KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Good afternoon, ladies and Tren, and welcome to EIC. Number 11. So EIC 2017 it's, as I've said, the 11th of our conferences. I'm glad to have you here again, to see again, a record breaking EIC this year with more attendees than ever before. And so thank you Sasha, for the introduction, we will have the first live Paul during my keynote, I plan to attend the morning run tomorrow. Maybe that's helps you to get up early as well.
So that's as a few words, starting there's someplace in the, on the other side of the hall available, I will talk about a topic which becomes more and more prominent, which was cognitive security, artificial intelligence, and all what is around. And so the title of my speech today is can artificial intelligence close the gap between cyber adversaries and their victims. So looking at how to solve or help to help solving the skills shortage in cyber security by applying technology, not only technology, but I think there is technology, which definitely can help us getting better on this.
And so to start with that, I wanna start with five axioms on the state of cybersecurity. And the first one is there is no 100% security, whatever your security people or some of you might be security people, but whatever they tell you, there is no 100% security as much money as you want to invest. You will never reach 100% that touches later on. Again. The second one is maybe the most important one once a system, a device or a thing. And it's not only the computers anymore where you could say a device and thing are computers trusting. Another phone factor is connected. It is under attack.
And more importantly, every individual in every organization is, or has been attacked successfully. We might not know about it, but we should assume that we have been already hacked as an organization.
Anyway, I think virtually no way to avoid us. There are back doors to hardware, software networks. Your keys may already have been duplicated and they are not sufficient, skilled, or not enough sufficiently skilled people out there for your so to staff your cyber defense center. I think this is one of our biggest issues. We are facing a lack of people.
So these axioms, I think from my perspective describe, well, the state of cyber defense, we are in ever increasing number of attacks, a lot of successful attacks and skills shortage, and to make it even worse when we look at how these attacks occur. So it starts with a little bit red and gets more red and then it maybe gets a little bit more into the green area. So the phase one, so to speak is the creation of an attack, which in some areas such as ransomware is more or less industrialized today, then we have to phase with the undetected attacks. So there's a new attack.
Wecter a new attack pattern. And at the beginning, it's not detected. This is the most critical phase because we don't know about it until it's, it becomes sort of known if it's, until it's detected, analyzed, et cetera, we get some patches, they are developed and distributed. And maybe a couple of years later, everyone has installed the patch. Unfortunately it commonly takes very long. So if we take, I think it was two or three years ago when we had this, one of the keynotes around heart bleed, it took months to patch the first 50% of the affected systems. So still a challenge.
And so we have a RideAlong period of unknown attack patterns, and we have a period of known attack patterns for attack patterns that are not known. We can't just look at, oh, is there this type of attack? If we don't know it, it's harder to identify. So the only thing we can do is we can try to identify if there are things happening, which are not the normal. So looking for the anomalies once, once we know it, we can also start searching for known attack patterns.
And there has been a lot of discussion, particularly over the past couple of weeks around how well do anti-malware products really help. And when we talk about signature based anti-malware I think we have to be clear about that works when we know know for which signature we have to look, but it doesn't help us for this potentially very long period before the unknown attack pattern becomes a known attack pattern. So from my perspective, it's time that we, to be honest, we already do it in many areas, but it's time to look far more than ever before at this broad field of cognitive security.
There's a lot of technology out there and it's not. And I'll also talk about this a lot in my keynote. It's not entirely new. It's out there for quite a while, but we are still sort of scratching the surface of what we can do with advanced security technology to better compete against or to better defend against our attackers. So this is sort of the scenario where we are in and when we look at what happens. So we have a couple of systems, in fact, many systems because all systems collect their event, information they're recorded. We have some central systems.
So we have, I call it trust event collection system. And we correlate these events in some way. Correlating is important because as we all know today, a lot of these attacks are more long running attacks or more complex attacks, which involve activities at more than one system. So that's one of the first areas where cognitive technologies can help by better identifying which of these events are in fact incidents, technology that helps us faster and at a more complex level analyzing these correlations.
And what we then need to do is to understand what are known incidents, what are sort of known regular and critical events and what is the gray area of the unknown events. And obviously our targets must be to minimize the number of these unknown events. So when we look at the events, sort of as a pyramid, the pyramid of events and incidents, then the most critical area is the gray area in between other black area. The black area is something we know if we know that this certain attack pattern, then we can define on how we react on this.
So dealing with things we know is easy, and if it's uncritical, it's even simpler, the challenge to minimize the number of things we don't know. And again here, this is the area where first analyze this is required. And this is the area where the skills shortage has its biggest impact. This is the area where again, cognitive technologies come into play. So we have our incident management systems to take a very generic term. And what we can do here basically is we can use the technology to on one hand, support us in the analyzes and to provide additional information about the context of this.
For instance, looking for the right documents for the right support documents, whatever that help us doing this analyzes. So cognitive technologies potentially help us doing the B drop better in that area by on one hand, minimizing the events and helping us in better dealing with this ever growing number of incidents. So I already touched some buzzwords and I think this is one of the big challenges I think, with everything in it. So once there's something new in it, the marketing departments go out and try to find some new passwords. They can use have us here as well.
And even more when I take this term of artificial intelligence, I'm sufficiently old to also have experience sort of the first wave of artificial intelligence, somewhere in the eighties, early nineties, maybe which then pretty much disappeared. So there was first type. So AI defined means it's the science of making computers sort of tasks that usually require human intelligence in a broader sense. And there's sort of the, the strong AI where the idea would be that a computer has a mind exactly the same sense human beings have minds.
So I CRA out a little, because this is not really the area we're talking about. It's if at all, very, very far away, hopefully my personal perspective, we never will experience that, but there's sort of the applied AI, the weak AI.
However, you'd like to phrase it, which is more focused on solving specific problems. And this is where the AI AI research goes in on one hand. So looking at new types of things and where we, on the other hand, see the cognitive solutions appearing. And as I said, it's not entirely new. When I go back to the days of the new economy, it was called. So around the year 2000, I spent a couple of years in a company, which in fact used some sort of the technology already not insecurity in another field, but it's not entirely new.
But what we are seeing today is I would say a strong uptake in what we can do with that. So in information security, where we see such solutions self-driving vehicles needed, obviously to some extent, psychological profiling, postal mail, address detection, a very old area of where we find such obliged AI to some extent and many more. So there are already some, there are new ones appearing behind that. We see a lot of cognitive technologies. So computer vision, language, natural language processing, and knowledge representation, and more.
So there are a broad set of fields where we see technologies that try to enable a machine to support what humans are doing. So it's at the end taking some tasks, supporting the humans and what they're doing, many of these are based on machine learning methods, but not all of them machine learning probably is the most abused password on that list because everything today is machine learning. Even if the machine doesn't learn anything. So there are some machine learning methods such as pattern recognition, outlier detection, genetic algorithms, deep learning, and more.
So there are various such methods. And behind that there are various algorithms and methods, which are for instance, neural networks, cluster analyzes, regression analyzes. On the other hand, we have a couple of technologies which are, tend to be sold as sort of a machine learning technology, but are not machine learning, such as pattern detection and some other stuff here we have. So pattern matching everything which just works on simple redefined rules and doesn't learn, but is based on this deterministic approach is not machine learning.
So this is the world we are looking at and we see a significant uptake in this area. And as I said, many of these things are not new. Many of the algorithms stayed back to the 1960s. Some even earlier some later newer networks are out there for quite a long time. On the other hand, we, as I've said, we see this uptake and I think there's a good reason. Not only the demand side we needed in many areas. So for self-driving vehicles for information security, but also we need it. We have sort of a better chance to really make it work. So back to cognitive technologies.
So cognitive technology in fact is machine learning plus training data plus the human expertise. So when we bring these things together, so that technical approaches for machine learning, plus the data we work on, plus the human expertise. Then we have the cognitive technology, which we then can apply to a concrete problem, which means the business case. Plus the cognitive technology then makes our cognitive solution and that's where we should aim for. So getting away from the, the theoretical foundation towards the concrete solution for concrete business cases, where technology can support us.
And one of these areas I see is information security. We will have a live pod right now, so you can use your app and provide your answer. So will cognitive security help mitigating cybersecurity risks. The poll will appear on a couple of slides, so you can start answering now it now. So what really makes difference if we talk about cognitive technology is not the algorithm, it's what we have in results. This is the reason why we are getting better in business. So the target having technology solving tasks that usually require human intelligence.
So understanding, learning, reasoning, decision making interaction. So it's sort of a list of understanding similar than decision making, obviously, particularly making reasonable decisions is more difficult. Most people have problems with that anyway. So why can't we do it better right now? I think it's a combination of two things. One is we have the capabilities of algorithms and methods. The other is we have more than ever processing power, but also the learning speed and the understanding of how to train the machine. So from in a heat map, red is the hottest area.
So from roots and queries, very traditional to advanced statistical methods to neural networks, to a combination of algorithms and methods and most cognitive technologies and solutions rely on a couple of such technologies. It's about combining both these areas. So the well chosen algorithms and methods with the processing power to really end up with better, stronger cognitive capabilities, which then can support us in better doing our business.
And yes, clearly we will. We are facing this age old problem with AI, which is the lack of common sense, the ability to recognize and reject decisions that are obviously stupid, even to the layman, that, and will remain one of the biggest issues at the end of the day, even with AI, computers will remain dumb. They just can do something better if they're drained to do it. But once they leave sort of this comfort zone, we are at the end.
So cognitive technologies can help supporting the CDC, the cyber defense center, where we need to identify, to prevent, to detect, to respond and recover, to improve when it comes to attack. So we need to identify attacks. We need to prevent them. We need to detect them. We need to respond and recover and improve our sort of security push. So identifying it, risk management, our GRC framework, our corporate risk management come in here, prevent we have our third information. We have security operations configurations, and then we detect it in the cyber defense center.
We respondent recovers through the incident management and we improve it. Finally understand the risks, prevent attacks, and learn about new vectors, immediate detection, and in-depth analyzes then defined incident handling and the continuous improvement. This is what makes up sort of the, the high level structure of what we need to do in our cyber defense center. And this is where these cognitive technologies come into play as well.
So yes, we need integrated processes. That's more an organizational thing, but the security intelligence platforms, which we should use within our cyber defense center, they already started using, and they increasingly use cognitive technologies for early detection of attacks, even of complex attacks.
And again, that goes back to this pyramid slide I had before the structured handling of incident and the support for analyzing these again, is something which can be supported by cognitive security solutions. So, yeah, then we have the feedback part, which is more sort of the overall structure here. So cognitive technologies can support the CDC. They also can make identity and access management more big, big quotas, intelligent in several areas. So authentication in the area of adaptive authentication, better understanding the authentication risk than adapting the authentication accordingly.
In fact, something which is done in various areas. So if you look at what banks are doing, when it comes to financial fraud, some of these technologies are already there, risk analyzes. So identify and manager risks, understand risk patterns, adapt your access, controls, all that stuff. Interestingly here is also, it's not entirely new. If you look at some of the role mining products, which have been out partially more than 10 years ago, they already used some of these technologies. And then we have to clearly, obviously the area of session and user behavior analytics in that field.
So under detecting the Analyst immediately are responding to such behavior. We see a strong uptake in these days. So with a lot of vendors coming up with some privilege, behavior analytics and other vendors, adding it more in a generic form beyond the privileged users, these are areas where we see, see this happening. And as I've said, even with that, there is no a hundred percent security because the limit of cost of security is infinite with security moving towards 100%. We can look at it also from the other perspective. So when we look at our risks, the curve is so to speak different.
So for 0% risk, we would have infinite cost. So we need to understand what is the cost of incident. It might look a little bit more like that, or a little bit more like that. Still not a hundred percent sure what is the most appropriate curve here, but at the end of the day, we need to understand how much can we spend for security. And that's where the cost of security is higher than the cost of the incident. So reaching slowly, the end of my keynote, I wanna bring in some, two other sort of heat map style graphics. So one is what I've called the cognitive security heat map.
So, which are the technologies where the security impact is highest and where the maturity is highest. So the ideal technologies would be somewhere in the upper right edge of that picture.
In fact, we have some which are more mature. We have some which are starting to show a higher security impact, but are less mature. It's still a journey we trust have started, but I think it's an important journey. And it also shows that there are many areas where we see an increasing use of such technologies, even while not all of these tech, these implementations we find are based on cognitive security. So you see adaptive authentication without, but you'll also find it with cognitive security somewhere in there, fraud detection, security, intelligence, threat information filtering.
So getting a grip and all that masses of information around threat this in structure information. These are some of the areas where we see strong potential for that type of technologies. So this is of you on technology where we see a potential for these technologies. So getting better or only work well based on cognitive technologies. So this is our, the field where we see cognitive solutions being of major interest. And so when you compare it, so to speak with some of the, with the red bullet, some of the traditional technologies, yes, they are mature.
They have their security impact, but they have a limited potential. And this is the cognitive potential from our perspective from so to speak the cognitive current, which still has to mature a lot to the cognitive potential is very significant.
And I'm absolutely convinced that we will see a very steep uptake over the next three to five years in that field with more amount solutions arriving in the market, supporting us and doing our business, our security better than ever before, or at least good enough to become not another victim too frequently, which might be the more negative view on the same thing. So does it help us closing the skills gap?
That was part of my title of this presentation, as I've said, when I've already defined this term AI, it's making computers, solving tasks that usually require human intelligence, cognitive solutions, support humans in doing their better in, in doing their job better, that way around. And so how can we close that gap? We need to invest in education. Absolutely.
We need also to look for services because even when we get better, we rarely will find all the people we need and managed service providers can benefit from the economies of scale here, but also we need to use the right tools and these tools are tools more and more tools which make use of what we can do technology wise. And we can do it for a while. What comes in is we get more experience and we get more computing and processing power to really do it in a successful way. So what are finally my recommendations, if you're an end user organization, investigate cognitive security.
Now when investing in cybersecurity, because that's the future and ask for what is behind the buzzwords, what is really behind the buzzwords? The vendors will bring up if you are a vendor, then it's time to understand the potentially if you're not already doing it, hire the Roth or rare cognitive security experts, by the way, they are more experts for cognitive than for cognitive security out there. Because as I've said, these algorithms, these methods are not entirely new. Many of these are out for 50 years, so they are skills.
So to succeed, you must reinvent yourself and look at, do these technologies deliver a benefit to you and your customers with that I'm done for, with my keynote. Thank you for listening. Thank you very much, Martin. There's some questions in the tool. I would like to read a few of them. For example, we are already, we already have anti-spam antivirus and anti-malware IBS. See working effectively, is this any different or an extension? So the question was, there's already anti virus, anti malware, anti-spam working effectively.
Yes, but these technologies commonly are based on sort of analyzing what they know about. And the challenge as I've pointed out in one of my earlier slides, is that we have more and more attack patterns we don't know about. And so we have this term of the zero day attack.
In fact, the zero day attack is not a zero day attack. It's a minus 200 or minus 500 or even longer day attack. So it's running sometimes for years and we might be affected by it because someone might know about it, probably some of the attackers or some of the nation, state attackers. Yeah. And the last question is the one that has been, has been put forward by a lot of people now who will check that the algorithms use will not do harm. Yeah. I think that's a great question.
It's to be honest, one of the biggest challenges in that field that you can clearly abuse such technologies on the other hand. So the, the most scary example for me has been IBM Watson being able to do a, create a psychological profile out of a 3000 word text.
However, it just uses standard psychological methods, which are out there for a long time. It trust does it in an automated way. But anyway, I think everyone of us has to be, to act responsively with such technologies. On the other hand, to, to be pessimistic, we will not stop someone from doing Yeah. So we controls processes like we do have in another sectors as well. Okay. Thank you very much, Martin. There was.
