"Attackers currently have the upper hand," he said. "They use automation to their advantage. Attackers are able to pick and choose targets, finding vulnerabilities in systems or bypassing controls. A technology like Watson for Cyber Security has the potential to give enterprises a much-needed advantage for defending themselves."
Barlow said IBM's cyber-security staff is ingesting 15,000 documents a month. That information will be turned over to Watson.
"We're building the brain behind our cognitive security effort," Barlow said. "What we're after here is that your average enterprise sees about 200,000 security events leading to 32 separate potential attacks every single day. And, of course, that's [on] structured data."
But that must be combined with the 75,000 known vulnerabilities, the 60,000 security blogs published every month, and the 10,000 security research papers published every year, Barlow added. "That information is blind to these systems, [which] operate only on analytics and structured data," he said. "So this gives us the ability to bring that insight into the equation as well."
IBM CEO Ginni Rometty has been touting that this is the "cognitive era" of computing and that IBM is intent on taking a leadership role. With this effort, IBM is planning to use cognitive systems to automate the connections between data, emerging threats and remediation strategies. The company intends to begin beta production deployments that take advantage of IBM Watson for Cyber Security later this year.
IBM's X-Force research library will be a central part of the materials fed to Watson for Cyber Security. Not only does this body of knowledge include 20 years of security research, but it also features details on 8 million spam and phishing attacks and more than 100,000 documented vulnerabilities.
Charles King, principal analyst at Pund-IT, said IBM and its university partners' efforts are interesting for two reasons. First, like other business disciplines, security processes are being stressed by the amount and complexity of relevant information, much of it consisting of unstructured and semistructured data that conventional security solutions are unable to parse, he said. In addition, security analysts aren't being trained fast enough to keep up with growing threats. Overall, Watson could provide an ideal platform to help businesses address both of these issues, he noted.
King said he believes Watson can be highly effective in fighting cyber-crime, "mainly because the system is designed to quickly ingest and analyze information highly relevant to security issues. Plus, the platform's user-friendly design should allow a wide range of workers and managers to access and use the Watson cyber-security cloud service."
Barlow noted that Watson for Cyber Security is designed to provide insights into emerging threats, as well as recommendations on how to stop them. IBM will also incorporate other Watson capabilities, including the system's data mining techniques for outlier detection, graphical presentation tools, and techniques for finding connections between related data points in different documents, he added. For example, Watson can find data on an emerging form of malware in an online security bulletin, the proceedings of a cyber-security conference, or data from a security analyst's blog on an emerging remediation strategy, Barlow explained.
"The list of universities that have cyber-security programs is unfortunately very short," Barlow said. "Plus, we've got about 1.5 million open cyber-security jobs by 2020."
Despite this skills gap, organizations have historically been reluctant to automate aspects of security out of concern for stopping legitimate network traffic, Blankenship said.
However, "as our systems get smarter and our confidence level in those systems making the right decisions increases, we will see a move to automate more security tasks," he said. "Watson for Cyber Security has the potential to be an asset for security teams—helping them to detect, respond to and investigate threats more quickly. Adding in a layer of intelligent security automation can help to make security analysts more efficient, much as we are seeing with robots on factory floors, where technology is acting as an enabler for human workers."