Towards Cognitive Security Defense from Data

IT organizations rely on a variety of independent security monitors and data sources to develop situational awareness for detecting and responding to security incidents. In spite of the advances in Security Information and Event Management (SIEM) for handling monitoring data in production environments, computer defense still depends on many cognitive human processes. In this context, having machines doing part of the cognitive work in lieu of humans is by now a real necessity. We present our framework towards the vision of cognitive SIEM, its building components and ongoing work on the topic