Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

5/12/2016
03:30 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

IBM Watson Will Help Battle Cyberattacks

IBM and leading universities will train IBM Watson to discover hidden patterns and cyber threats.

IBM Security is giving its cloud-based cognitive technology Watson a new assignment: cybersecurity.

The new Watson for Cyber Security is now in training at IBM to study the nuances of security research findings in order to more effectively discover patterns and hidden cyberattacks.

IBM’s X-Force research library will be a central part of the materials fed to Watson for Cyber Security. That information includes 20 years of security research, details on 8 million spam and phishing attacks, and over 100,000 documented vulnerabilities. As part of a year-long research project, IBM this fall will work with eight leading universities and their students to further train Watson on the language of cybersecurity.

Unlike programmable systems, cognitive technology is based on training systems that can understand, reason, and learn to sense what’s coming – then communicate that in natural language. IBM is interested in training Watson for Cyber Security to detect security events in unstructured data such as blogs, wikis, videos, transcriptions, and related events, says Caleb Barlow, vice president of IBM Security.

The average security analyst is overwhelmed with data, and the average organization typically deals with 200,000 security incidents a day, Barlow says. The vast majority of those incidents are mundane or benign such as someone forgetting a password and being locked out of an account or a lost mobile phone. “So you are looking for a needle in a stack of needles,” when it comes to detecting a real security event, he says.

In addition, enterprises spend $1.3 million a year dealing on false positives alone, wasting nearly 21,000 hours. On top of that, there are 75,000-plus known software vulnerabilities reported in the National Vulnerability Database, 10,000 security research papers published each year, and over 60,000 security blogs published each month. All of this information makes it difficult for security analysts to move with informed speed, according to IBM.

Many analytic tools now give security analysts better visibility into structured data. “What we are kind of blind to is all the security information that fits in unstructured data,” Barlow says. “What Watson for Cyber Security will do is scan through all that unstructured data and bring context to what you are seeing.”

Researchers will take those 200.000 incidents and get Watson to ask its own questions: Have I seen this before?  Has anyone else seen this before?  Are there any indicators on other parts of my network that are infected?

Watson will pull all these threads just like a forensic researcher would do, Barlow says. When Watson finds a problem, it will identify and prioritize it, and then alert the analyst. Watson will say, for example, “I think I found unusual botnet activity in your enterprise and here is the evidence I have to back up this conclusion,” Barlow explains. 

The evidence could be that the botnet is coming from a known malicious IP address, or it appears in six different locations on your network, for example. The system will say “Here are the known indicators. I think you will have to take action right away,” Barlow explains.

IBM currently plans to process up to 15,000 security documents per month over the next phase of the training with the university partners, clients, and IBM experts collaborating, he says. 

IBM will incorporate other Watson capabilities including the system’s data-mining techniques for outlier detection, graphical presentation tools, and techniques for finding connections between related data points in different documents. This means Watson can find data on an emerging piece of malware in an online security bulletin, and data from a security analyst's blog on an emerging remediation strategy.

Tackling Cyber Skill Shortage

IBM also envisions Watson for Cyber Security helping address the cybersecurity skills shortage, freeing up analysts to work on more advanced problems, Barlow says. Some reports indicate that there will be 1.5 million vacant cybersecurity jobs by 2020. 

The research project will also provide university students hands-on experience in the emerging field of cognitive security, which could open doors of opportunity for them and supply organizations with potential employees with advanced security skills, according to IBM.

"We are constantly being asked by companies about availability of cybersecurity-competent students to be hired for executive positions. This is yet another way for our students to be at the leading edge of cybersecurity technologies,” says Stuart Madnick, John Norris Maguire Professor of Information Technologies for the Sloan School of Management and professor of Engineering Systems at Massachusetts Institute of Technology's School of Engineering.

“This project actually provides two complementary values to our students since it reinforces and enhances their expertise in both big data, artificial intelligence and cybersecurity,” Madnick says.

Other universities participating in the project include California State Polytechnic University, Pomona; Pennsylvania State University; New York University; the University of Maryland, Baltimore County (UMBC); the University of New Brunswick; the University of Ottawa and the University of Waterloo.

IBM also will consider offering Watson for Cyber Security as a commerical service. “Our goal is to try this on customer locations by the end of the year,” Barlow says. “In all honesty, we have to see what it can do. How it is commercialized and packaged is yet to be determined based on how good a job we can do.”

Related Content:

Rutrell Yasin has more than 30 years of experience writing about the application of information technology in business and government. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12346
PUBLISHED: 2019-06-24
In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post.
CVE-2014-9699
PUBLISHED: 2019-06-24
The MakerBot Replicator 5G printer runs an Apache HTTP Server with directory indexing enabled. Apache logs, system logs, design files (i.e., a history of print files), and more are exposed to unauthenticated attackers through this HTTP server.
CVE-2019-7231
PUBLISHED: 2019-06-24
The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer, causing an exception that termi...
CVE-2017-17945
PUBLISHED: 2019-06-24
The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.
CVE-2019-10271
PUBLISHED: 2019-06-24
An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privileged users. ...