Sherlock Holmes may have been the better detective than his sidekick Watson in the novels, but IBM is hoping its Watson can solve the case of the unstructured security data. To that end, Big Blue unveiled Watson for Cyber Security yesterday, a new cloud-based version of its cognitive technology that is trained specifically to understand cybersecurity data.
To develop the technology, IBM is collaborating with eight universities that are contributing to the collection of security data available for Watson to analyze. As a cognitive system, Watson learns by analyzing data and recognizing patterns. The aim is for Watson to eventually process more data than humans can, and catch patterns that human analysts might miss.
Cybersecurity Skills Gap
“Today's news is part of a pioneering cognitive security project to address the looming cybersecurity skills gap,” the company said in a statement yesterday. “IBM efforts are designed to improve security analysts’ capabilities using cognitive systems that automate the connections between data, emerging threats and remediation strategies.”
The company said it plans to make use of its X-Force research library, a data repository that includes 20 years of security research, details on 8 million spam and phishing attacks and over 100,000 documented vulnerabilities. IBM said it will begin beta production deployments of versions of the platform later this year.
At the core of the issue IBM is trying to address with Watson is the imbalance between the number of security data analysts with the skills required to make accurate determinations regarding data breaches and the sheer volume of security data that needs to be reviewed. The average organization sees over 200,000 pieces of security event data per day with enterprises spending $1.3 million a year dealing with false positives alone, wasting nearly 21,000 hours, according to IBM.
Those numbers, combined with the more than 75,000 known software vulnerabilities and 10,000 security research papers published every year, make it virtually impossible for any security analyst to stay completely informed about all the possible security issues that could be encountered.
Bringing Context to Unstructured Data
To address the problem, Watson for Cyber Security will offer security data cognition at scale by exploiting Watson’s ability to learn from unstructured data, the 80 percent of all data that includes blogs, articles, video, and alerts. The average organization leverages only 8 percent of this unstructured data, according to Big Blue.
The company said the platform will be able to provide insights into emerging threats, as well as offer recommendations on how to stop them, increasing the speed and the capabilities of security professionals.
“By leveraging Watson’s ability to bring context to staggering amounts of unstructured data, impossible for people alone to process, we will bring new insights, recommendations, and knowledge to security professionals, bringing greater speed and precision to the most advanced cybersecurity analysts, and providing novice analysts with on-the-job training," said Marc van Zadelhoff, General Manager, IBM Security, in the statement.
Image Credit: IBM.