IBM Watson steps into real-world cybersecurity

Watson for Cyber Security is a beta program that introduces IBM's machine learning technology to real-world security environments

IBM Watson steps into real-world cybersecurity
Tej3478

Watson is done with school -- for now -- and is ready to try out what it has learned in the real world.

IBM has launched the Watson for Cyber Security beta program to encourage companies to include Watson in their current security environments. Starting off with such organizations as California Polytechnic State University, Sumitomo Mitsui Banking Corporation, and University of Rochester Medical Center, the program will grow over the next few weeks to encompass 40 companies spanning industries like banking, travel, energy, automotive, health care, insurance, and education.

For the past few months, IBM Security has been working with eight universities -- California State Polytechnic University at Pomona, Penn State, MIT, New York University, University of Maryland at Baltimore County, and Canada's universities of New Brunswick, Ottawa, and Waterloo -- to help teach Watson the "language of cybersecurity." The research project involved feeding Watson's AI brain thousands of documents annotated to help the system understand what a threat is, what it does, and what indicators are related. Watson for Cyber Security combines machine learning and natural language processing to make associations in unstructured data like blogs, research reports, and documentation that security analysts can then use to make better, faster decisions.

The problem with unstructured data is knowing when one piece of information is more valuable than another and which sources of information are more reliable. But the beauty of Watson is that "crucial nuggets of knowledge filter up," in a form security professionals can use, Nasir Memon, professor of computer science and engineering at NYU Tandon School of Engineering, said in a recent InfoWorld video interview about cognitive computing and Watson for Cybersecurity.

Enterprises in the beta program can implement a variety of uses for Watson within their security environments, IBM said. For example, Watson can help determine whether a security event is associated with a known malware or ongoing attack campaign, or it can identify suspicious behavior. In the first case, Watson can provide contextual information, such as the name of the malware in operation, vulnerabilities being exploited, and the scope of the threat. In the latter scenario, Watson can provide additional details about the user's activity to help security teams decide whether the suspicious activity is malicious.

Watson's natural language processing capabilities help make sense of all the data it consumes. Data mining techniques will help detect outliers, and graphical presentation tools can find connections among related data points.

Many security professionals believe that cognitive technologies will soon be mature enough to improve time to detection and the speed of decision-making. They aren't waiting for the far-off future to have the tools to significantly slow down cybercriminals: 21 percent of security professionals in a recent IBM Institute for Business Value survey said they planned to work on cognitive security initiatives over the next two to three years.

"When we talk about cognitive computing, what we are mostly talking about is the marriage of traditional machine learning techniques on machine-created data, largely structured and semi-structured, with human language -- mostly natural language processing -- and bringing together a holistic view of both the structure and unstructured data world so you that you get the full picture," said Jeb Linton, the chief security architect of IBM Watson. "Only when you have both sides of it becomes what we call cognitive computing."