a fair price. Don't be lulled into a false sense of security, if you consider those solutions ask for detailed references and try to speak to the people concerned.
In most cases, we've seen they'll tell you that it soon becomes very expensive both in terms of storage and other resources to make it work, but also in expertise and time taken to set up the searches properly. If you can leverage others' experience quickly and inexpensively then do so, otherwise be on your guard
Even in this day and age with high speed and most reliable networks, don't let some people say monitoring isn't useful anymore. And don't be fooled into thinking there's a miracle solution to monitor users' machines.
Choose wisely, and seriously consider open source solutions, they're well proven, secure, reliable, scalable, not expensive, yes they can be time-consuming to implement choose a partner wisely to assist.
Your original question asks for software solution recommendations. I've made some above but I won't elaborate more as I have never seen two customers with the same environment, priorities and legacy. There's really no silver bullet no ideal tool but there are some which when composed properly can approach that.
So, my final word of advice is to spend a little time specifying a set of use cases which if satisfied would approach that perfection. Then shortlist tools and consultants that can show how a tool stack and associated processes can approach it. Don't believe anyone who tells you EVERYTHING is possible.
Hi peers,
This is our new bi-weekly Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members.
Articles
Check the top products and solutions below (selected based on peer reviews) or contribute your own article!
Top Security Orchestration Automation and Response (SOAR) Solutions
Top 8 Data Loss Prevention (DL...
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias.
Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why.
You can read user reviews for the Top 8 Data Loss Prevention (DLP) Tools t...
Download our free Data Loss Prevention (DLP) Report and find out what your peers are saying about CoSoSys, Broadcom, Forcepoint, and more! Updated: September 2022.
Hi @Evgeny Belenky ,
Cognitive security can be interpreted as the application of AI technologies patterned on human thought processes to detect threats and protect physical and digital systems.
Like other cognitive computing applications, self-learning security systems use data mining, pattern recognition and natural language processing to simulate the human brain, albeit in a high-powered computer model. Such automated security systems that are designed to solve problems without requiring human resources.
Machine learning algorithms make it possible for cognitive systems to constantly mine data for significant information and acquire knowledge through advanced analytics. By continually refining methods and processes, the systems learn to anticipate threats and generate proactive solutions. The ability to process and analyze huge volumes of structured and unstructured data means that cognitive security systems can identify connections among data points and trends that would be impossible for a human to detect.
Cognitive security may be particularly helpful as a way to prevent cyberattacks that manipulate human perception. Such attacks, sometimes referred to as cognitive hacking, are designed to affect people's behaviors in a way that serves the attacker's purpose. Cognitive security efforts in this area include non-technical approaches to making individuals less vulnerable to manipulation as well as technical solutions designed to detect misleading data and disinformation and prevent its dissemination.