IBM Tweaking Watson AI For Cyber Security Analysis

Coming to a SOC near you: IBM's Watson, which will be trained to do cyber security analysis in a joint project with U.S. and Canadian universities.
Coming to a SOC near you: IBM’s Watson, which will be trained to do cyber security analysis in a joint project with U.S. and Canadian universities.

In-brief: IBM said that a new, cloud-based version of its Watson cognitive technology is being trained to help detect cyber attacks and cyber crimes.

IBM’s Watson artificial intelligence (AI) may be coming to a SOC near you. The company said on Tuesday that a new, cloud-based version of its Watson cognitive technology is being trained to help detect cyber attacks and cyber crimes.

The company said Watson for cyber Security is a “critical step in the advancement of cognitive security.” As part of the program, IBM will team with researchers at universities in the U.S. and Canada to help train the artificial intelligence to offer the kind of insights into raw security data that, currently, only humans can muster.

“Security analysts are already fighting fires. Wouldn’t it be nice if they could be a little proactive,” said Charles Palmer, a Distinguished IBM Research staffer in a video released by the company. “How do you get to be proactive? You read. You learn. What are bad people doing?” Watson, Palmer said, “is reading the same stuff.”

“What Watson brings to the table is the distilled human understanding that is most relevant to making those decisions about (a) boiled down list of (security incidents) “said Jeb Linton, the Chief Security Architect on IBM’s Watson team.

As part of the project, IBM will work with academics at well-known universities including MIT, Penn State, NYU, University of Maryland, Pomona and Cal State Polytechnic, as well as the Universities of New Brunswick, Waterloo and Ottawa in Canada.

Researchers there will be training the Watson AI to understand information security like an expert – starting with the basic vocabulary of the trade: things like “exploit,” “dropper,” “incident” and (ahem) “Adobe.”

Security analysis would seem to be well suited to the use of AI. IBM notes that the average organization is presented with over 200,000 “pieces of security event data” each day. Responding to “false positives” in that data is a huge and costly problem. Further, no human security researcher can stay on top of the estimated 10,000 security research papers published each year and over 60,000 security blogs (including this one) that are published each month. “Security analysts are severely challenged to move with informed speed,” IBM warned.

IBM said the news is part of a “pioneering cognitive security project to address the looming cybersecurity skills gap.” But Big Blue isn’t go so far as saying that Watson or related artificial intelligence will replace the jobs of would-be security analysts. Rather: the technology is being designed to “improve security analysts’ capabilities using cognitive systems that automate the connections between data, emerging threats and remediation strategies.”

IBM said it intends to begin beta production deployments that take advantage of IBM Watson for Cyber Security later this year.

You can check out a video on the initiative below.