Attempting to prevent cyberattacks requires almost nonstop attention. As soon as a patch is created for a specific vulnerability, something different is threatening your system again. To prevent this, IBM is using its AI program Watson to help with cybersecurity.
Who is Watson?
Developed by the DeepQA project from IBM, Watson is an artificial intelligence service that is able to assist users with a multitude of projects, such as answering questions that are asked in natural language.
This machine was first developed to play “Jeopardy” And it not only played, it won the TV quiz show in 2011. Now, however, the possibilities of what Watson can do are even greater. Since 2013, IBM has increased the abilities of Watson to be able to be used for deciding treatment in lung cancer patients at Memorial Sloan-Kettering Cancer Center with WellPoint insurance.
In a Forbes article written in 2013, IBM Watson’s business chief Manoj Saxena said that 90 percent of nurses who use Watson follow its guidance. This incredible statistic shows just how powerful artificial intelligence can be.
What kind of things can Watson do today?
- Watson can analyze and interpret almost all data you give it. This includes unstructured text, images, audio, and video.
- Watson understands a user’s personality, tone, and emotion, allowing it to personalize its recommendations for you
- Watson uses machine learning to further its understanding of subject matters, becoming an expert in your apps and systems
- Watson allows users to create chatbots and engage in a conversation
Watson is available as a set of open APIs and Software as a Service (SaaS) products, with sample code, starter kits, a virtual agent, and Watson Explorer all available on IBM’s site. All Watson products are available here.
What does this mean for cybersecurity?
Be careful -- just because you’re a computer expert, it doesn’t mean you have a job in the upcoming world of automation. IBM Security is creating systems that understand, reason, and learn about security threats that never take a break.
IBM says that they are “beginning to build security instincts and expertise into new defenses that analyze research reports, web text, and threat data -- just like security professionals do every day -- but with unprecedented speed and scale.”
These machines don’t need constant reprogramming to be updated for each new security threat. Instead, this cognitive security builds upon security intelligence to create both answers and hypotheses. IBM’s AI can use reasoning built from evidence and past experiences to make expert decisions in real time.
Accordingly, “cognitive security will help address the current skills gap, accelerate responses and help reduce the cost and complexity of dealing with cybercrime.”
This advanced technology can quickly read and analyze “70,000+ documented software vulnerabilities, 10,000+ security research papers published each year and 60,000+ security blogs published each month,” according to IBM's site.
It is important to remember that all of this was written for humans, by humans, and is able to be integrated with structured data to uncover new insights and patterns by a machine. However, maybe cybersecurity experts shouldn’t fear for their jobs just yet.
IBM says it wants to use this collective knowledge and instinct as an extension of security analysts’ knowledge, helping them respond to threats quicker and with higher confidence through this extraction of both structured and unstructured data.
Last year, during a keynote speech at IBM’s World of Watson conference, IBM president and CEO Ginni Rometty explained, “Our goal is augmenting intelligence. It is man and machine. This is all about extending your expertise.”
The cognitive security IBM is offering its users utilizes “data mining, machine learning, natural language processing, and human-computer interaction to mimic the way the human brain functions and learns.” Similar to humans, this AI grows and learns with each interaction, becoming stronger at stopping threats.
This innovation is meant to be used in conjunction with security experts, though. While the cognitive system itself can spot anomalies and flawed logic, analysts can weigh multiple outcomes and make more educated decisions. IBM hopes that analysts will use these cognitive systems to augment their knowledge of a threat, faster and better than ever before.
Does it work?
In December, IBM announced that 40 companies, such as those in the banking, health care, insurance, and education industries, have agreed to participate in IBM Watson for Cyber Security Beta Program.
These companies will test the effectiveness of the cognitive security against cybercrime, namely how well IBM can integrate Watson into pre-existing security environments. The number of threats today is overwhelming for a single security analyst, or even a team of analysts at a large company, to handle alone. According to an article by Computer Weekly, IBM Institute for Business Value performed a study where almost 60 percent of security professionals “believe emerging cognitive technologies will play a critical role in turning the tide in the war on cybercrime.”
One way Watson will assist cybersecurity experts already working against attacks by helping to determine if an attack or security threat is associated with an already known malware or cybercrime campaign.
If so, Watson is able to give the users more information on the malware, vulnerabilities that were exploited, the scope of the threat, and more. Also, Watson can give additional context to user activity, assisting in identifying suspicious behavior that might otherwise go unrecognized.
Of course, through these beta testers, IBM will improve how Watson can assist in defending against many different types of cyberattacks, integrating it more smoothly with security systems already in place.
This cognitive security should be welcomed by cybersecurity experts. Machine learning algorithms excel at identifying and predicting attack patterns through what has been seen in the past, but this is not always how attacks occur. Watson is not yet able to preemptively identify attacks that don’t fit any sort of previous patterns.
Unlike computers, people aren’t always rational. Therefore, these automated tools cannot completely replace human analysis. Instead, analysts can detect, understand, and respond more quickly with the assistance of these cognitive security tools.