Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

5/12/2016
03:30 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

IBM Watson Will Help Battle Cyberattacks

IBM and leading universities will train IBM Watson to discover hidden patterns and cyber threats.

IBM Security is giving its cloud-based cognitive technology Watson a new assignment: cybersecurity.

The new Watson for Cyber Security is now in training at IBM to study the nuances of security research findings in order to more effectively discover patterns and hidden cyberattacks.

IBM’s X-Force research library will be a central part of the materials fed to Watson for Cyber Security. That information includes 20 years of security research, details on 8 million spam and phishing attacks, and over 100,000 documented vulnerabilities. As part of a year-long research project, IBM this fall will work with eight leading universities and their students to further train Watson on the language of cybersecurity.

Unlike programmable systems, cognitive technology is based on training systems that can understand, reason, and learn to sense what’s coming – then communicate that in natural language. IBM is interested in training Watson for Cyber Security to detect security events in unstructured data such as blogs, wikis, videos, transcriptions, and related events, says Caleb Barlow, vice president of IBM Security.

The average security analyst is overwhelmed with data, and the average organization typically deals with 200,000 security incidents a day, Barlow says. The vast majority of those incidents are mundane or benign such as someone forgetting a password and being locked out of an account or a lost mobile phone. “So you are looking for a needle in a stack of needles,” when it comes to detecting a real security event, he says.

In addition, enterprises spend $1.3 million a year dealing on false positives alone, wasting nearly 21,000 hours. On top of that, there are 75,000-plus known software vulnerabilities reported in the National Vulnerability Database, 10,000 security research papers published each year, and over 60,000 security blogs published each month. All of this information makes it difficult for security analysts to move with informed speed, according to IBM.

Many analytic tools now give security analysts better visibility into structured data. “What we are kind of blind to is all the security information that fits in unstructured data,” Barlow says. “What Watson for Cyber Security will do is scan through all that unstructured data and bring context to what you are seeing.”

Researchers will take those 200.000 incidents and get Watson to ask its own questions: Have I seen this before?  Has anyone else seen this before?  Are there any indicators on other parts of my network that are infected?

Watson will pull all these threads just like a forensic researcher would do, Barlow says. When Watson finds a problem, it will identify and prioritize it, and then alert the analyst. Watson will say, for example, “I think I found unusual botnet activity in your enterprise and here is the evidence I have to back up this conclusion,” Barlow explains. 

The evidence could be that the botnet is coming from a known malicious IP address, or it appears in six different locations on your network, for example. The system will say “Here are the known indicators. I think you will have to take action right away,” Barlow explains.

IBM currently plans to process up to 15,000 security documents per month over the next phase of the training with the university partners, clients, and IBM experts collaborating, he says. 

IBM will incorporate other Watson capabilities including the system’s data-mining techniques for outlier detection, graphical presentation tools, and techniques for finding connections between related data points in different documents. This means Watson can find data on an emerging piece of malware in an online security bulletin, and data from a security analyst's blog on an emerging remediation strategy.

Tackling Cyber Skill Shortage

IBM also envisions Watson for Cyber Security helping address the cybersecurity skills shortage, freeing up analysts to work on more advanced problems, Barlow says. Some reports indicate that there will be 1.5 million vacant cybersecurity jobs by 2020. 

The research project will also provide university students hands-on experience in the emerging field of cognitive security, which could open doors of opportunity for them and supply organizations with potential employees with advanced security skills, according to IBM.

"We are constantly being asked by companies about availability of cybersecurity-competent students to be hired for executive positions. This is yet another way for our students to be at the leading edge of cybersecurity technologies,” says Stuart Madnick, John Norris Maguire Professor of Information Technologies for the Sloan School of Management and professor of Engineering Systems at Massachusetts Institute of Technology's School of Engineering.

“This project actually provides two complementary values to our students since it reinforces and enhances their expertise in both big data, artificial intelligence and cybersecurity,” Madnick says.

Other universities participating in the project include California State Polytechnic University, Pomona; Pennsylvania State University; New York University; the University of Maryland, Baltimore County (UMBC); the University of New Brunswick; the University of Ottawa and the University of Waterloo.

IBM also will consider offering Watson for Cyber Security as a commerical service. “Our goal is to try this on customer locations by the end of the year,” Barlow says. “In all honesty, we have to see what it can do. How it is commercialized and packaged is yet to be determined based on how good a job we can do.”

Related Content:

Rutrell Yasin has more than 30 years of experience writing about the application of information technology in business and government. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.