Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

5/12/2016
03:30 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

IBM Watson Will Help Battle Cyberattacks

IBM and leading universities will train IBM Watson to discover hidden patterns and cyber threats.

IBM Security is giving its cloud-based cognitive technology Watson a new assignment: cybersecurity.

The new Watson for Cyber Security is now in training at IBM to study the nuances of security research findings in order to more effectively discover patterns and hidden cyberattacks.

IBM’s X-Force research library will be a central part of the materials fed to Watson for Cyber Security. That information includes 20 years of security research, details on 8 million spam and phishing attacks, and over 100,000 documented vulnerabilities. As part of a year-long research project, IBM this fall will work with eight leading universities and their students to further train Watson on the language of cybersecurity.

Unlike programmable systems, cognitive technology is based on training systems that can understand, reason, and learn to sense what’s coming – then communicate that in natural language. IBM is interested in training Watson for Cyber Security to detect security events in unstructured data such as blogs, wikis, videos, transcriptions, and related events, says Caleb Barlow, vice president of IBM Security.

The average security analyst is overwhelmed with data, and the average organization typically deals with 200,000 security incidents a day, Barlow says. The vast majority of those incidents are mundane or benign such as someone forgetting a password and being locked out of an account or a lost mobile phone. “So you are looking for a needle in a stack of needles,” when it comes to detecting a real security event, he says.

In addition, enterprises spend $1.3 million a year dealing on false positives alone, wasting nearly 21,000 hours. On top of that, there are 75,000-plus known software vulnerabilities reported in the National Vulnerability Database, 10,000 security research papers published each year, and over 60,000 security blogs published each month. All of this information makes it difficult for security analysts to move with informed speed, according to IBM.

Many analytic tools now give security analysts better visibility into structured data. “What we are kind of blind to is all the security information that fits in unstructured data,” Barlow says. “What Watson for Cyber Security will do is scan through all that unstructured data and bring context to what you are seeing.”

Researchers will take those 200.000 incidents and get Watson to ask its own questions: Have I seen this before?  Has anyone else seen this before?  Are there any indicators on other parts of my network that are infected?

Watson will pull all these threads just like a forensic researcher would do, Barlow says. When Watson finds a problem, it will identify and prioritize it, and then alert the analyst. Watson will say, for example, “I think I found unusual botnet activity in your enterprise and here is the evidence I have to back up this conclusion,” Barlow explains. 

The evidence could be that the botnet is coming from a known malicious IP address, or it appears in six different locations on your network, for example. The system will say “Here are the known indicators. I think you will have to take action right away,” Barlow explains.

IBM currently plans to process up to 15,000 security documents per month over the next phase of the training with the university partners, clients, and IBM experts collaborating, he says. 

IBM will incorporate other Watson capabilities including the system’s data-mining techniques for outlier detection, graphical presentation tools, and techniques for finding connections between related data points in different documents. This means Watson can find data on an emerging piece of malware in an online security bulletin, and data from a security analyst's blog on an emerging remediation strategy.

Tackling Cyber Skill Shortage

IBM also envisions Watson for Cyber Security helping address the cybersecurity skills shortage, freeing up analysts to work on more advanced problems, Barlow says. Some reports indicate that there will be 1.5 million vacant cybersecurity jobs by 2020. 

The research project will also provide university students hands-on experience in the emerging field of cognitive security, which could open doors of opportunity for them and supply organizations with potential employees with advanced security skills, according to IBM.

"We are constantly being asked by companies about availability of cybersecurity-competent students to be hired for executive positions. This is yet another way for our students to be at the leading edge of cybersecurity technologies,” says Stuart Madnick, John Norris Maguire Professor of Information Technologies for the Sloan School of Management and professor of Engineering Systems at Massachusetts Institute of Technology's School of Engineering.

“This project actually provides two complementary values to our students since it reinforces and enhances their expertise in both big data, artificial intelligence and cybersecurity,” Madnick says.

Other universities participating in the project include California State Polytechnic University, Pomona; Pennsylvania State University; New York University; the University of Maryland, Baltimore County (UMBC); the University of New Brunswick; the University of Ottawa and the University of Waterloo.

IBM also will consider offering Watson for Cyber Security as a commerical service. “Our goal is to try this on customer locations by the end of the year,” Barlow says. “In all honesty, we have to see what it can do. How it is commercialized and packaged is yet to be determined based on how good a job we can do.”

Related Content:

Rutrell Yasin has more than 30 years of experience writing about the application of information technology in business and government. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
Kelly Sheridan, Staff Editor, Dark Reading,  8/21/2019
New FISMA Report Shows Progress, Gaps in Federal Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/21/2019
Aviation Faces Increasing Cybersecurity Scrutiny
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/22/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15513
PUBLISHED: 2019-08-23
An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang.
CVE-2019-15504
PUBLISHED: 2019-08-23
drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).
CVE-2019-15505
PUBLISHED: 2019-08-23
drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).
CVE-2019-15507
PUBLISHED: 2019-08-23
In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. Th...
CVE-2019-15508
PUBLISHED: 2019-08-23
In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fi...