This document discusses cognitive security solutions and their potential benefits. It notes that current security challenges include keeping up with the increasing speed, sophistication and volume of threats. Cognitive security solutions could help by ingesting and organizing vast amounts of security data to provide better intelligence, speed and accuracy. The document profiles organizations as "Primed", "Pressured" or "Prudent" based on their security effectiveness, understanding of cognitive benefits, and readiness. The "Primed" are most familiar with cognitive security and have the resources to adopt it. While still emerging, the document recommends organizations recognize weaknesses and become educated on cognitive security to prepare.

1. ©2015 IBM Corporation1 22 November 2016
Cybersecurity in the cognitive era
Priming your digital immune system
David Jarvis, IBM Institute for Business Value
Diana Kelley, IBM Security

2. Today’s speakers
David Jarvis
Security & CIO Lead
IBM Institute for Business Value
https://securityintelligence.com/author/david-jarvis
https://www.linkedin.com/in/davidajarvis
http://twitter.com/dajarvis
Diana Kelley
Executive Security Advisor
IBM Security
https://securityintelligence.com/author/diana-kelley
https://www.linkedin.com/in/dianakelleysecuritycurve

3. Entering the cognitive era of
security solutions
 Cybersecurity is reaching an inflection point:
– Increasing numbers and sophistication of threats on track to surpass current
capabilities to address and mitigate them
– Volume of adverse events and incidents surpassing the capacity of most security
operations teams
– Financial costs and risks are growing rapidly
 Security organizations need to leverage new capabilities to get ahead of the risks and
challenges
 But with mounting skills and resource gaps, spending more and staffing up security
operations is getting harder and harder to do
 What if?
– You could enhance the effectiveness of security operations with new tools that could
ingest and organize the threat landscape much more rapidly
– Systems could be taught how to bring better context to each threat and identify real
ones with greater accuracy

4. ©2016 IBM Corporation 22 November 20164
Agenda
Overview Approach and firmographics
The current context Challenges, practices and gaps
Enter cognitive security solutions Benefits and challenges of cognitive security
Primed for cognitive security Characteristics of those that are ready
Recommendations How to start your cognitive security journey

5. ©2016 IBM Corporation 22 November 20165
Industry
We surveyed a balanced distribution of 700 security
professionals in 35 countries, representing 18 industries
Over $10B
$500M - $1B
$1B – $5B
15%
40%
20%
Company size
(in $USD annualized revenue)
Under $500M 20%
$5B – $10B
5%
Geography
North America
Central and
South America
Middle East
and Africa
Western Europe
Central and
Eastern Europe
Asia Pacific
Japan

6. The current context

7. ©2015 IBM Corporation7 22 November 2016
“It’s literally like being a merchant
sailor in the golden age of piracy —
there is no navy to protect you, there
is no police force, you are on your
own. On top of that, many don’t know
how to sail their boats, and they can’t
fire back at the attackers (it’s illegal).
You are literally trying to survive in a
hostile world with both arms tied
behind your back. However, you do
have some really interesting and
sophisticated tools to use that tell
you all about your threats.”
David Shipley – Director of Strategic Initiatives, Information
Technology Services, University of New Brunswick

8. ©2016 IBM Corporation 22 November 20168
The current security operations context from our data
Dealing with
increasing costs and
justifying investments
with the business
Worried about
addressing speed
and complexity of
threats
Focused on impacts
to operations and
brand reputation
Improving security
operations
capabilities
Working to address
gaps in network and
data security and
threat response
#1 cybersecurity
challenge today and
tomorrow is reducing
average incident response
and resolution time
78% have seen the
cost for cybersecurity
increase in the last
two years
57% looking to improve
monitoring of network,
application, and data-level
security in the next 2-3 years
68% say the loss
of brand reputation
presents the greatest
future concern as a
major impact of an
intrusion

9. ©2016 IBM Corporation 22 November 20169
The top challenge today is around response speed – analytics
will get even more focus in the future

10. ©2016 IBM Corporation 22 November 201610
Companies are increasingly concerned about a loss of
reputation in the future – surpassing operational disruption
The rising costs of cybersecurity infrastructure also becomes a more
substantial issue in the future – increasing ~2X from today
~2X increase in
the worry around
loss of brand
reputation as a
major impact of
an intrusion
Most significant impacts enterprise has experienced / expect from intrusions
74% 57%Operational disruption
Data breach without financial or IP loss 37% 26%
Loss of brand reputation 68%35%
Rising costs for cybersecurity infrastructure 25% 43%
Regulatory violations 20% 23%
Financial loss 20% 31%
Stolen intellectual property 20% 32%
In the futurePast 2 years
Criminal prosecution & liability 5% 4%

11. ©2016 IBM Corporation 22 November 201611
Almost everything is important, but network and data
protection coupled with speed are the weakest areas for most

12. ©2016 IBM Corporation 22 November 201612
Significantly changing priorities in the future suggest some
gaps may widen if future initiatives don’t align to challenges

13. ©2016 IBM Corporation 22 November 201613
With security costs continuing to rise, security leaders are
going to be under increased pressure to justify investments
Cost
78% have seen
the cost for
cybersecurity
increase in the last
two years
84% expect it to
continue to increase
in the next 2-3 years
Investment
70% spend over
10% of their IT
budget on
cybersecurity –
focused mainly on
prevention and
detection
ROI
63% get over a
25% ROI on their
cybersecurity
investments
With the majority
getting between a
25-50% ROI

14. ©2016 IBM Corporation 22 November 201614
This most important factor to obtain funding approval hinges
on clear communication of risks and benefits
21%
24%
43%
51%
61%
0% 10% 20% 30% 40% 50% 60% 70%
External industry expert opinion (security,
legal, compliance, regulatory)
Third-party security services
recommendations (managed security
services, security consulting)
A high-profile breach in my industry
Cross-functional support from finance, risk
management, operations, or other
executives
Description of current risk exposure/gap in
your company
Factors used to justify a request for cybersecurity-related investments
92% say their funding requests for cybersecurity initiatives require a return on
investment (ROI) or other financial analysis for justification and approval

15. ©2016 IBM Corporation 22 November 201615
That communication has to be in the language of the business,
cost to fix simply isn’t enough for financial analyses
16%
31%
41%
46%
66%
0% 10% 20% 30% 40% 50% 60% 70%
Payback period
Cost of capital
Direct loss: equity, cash, intellectual property
value, reputation
Opportunity cost; benefits lost as a result of a
breach
Cost to fix
Most important quantitative variables typically used in ROI/financial analysis for cybersecurity investments
Don’t underestimate the importance of incorporating opportunity cost/loss and
direct loss into investment justifications – speak in the language of the business

16. ©2016 IBM Corporation 22 November 201616
A Canadian leader in financial protection, wealth and asset
management takes a unique approach to create value
The right tone from the top
Their well educated CEO makes security #1 across the C-
suite and promotes collaboration
This approach has reduced the friction associated with
improving risk posture through projects and operations
Creating a solid business case for security
They look at the upstream and downstream benefits to the
business from their security investments
Use their security capabilities to improve overall business
efficiency in a number of ways, for example:
• Retire low use websites
• Bandwidth savings based on blocking transactions
coming into the environment
• Improve employee productivity by effective spam
mitigation
“I consider myself the
Chief Marketing Officer
of security to the rest of
the enterprise,
evangelizing the
benefits of a strong
security posture
supported by
demonstrating the value
it brings to my
stakeholders”

17. ©2016 IBM Corporation 22 November 201617
These challenges, weaknesses, efforts and pressures expose
three gaps to address – in intelligence, speed and accuracy
#2 most challenging
area today is optimizing
accuracy alerts (too
many false positives)
#3 most challenging
area due to insufficient
resources is threat
identification, monitoring
and escalating potential
incidents (61% selecting)
Speed gap
The top cybersecurity
challenge today and
tomorrow is reducing
average incident
response and
resolution time
This is despite the fact
that 80% said their
incident response speed
is much faster than two
years ago
Accuracy gapIntelligence gap
#1 most challenging
area due to insufficient
resources is threat
research (65% selecting)
#3 highest cybersecurity
challenge today is
keeping current on new
threats and
vulnerabilities (40%
selecting)
Addressing gaps while managing cost and ROI pressures

18. Enter cognitive security solutions

19. ©2016 IBM Corporation 22 November 201619
 Cognitive security is the implementation of
two broad and related capabilities:
– The use of cognitive systems to
analyze security trends and distill
enormous volumes of structured and
unstructured data into information, and
then into actionable knowledge to enable
continuous security and business
improvement
– The use of automated, data-driven
security technologies, techniques and
processes that support cognitive
systems’ having the highest level of
context and accuracy
To close the gaps, different technologies and
approaches are needed – enter cognitive security
 Enhance the work of
SOC analysts
 Speed response with
external intelligence
 Identify threats with
advanced analytics
 Strengthen application
security
 Reduce enterprise risk
Benefits

20. ©2016 IBM Corporation 22 November 201620
Traditional
security data
Cognitive security solutions can help tap the tremendous
amount of security knowledge created for human consumption
• Research
documents
• Industry
publications
• Forensic
information
• Threat intelligence
commentary
• Conference
presentations
• Analyst reports
• Webpages
• Wikis
• Blogs
• News sources
• Newsletters
• Tweets
Security knowledge dark to defenses
Typical organizations leverage only 8% of this content*
Human generated
knowledge
• Security events and alerts
• Logs and configuration data
• User and network activity
• Threat and vulnerability feeds
* Forrester Research: Can You Give The Business The Data That It Needs? November 2013
Examples include:

21. ©2016 IBM Corporation 22 November 201621
Almost two thirds believe cognitive security solutions will
address gaps – with ~20% planning to adopt in 2-3 years
Expectations Top 3 perceived benefits Adoption
Believe that
“cognitive security”
solutions can
significantly slow
down cybercriminals
57%
#1 Intelligence
#2 Speed
#3 Accuracy Although only 7% of the total
sample are currently working
on implementing cognitive-
enabled security solutions
today – this rises to 21% in
the next 2-3 years
3X
Today Next 2-3 years
Improve detection and
incident response decision-
making capabilities (40%)
Significantly improve
incident response time
(37%)
Provide increased
confidence to discriminate
between events and true
incidents (36%)

22. ©2016 IBM Corporation 22 November 201622
Factors holding back adoption include overall maturity and
secondarily, budget and communicating the benefits
0%
15%
16%
25%
28%
28%
45%
45%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
Don’t understand what is really meant by cognitive
security solutions
Not convinced of value added to current
cybersecurity solutions and capabilities
Not convinced of the benefits versus other
solutions
Not ready from an infrastructure perspective
(security operations center, software, hardware)
Lack of sufficient budget/funding to invest in this in
the next 2–3 years
Too difficult to communicate benefits to decision-
makers/lack proof points or use-cases
Lack of internal skills/competency to implement
Not ready from a competency perspective (skills,
process, methods)
Most are convinced of the value add and benefits of cognitive security
solutions and don’t feel it is a top challenge

23. ©2016 IBM Corporation 22 November 201623
EY sees how cognitive security solutions could be a way to
reduce the overall level of enterprise risk
Seeing internal and external challenges
A rapid pace of technological change and adversaries
advancing their tools and techniques
Digital innovation and transformation efforts within
organizations are pushing the enterprise flat – how do you
move fast with digital transformation without creating a
more porous perimeter?
Reducing overall risk with cognitive security solutions
Cognitive security solutions could:
• Provide better threat intelligence, helping to understand
potential attacks in the future
• Act as an expert advisor for a security operations
analyst, it could not only enhance their expertise, but
also may help to adapt and evolve security controls
based on what the system has learned over time
• Help to manage GRC, deciphering the different
requirements from multiple regulatory agencies
“There is a massive
amount of noise out
there, the human brain
can’t process everything
on a day to day basis –
we need something to
help, something like AI
or cognitive
technologies.”
Chad Holmes, Principal and Cyber
Strategy, Technology and Growth
Leader (CTO) at Ernst & Young LLP

24. Primed for cognitive security

25. ©2016 IBM Corporation 22 November 201625
“We are poised to take the
next step with cognitive and
intelligent solutions that will
efficiently ingest, organize
and bring context to an
enormous amount to security
information and knowledge
which today consumes a lot
of our time and resources.”
A Canadian leader in financial protection, wealth and asset
management

26. ©2016 IBM Corporation 22 November 201626
We profiled participants based on their security effectiveness
and appreciation of cognitive benefits
Security effectiveness Cognitive understanding Cognitive readiness
 Foundational
capabilities – risk
awareness across the
company, IT hygiene
 Advanced capabilities
– intelligent security
and rapid threat
response, robust data
security and privacy
Believe cognitive
security solutions can:
 Improve detection and
incident response
decision-making
capabilities
 Provide increased
confidence to
discriminate between
events and true
incidents
 Significantly improve
incident response time
 Are implementing or
planning on
implementing cognitive
enabled security
solutions
 Ready to implement
next-generation
cognitive enabled
security now
 Believe that cognitive
security solutions can
significantly slow down
cyber criminals

27. ©2016 IBM Corporation 22 November 201627
An analysis of the responses to these questions revealed
three distinct clusters
Pressured
52%
Primed
22%
Prudent
27%
Organization
More likely to report to the
CIO/CTO
More likely to report to the CEO
More likely to report to the
CIO/CTO
Resources
Lower % of IT budget allocated
to cybersecurity
More likely to report challenges
with obtaining sufficient funding
and filling a shortage of staff
Higher % of IT budget allocated
to cybersecurity
Higher % of IT budget allocated
to cybersecurity
Performance
Large majority feel they are on
par compared with other
companies
Large majority feel they are on
par compared with other
companies
Best self-assessed
preparedness compared with
other companies
Cognitive
familiarity &
challenges
A lower general familiarity with
cognitive security features and
value
More likely to report a lack of
sufficient funding an adoption
challenge for cognitive solutions
More likely to say that are not
ready from a competency
perspective to adopt cognitive-
enabled security solutions and
have trouble communicating the
benefits
A higher general familiarity with
cognitive security features and
value

28. ©2016 IBM Corporation 22 November 201628
The Primed have a better familiarity with cognitive security
and higher confidence, budget, and ROI than others

29. ©2016 IBM Corporation 22 November 201629
The Primed generally employ a more mature approach to their
security practices

30. ©2016 IBM Corporation 22 November 201630
“Cognitive security has so much
potential — you can meet your labor
shortage gap, you can reduce your risk
profile, you can increase your efficiency
of response. It can help you understand
the narrative story. People consume
stories — this happened, then this
happened, with this impact, by this
person. Additionally, cognitive can
lower the skills it takes to get involved
in cybersecurity. It allows you to bring
in new perspectives from non-IT
backgrounds into cracking the problem.”
David Shipley – Director of Strategic Initiatives, Information
Technology Services, University of New Brunswick

31. ©2016 IBM Corporation 22 November 201631
Although cognitive security solutions are still an emerging
technology area, there are things you can do today to prepare
Recognize your
weaknesses
Look at the primary weaknesses and vulnerabilities within your
organization. How are they connected? What is a priority? Evaluate
your intelligence, speed and accuracy.
Become educated
about cognitive
security
capabilities
Take a holistic and formal approach to learn about cognitive security
solutions. There could be many misconceptions in your organization
from a capability, cost and implementation perspective.
Define an
investment plan
It is difficult to build an investment case when a technology is new
and unproven – focus on the fact that cognitive security is a capability
that can improve the overall effectiveness of security operations.
Look to augment
your capabilities,
no matter your
maturity
Cognitive security solutions are an emerging technology area, and its
unique characteristics can benefit organizations of all sizes. Whether
you are Pressured, Prudent or Primed, there are things you can do.

32. THANK YOU

33. ©2016 IBM Corporation 22 November 201633
Learn more about the study: Cybersecurity in the cognitive era
Visit ibm.com/security/cognitive to download the report
Read the blog at Securityintelligence.com

34. ©2016 IBM Corporation 22 November 201634
Learn more about IBM Security
A global leader in
enterprise security
• #1 in enterprise security
software and services*
• 7,500+ people
• 12,000+ customers
• 133 countries
• 3,500+ security patents
• 19 acquisitions since 2002
*According to Technology Business Research, Inc. (TBR) 2016
Join IBM X-Force Exchange
xforce.ibmcloud.com
Visit our website
ibm.com/security
Watch our videos on YouTube
IBM Security Channel
Read new blog posts
SecurityIntelligence.com
Follow us on Twitter
@ibmsecurity

35. ©2016 IBM Corporation 22 November 201635
Learn more about the IBM Institute for Business Value
For more information
To learn more about this IBM Institute for Business Value study, please contact
us at iibv@us.ibm.com. Follow @IBMIBV on Twitter, and for a full catalog of our
research or to subscribe to our monthly newsletter, visit: ibm.com/iibv
Access IBM Institute for Business Value executive reports on your mobile device
by downloading the free “IBM IBV” app for your phone or tablet from your app
store.
The right partner for a changing world
At IBM, we collaborate with our clients, bringing together business insight,
advanced research and technology to give them a distinct advantage in today’s
rapidly changing environment.
IBM Institute for Business Value
The IBM Institute for Business Value, part of IBM Global Business Services,
develops fact-based strategic insights for senior business executives around
critical public and private sector issues.

36. ©2015 IBM Corporation