IBM on Tuesday announced Watson for Cyber Security, a cloud-based version of its AI technology, trained in cybersecurity as part of a year-long research project.
“This technology is about using Watson’s learning capability and ability to understand the meaning and context of human language, and applying that to the massive amount of unstructured security data — blogs, research papers, etc. — that isn’t accessible by current security technologies,” said Chief Watson Security Architect Jeb Linton.
IBM will collaborate with eight universities with renowned cybersecurity programs, including MIT and the University of Waterloo in Canada.
The universities’ students will provide the data for Watson. IBM security technical engineers will mentor them, letting them develop industry connections and relationships that might help provide future job opportunities and references, Linton told TechNewsWorld.
The information thus collected could be combined with behavioral analysis to better understand and prioritize threats in the future, he said. Watson for Cybersecurity also could be used in conjunction with predictive analytics systems.
IBM Research and the University of Maryland, Baltimore County, on Tuesday also announced a multiyear collaboration to create an Accelerated Cognitive Cybersecurity Laboratory at UMBC’s College of Engineering and Information Technology.
Watson’s Strengths and Weaknesses
“Speed and accuracy are critical to success in cybersecurity, and both will be greatly improved by having a cognitive system working side by side with a human,” Linton remarked. Watson “will rapidly search massive volumes of information, understand the arcane language of software security, and will provide the human analyst with a variety of options ranked by confidence.”
That ability “could take a trigger point from existing security solutions as seed data in its analysis and then map out resulting touchpoints which happen as a result of the initial infection,” said Brian Laing, VP of products and business development at Lastline.
“The greatest strength of IBM’s approach is taking unstructured data from disparate locations and organizing it into a central repository,” observed Travis Smith, senior security research engineer at Tripwire. “This is what analysts are doing currently with intelligence reports.”
Its potential weakness “will lie in the ability to determine which data is credible and which is not,” he told TechNewsWorld, because “there are quite a few [resources] which may not be relevant. Public research data may be theoretical in nature or entirely incorrect, [and] attackers may release counterintelligence to trick the system into thinking their attacks are benign.”
Watson will “face the same hurdles as other attempts to apply textbook analytics to cybersecurity,” suggested Igor Baikalov, chief scientist at Securonix.
Among those hurdles are “low quality of data and lack of labeled data, such as what’s good data and what’s bad,” he told TechNewsWorld.
“There are some areas, like malware and network traffic analysis, that might provide enough training data for Watson to be effective, but most cybersecurity problems require a new way of thinking and a different type of analysis,” Baikalov added.
Watson might be able to predict locations attackers would want to hit, but it’s less likely to catch a single low and slow attack, because it will look for relationships among data points, Lastline’s Laing told TechNewsWorld.
It would need to rely on other systems to detect that information, he said, “or would need to wait for the attack to do enough in the area of lateral movement, abnormal data access, etc., for it to trigger an event.”
AI’s Cybersecurity Potential
Pattern analysis no longer can be used in cybersecurity, and the bad guys “have figured out ways to beat legacy sandboxes,” remarked Craig Kensek, another security expert at Lastline.
Predictive analysis “is probably the next wave on the security highway,” but Watson for Cyber Security “uses neither,” he told TechNewsWorld.
Using Watson “could hasten the movement of companies away from outdated security solutions,” Kensek said. “This is a major threat to firms that primarily rely on signature files.”
MIT and machine learning startup PatternEx last month released a paper about an AI platform called “AI2,” which reportedly can detect 85 percent of attacks — about three times better than previous benchmarks.