IBM to teach Watson computer system “language of cybersecurity”

IBM Security has announced that eight universities – including three in Canada – will help train its Watson computer system on the “language of security” as part of a year-long research project.

IBM’s chief Watson security architect Jeb Linton demonstrating to University of Maryland Baltimore County student Lisa Mathews how to teach IBM’s Watson the language of security, Tuesday, May 10, 2016, Baltimore, MD. IBM will work with 8 universities to train Watson for Cyber Security, so that the next generation of security professionals can leverage the power of “cognitive” technology to defend against cyberattacks. (Mitro Hood/Feature Photo Service for IBM)

Watson for Cyber Security, a new cloud-based version of the company’s cognitive technology trained on the language of cybersecurity, was announced on Tuesday by IBM Security. To further scale the system, IBM plans to collaborate with eight universities “to greatly expand the collection of security data IBM has trained the cognitive system with,” IBM Security said in a press release.

Starting this fall, the company will work with “eight universities that have some of the world’s best cybersecurity programs” and their students to further train Watson on the language of cybersecurity. The universities include the University of New Brunswick; the University of Ottawa; the University of Waterloo (in Ontario); California State Polytechnic University, Pomona; Pennsylvania State University; Massachusetts Institute of Technology; New York University; and the University of Maryland, Baltimore County.

IBM intends to begin beta production deployments that take advantage of Watson for Cyber Security later this year. The company’s X-Force research library – which includes 20 years of security research, details on 8 million spam and phishing attacks and more than 100,000 documented vulnerabilities – will be a central part of the materials fed to Watson for Cyber Security, the release said.

“Watson is learning the nuances of security research findings and discovering patterns and evidence of hidden cyberattacks and threats that could otherwise be missed,” IBM Security said in the release. Watson – a computer system capable of answering questions – was originally design to compete on the TV show Jeopardy!

IBM Security said that the research project “will be the first technology to offer cognition of security data at scale using Watson’s ability to reason and learn from ‘unstructured data’ – 80 per cent of all data on the Internet that traditional security tools cannot process, including blogs, articles, videos, reports, alerts, and other information.” IBM analysis found that the average organization leverages only 8% of this unstructured data, the release said, adding that Watson for Cyber Security will also use natural language processing to understand the vague and imprecise nature of human language in unstructured data.

The IBM Watson Knowledge Studio tool will be used by IBM and its eight university partners to help annotate documents used to train IBM Watson for Cyber Security. (Credit: IBM)

Watson for Cyber Security is designed to provide insights into emerging threats, as well as recommendations on how to stop them, increasing the speed and capabilities of security professionals. In addition, IBM will incorporate other Watson capabilities, including the system’s data mining techniques for outlier detection, graphical presentation tools and techniques for finding connections between related data points in different documents. For example, Watson can find data on an emerging form of malware in an online security bulletin and data from a security analyst’s blog on an emerging remediation strategy.

“Even if the industry was able to fill the estimated 1.5 million open cybersecurity jobs by 2020, we’d still have a skills crisis in security,” said Marc van Zadelhoff, general manager of IBM Security, in the release. “The volume and velocity of data in security is one of our greatest challenges in dealing with cybercrime. By leveraging Watson’s ability to bring context to staggering amounts of unstructured data, impossible for people alone to process, we will bring new insights, recommendations, and knowledge to security professionals, bringing greater speed and precision to the most advanced cybersecurity analysts, and providing novice analysts with on-the-job training.”

IBM Security said that students will help train Watson on the language of cybersecurity, initially working to help build Watson’s corpus of knowledge by annotating and feeding the system security reports and data. As students work closely with IBM Security experts to learn the nuances of these security intelligence reports, they’ll also be amongst the first in the world to gain hands-on experience in this emerging field of cognitive security.

IBM currently plans to process up to 15,000 security documents per month over the next phase of the training with the university partners, clients and IBM experts collaborating. These documents will include threat intelligence reports, cybercrime strategies and threat databases. Training Watson will also help build the taxonomy for Watson in cybersecurity, including the understanding of hashes, infection methods and indicators of compromise and help identify advanced persistent threats.

The release said that the average organization sees more than 200,000 pieces of security event data per day. Enterprises spend US$1.3 million a year dealing with false positives alone, wasting nearly 21,000 hours, IBM said, quoting a January 2015 Ponemon Institute blog titled The Cost of Malware Containment. “Couple this with 75,000-plus known software vulnerabilities reported in the National Vulnerability Database, 10,000 security research papers published each year and over 60,000 security blogs published each month – and security analysts are severely challenged to move with informed speed,” the release concluded.