Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

5/12/2016
03:30 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

IBM Watson Will Help Battle Cyberattacks

IBM and leading universities will train IBM Watson to discover hidden patterns and cyber threats.

IBM Security is giving its cloud-based cognitive technology Watson a new assignment: cybersecurity.

The new Watson for Cyber Security is now in training at IBM to study the nuances of security research findings in order to more effectively discover patterns and hidden cyberattacks.

IBM’s X-Force research library will be a central part of the materials fed to Watson for Cyber Security. That information includes 20 years of security research, details on 8 million spam and phishing attacks, and over 100,000 documented vulnerabilities. As part of a year-long research project, IBM this fall will work with eight leading universities and their students to further train Watson on the language of cybersecurity.

Unlike programmable systems, cognitive technology is based on training systems that can understand, reason, and learn to sense what’s coming – then communicate that in natural language. IBM is interested in training Watson for Cyber Security to detect security events in unstructured data such as blogs, wikis, videos, transcriptions, and related events, says Caleb Barlow, vice president of IBM Security.

The average security analyst is overwhelmed with data, and the average organization typically deals with 200,000 security incidents a day, Barlow says. The vast majority of those incidents are mundane or benign such as someone forgetting a password and being locked out of an account or a lost mobile phone. “So you are looking for a needle in a stack of needles,” when it comes to detecting a real security event, he says.

In addition, enterprises spend $1.3 million a year dealing on false positives alone, wasting nearly 21,000 hours. On top of that, there are 75,000-plus known software vulnerabilities reported in the National Vulnerability Database, 10,000 security research papers published each year, and over 60,000 security blogs published each month. All of this information makes it difficult for security analysts to move with informed speed, according to IBM.

Many analytic tools now give security analysts better visibility into structured data. “What we are kind of blind to is all the security information that fits in unstructured data,” Barlow says. “What Watson for Cyber Security will do is scan through all that unstructured data and bring context to what you are seeing.”

Researchers will take those 200.000 incidents and get Watson to ask its own questions: Have I seen this before?  Has anyone else seen this before?  Are there any indicators on other parts of my network that are infected?

Watson will pull all these threads just like a forensic researcher would do, Barlow says. When Watson finds a problem, it will identify and prioritize it, and then alert the analyst. Watson will say, for example, “I think I found unusual botnet activity in your enterprise and here is the evidence I have to back up this conclusion,” Barlow explains. 

The evidence could be that the botnet is coming from a known malicious IP address, or it appears in six different locations on your network, for example. The system will say “Here are the known indicators. I think you will have to take action right away,” Barlow explains.

IBM currently plans to process up to 15,000 security documents per month over the next phase of the training with the university partners, clients, and IBM experts collaborating, he says. 

IBM will incorporate other Watson capabilities including the system’s data-mining techniques for outlier detection, graphical presentation tools, and techniques for finding connections between related data points in different documents. This means Watson can find data on an emerging piece of malware in an online security bulletin, and data from a security analyst's blog on an emerging remediation strategy.

Tackling Cyber Skill Shortage

IBM also envisions Watson for Cyber Security helping address the cybersecurity skills shortage, freeing up analysts to work on more advanced problems, Barlow says. Some reports indicate that there will be 1.5 million vacant cybersecurity jobs by 2020. 

The research project will also provide university students hands-on experience in the emerging field of cognitive security, which could open doors of opportunity for them and supply organizations with potential employees with advanced security skills, according to IBM.

"We are constantly being asked by companies about availability of cybersecurity-competent students to be hired for executive positions. This is yet another way for our students to be at the leading edge of cybersecurity technologies,” says Stuart Madnick, John Norris Maguire Professor of Information Technologies for the Sloan School of Management and professor of Engineering Systems at Massachusetts Institute of Technology's School of Engineering.

“This project actually provides two complementary values to our students since it reinforces and enhances their expertise in both big data, artificial intelligence and cybersecurity,” Madnick says.

Other universities participating in the project include California State Polytechnic University, Pomona; Pennsylvania State University; New York University; the University of Maryland, Baltimore County (UMBC); the University of New Brunswick; the University of Ottawa and the University of Waterloo.

IBM also will consider offering Watson for Cyber Security as a commerical service. “Our goal is to try this on customer locations by the end of the year,” Barlow says. “In all honesty, we have to see what it can do. How it is commercialized and packaged is yet to be determined based on how good a job we can do.”

Related Content:

Rutrell Yasin has more than 30 years of experience writing about the application of information technology in business and government. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8913
PUBLISHED: 2020-08-12
A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a dir...
CVE-2020-7029
PUBLISHED: 2020-08-11
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged ...
CVE-2020-17489
PUBLISHED: 2020-08-11
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible f...
CVE-2020-17495
PUBLISHED: 2020-08-11
django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.
CVE-2020-0260
PUBLISHED: 2020-08-11
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152225183