IBM has trained its Watson cognitive computing system to handle a number of tasks, from serving as a customer service rep, to sales assistant, to health care services assistant to help doctors diagnose and treat cancer. But now, with the help of eight universities, IBM is training Watson to be on the lookout for cyber-crime.
IBM has enlisted the help of an initial set of eight universities to train Watson to help patch, eliminate and monitor cyber-security weaknesses.
Big Blue announced Watson for Cyber Security, a new cloud-based version of the company’s cognitive technology trained in the language of security as part of a year-long research project. To further scale the system, IBM is collaborating with the universities to expand the collection of security data on which IBM has trained the new system.
Caleb Barlow, vice president, IBM Security, told eWEEK IBM is telling a “three-pronged” story where last year, in the first thrust, the company opened its 20-year-strong vault of security intelligence to the world with X-Force Exchange.
“We put that out to the world for free, and that changed the dynamic for the bad guys,” he said. “We told the world about what they were doing. That helped take the wind out of their sails, because that made it harder for the bad guys to initiate their attacks.”
The second chapter of that story came earlier this year when IBM revealed the engine behind its analytics tools, which opened its Security App Exchange on top of the IBM QRadar security intelligence platform, Barlow said.
Barlow said the third step is opening the 80 percent of security information that is held in unstructured format so that it also can be pored through, analyzed and presented to security analysts along with the structured data that cyber-security personnel can currently access. The unstructured data includes material such as security blogs and security research that have not been tapped in the past, he said.
In short, IBM is enlisting the help of top cyber-security institutions to help train Watson in the art and language of cyber-security. Barlow said the collective goal of this project is to provide talented cyber-security professionals with the ability to consistently maintain speed and precision in their day-to-day work.
This project also helps address the cyber-security skills gap while helping train Watson on the nuances of security research findings and discover behavior patterns and evidence of hidden cyber-attacks and threats that might otherwise be missed. IBM is trying to improve security analysts’ capabilities using cognitive systems that automate the connections between data, emerging threats and remediation strategies.
Starting this fall, IBM will work with leading universities to further train Watson on the language of cyber-security, including: California State Polytechnic University, Pomona; Pennsylvania State University; Massachusetts Institute of Technology (MIT); New York University; the University of Maryland, Baltimore County (UMBC); the University of New Brunswick; the University of Ottawa and the University of Waterloo.
“We are seeing technologies like artificial intelligence, automation and robotics being used in more and more aspects of our economy,” Joseph Blankenship, a senior analyst at Forrester Research, told eWEEK. “Cyber-security is one of the areas where cognitive computing can [be of] great benefit.”
Indeed, cyber-security is a complex problem that has until now been addressed by a combination of technology and skilled human analysts, he said. Yet, the shortage of skilled, experienced security practitioners, combined with the volume and velocity of attacks, has made human analysts a bottleneck in security operations. There simply aren’t enough skilled analysts to address all of the alerts that are hitting enterprises, Blankenship noted.
IBM Taps Top Universities to Train Watson on Cyber-Security
“Attackers currently have the upper hand,” he said. “They use automation to their advantage. Attackers are able to pick and choose targets, finding vulnerabilities in systems or bypassing controls. A technology like Watson for Cyber Security has the potential to give enterprises a much-needed advantage for defending themselves.”
Barlow said IBM’s cyber-security staff is ingesting 15,000 documents a month. That information will be turned over to Watson.
“We’re building the brain behind our cognitive security effort,” Barlow said. “What we’re after here is that your average enterprise sees about 200,000 security events leading to 32 separate potential attacks every single day. And, of course, that’s [on] structured data.”
But that must be combined with the 75,000 known vulnerabilities, the 60,000 security blogs published every month, and the 10,000 security research papers published every year, Barlow added. “That information is blind to these systems, [which] operate only on analytics and structured data,” he said. “So this gives us the ability to bring that insight into the equation as well.”
IBM CEO Ginni Rometty has been touting that this is the “cognitive era” of computing and that IBM is intent on taking a leadership role. With this effort, IBM is planning to use cognitive systems to automate the connections between data, emerging threats and remediation strategies. The company intends to begin beta production deployments that take advantage of IBM Watson for Cyber Security later this year.
IBM’s X-Force research library will be a central part of the materials fed to Watson for Cyber Security. Not only does this body of knowledge include 20 years of security research, but it also features details on 8 million spam and phishing attacks and more than 100,000 documented vulnerabilities.
Charles King, principal analyst at Pund-IT, said IBM and its university partners’ efforts are interesting for two reasons. First, like other business disciplines, security processes are being stressed by the amount and complexity of relevant information, much of it consisting of unstructured and semistructured data that conventional security solutions are unable to parse, he said. In addition, security analysts aren’t being trained fast enough to keep up with growing threats. Overall, Watson could provide an ideal platform to help businesses address both of these issues, he noted.
King said he believes Watson can be highly effective in fighting cyber-crime, “mainly because the system is designed to quickly ingest and analyze information highly relevant to security issues. Plus, the platform’s user-friendly design should allow a wide range of workers and managers to access and use the Watson cyber-security cloud service.”
Barlow noted that Watson for Cyber Security is designed to provide insights into emerging threats, as well as recommendations on how to stop them. IBM will also incorporate other Watson capabilities, including the system’s data mining techniques for outlier detection, graphical presentation tools, and techniques for finding connections between related data points in different documents, he added. For example, Watson can find data on an emerging form of malware in an online security bulletin, the proceedings of a cyber-security conference, or data from a security analyst’s blog on an emerging remediation strategy, Barlow explained.
“The list of universities that have cyber-security programs is unfortunately very short,” Barlow said. “Plus, we’ve got about 1.5 million open cyber-security jobs by 2020.”
Despite this skills gap, organizations have historically been reluctant to automate aspects of security out of concern for stopping legitimate network traffic, Blankenship said.
However, “as our systems get smarter and our confidence level in those systems making the right decisions increases, we will see a move to automate more security tasks,” he said. “Watson for Cyber Security has the potential to be an asset for security teams—helping them to detect, respond to and investigate threats more quickly. Adding in a layer of intelligent security automation can help to make security analysts more efficient, much as we are seeing with robots on factory floors, where technology is acting as an enabler for human workers.”
IBM Taps Top Universities to Train Watson on Cyber-Security
“The volume and velocity of data in security is one of our greatest challenges in dealing with cybercrime,” said Marc van Zadelhoff, general manager of IBM Security, in a statement. “By leveraging Watson’s ability to bring context to staggering amounts of unstructured data, impossible for people alone to process, we will bring new insights, recommendations, and knowledge to security professionals, bringing greater speed and precision to the most advanced cyber-security analysts, and providing novice analysts with on-the-job training.”
For its part, UMBC is taking a leadership role in cognitive cyber-security.
UMBC and IBM Research announced plans for a multiyear collaboration to create the Accelerated Cognitive Cybersecurity Laboratory (ACCL), which will be housed in the College of Engineering and Information Technology at UMBC. Opening in the fall of 2016, the lab will work to advance the application of cognitive computing to cyber-security via analytics and machine learning, while also exploring specialized computer power optimized for new intensive computing workloads, Barlow said.
With the ACCL, IBM and UMBC will explore new ways to apply cognitive technologies—which are able to digest, learn from, and reason about vast amounts of structured and unstructured data—to help cyber-security professionals gain an advantage in the battle against cyber-crime.
“We’re going to provide the computing power, access to Watson, researchers and curriculum, and they’re going to focus on leveraging [those] within the classroom as well as helping to train Watson,” Barlow said, describing the relationship between IBM and UMBC.
He further noted that the ACCL research will be conducted on IBM and OpenPOWER technology. The IBM Power Systems being implemented in the ACCL at UMBC will use technology from the OpenPOWER Foundation, which is suited for the cognitive and advanced analytics workloads required in cyber-security research. In addition, researchers will receive technical development and support from the IBM Systems Group, Barlow said.
“There is a massive amount of security data that exists for human consumption, which cannot be processed by traditional security systems,” said J.R. Rao, director of security research at IBM, in a statement. “By exploring the intersection of cyber-security and cognitive technology, we can leverage that untapped pool of data and evolve the way security professionals and technologies work together to help overcome cyber-threats.”
The ACCL will be headed by Anupam Joshi, director of UMBC’s Center for Cybersecurity and chair of computer science and electrical engineering at UMBC.
Moreover, at MIT, “We are constantly being asked by companies about availability of cyber-security-competent students to be hired for executive positions; this is yet another way for our students to be at the leading edge of cyber-security technologies,” said Stuart Madnick, John Norris Maguire Professor of Information Technologies at MIT’s Sloan School of Management, and professor of engineering systems at MIT’s School of Engineering, in a statement. “This project actually provides two complementary values to our students since it reinforces and enhances their expertise in both big data/AI and cyber-security.”
Pund-IT’s King said he believes IBM’s Watson could potentially have an impact on the cyber-security skills gap.
“IBM has positioned Watson as elemental to helping develop and train new generations of ‘citizen data scientists,’ which is to say, workers who could profit from accessing information relevant to their jobs but lack formal data science/analysis skills,” King said. “That’s an interesting, potentially valuable vision for IBM to pursue, but we’re still in early days. If the company can make that vision real, it could change the cyber-security landscape in elemental and positive ways.”