studiostoks - Fotolia

40 firms to trial IBM Watson cognitive computing for cyber security

Forty companies sign up to apply IBM’s Watson cognitive computing systems to cyber security, but threat intelligence experts caution against total reliance on such systems

IBM has announced that 40 companies around the world have signed up for its IBM Watson for Cyber Security Beta Program.

The companies will test the ability of IBM’s cognitive computing technology to help in the battle against cyber crime. The trial will include representatives of the banking, healthcare, insurance, education and other key industry sectors.

Watson for Cyber Security uses technologies such as machine learning and natural language processing, which is being trained to understand the language of security.

IBM claims the combined technologies will help security analysts make better, faster decisions from vast amounts of data, including unstructured data that has been “dark” to security defences until now.

Today’s increasingly challenging security environment has created the need for more intelligence to identify and prioritise threats, which is, in turn, increasing the workload of security analysts with more alerts and anomalies to process than ever, said IBM.

A recent study from the IBM Institute for Business Value shows that nearly 60% of security professionals believe emerging cognitive technologies will play a critical role in turning the tide in the war on cyber crime.

“Customers are in the early stages of implementing cognitive security technologies,” said Sandy Bird, chief technology officer at IBM Security.

“Our research suggests this adoption will increase threefold over the next three years, as tools like Watson for Cyber Security mature and become pervasive in security operations centres. Currently, only 7% of security professionals claim to be using cognitive solutions.”

Companies taking part in the beta tests will use Watson in their current security environments to bring additional context to their cyber security data.

IBM said Watson will help organisations to determine whether or not a current security “offence” is associated with a known malware or cyber crime campaign.

If it is, Watson can provide background on the malware employed, vulnerabilities exploited and scope of the threat, among other insights, said IBM.

Watson is also expected to help improve organisations’ ability to identify suspicious behaviour by providing additional context to user activity.

Working with these beta customers, IBM is continuing to enhance Watson’s understanding of the cyber security data and refine how Watson can seamlessly integrate into day-to-day security operations.

Read more about artificial intelligence

Rebekah Brown, threat intelligence lead at Rapid7, said it is encouraging to see new, innovative methods for analysing and detecting cyber attacks.

“This is likely to result in the identification of attack trends and patterns that would not be easily identifiable through individual intelligence analysis alone,” she said.

But Brown cautioned against relying exclusively on automation and machine operations to combat a thinking, changing adversary.

“While machine-learning algorithms are effective at identifying and predicting attack patterns based on what has previously been observed, it is always possible that an attacker will take actions that are not predictable or that do not fit with previous behaviour patterns,” she said.

Because people do not always act in rational ways or in ways we think they should, automated analysis tools should not be viewed as a complete replacement for human analysis, said Brown.

“These tools can support and enable analysts, and should focus on detecting and responding to known patterns so that human analysts can be prepared to detect and respond to the inevitable changes attackers make in targeting, tempo and behaviours,” she said.

Hybrid approach

Intel Security – soon to be spun off as an independent company under the McAfee banner – is pursuing this hybrid approach and is working with a select group of customers to develop systems to enable human-machine teaming to get the best of both worlds in applying cyber threat intelligence.

This approach aims to combine human strategic intellect and investigative methods with technical capabilities to deal with security intelligence data at scale, and highlight the issues of greatest importance.

Artificial intelligence-led cyber security technology was in the spotlight at two major industry conferences in Las Vegas in August 2016, signalling a firm trend in cyber defence research.

At the Def Con hacker conference, delegates witnessed the final rounds of the eight-hour Cyber Grand Challenge (CGC) run by the US Defense Advanced Research Projects Agency (Darpa), while at the Black Hat security conference, security firm SparkCognition unveiled what it said was the first artificial intelligence (AI)-powered “cognitive” antivirus system, called DeepArmor.

According to UK information security startup Darktrace, future cyber security will be mainly automated, based on AI.

The company aims to be a leader in the move to this new era of information security, and is already working on the next phase of its self-learning security system to enable automatic defence.

“We believe we are the only ones at the moment who focus only on learning from the behaviours of people and systems within the business rather than on algorithms that look for known types of attacks,” Darktrace co-founder and director of technology Dave Palmer told Computer Weekly in an interview.

Read more on Hackers and cybercrime prevention

Data Center
Data Management