The Power Of Watson For Cybersecurity: This AI Will Keep You Safe

One of the interesting announcements this week was Watson For Cybersecurity. While it has been rumored that Watson has been tied to DOD and Intelligence efforts for some time this is the first time we’ve seen Watson’s powerful AI engine applied to commercial security problems and it couldn’t come soon enough. Watson potentially addresses a huge security problem with corporations, which has been creating massive exposures for a number of nations and—applied in a timely manner—could make the world a far safer place.

Let me explain.

The Massive Security Problem We Don’t Talk About

Regardless of the tool, companies simply are not resourced to analyze let alone address every exposure they know about. So, they tend to avoid comprehensive security solutions for fear these would simply make their security organizations look incompetent—or worse, negligent.

Over the years, the security industry has created impressive sets of tools that can identify a broad range of real and potential exposures in real time but this capability has largely come without the manpower or capability to track down the vast majority of alerts to find related breaches—let alone address these breaches in a timely manner.

These are not simple reports either, and can range from anomalies in physical access, to breaks in normal patterns with networks and data repositories most of which are likely harmless. However, an increasing number of these things are actual breaches and because the firm doesn’t have the time to adequately respond to every alert the result is excessive noise—effectively obfuscating any actual breach which is why, so often, the way the breach is discovered doesn’t come from the security team but from some external notification from a hostile organization wanting a ransom or from employees who have had their identities stolen.

Because these alerts are huge in number, very diverse, and require a broad set of skills to analyze, the effort has defied traditional automation but would be an ideal opportunity for a deep learning system designed to analyze data in real time like IBM’s Watson.

Watson To The Rescue

Watson—which was really the first AI / deep learning system at enterprise scale—is uniquely capable of looking at the massive volume of data collected from incidents and triaging it into groups based on experience tied to the likelihood of actual exposure. In effect, Watson is a huge force multiplier because, at scale, it can analyze massive amounts of data and learn from its experience to improve performance over time providing security analysts with a far more manageable number of alerts which have a high probability of either being a breach in progress or a high priority exploit that needs to be addressed.

This could provide the edge a company needs to better apply its limited security staff to focus on those issues with greatest need and—because this is a learning system–Watson’s speed and capability will improve significantly over time further increasing its effectiveness. This is especially true if the system is allowed to share what it learns and can learn not only from the firm that bought this implementation but the other firms that did as well.

Wrapping Up: The Next Step In Security

With attacks not only coming ever more swiftly but also becoming far more effective and potentially damaging and the related lack of resources to address either trend, the only viable response is to automate a defense. Yet the vast variety of modes and attack surfaces simply do not lend themselves to scripts or other forms of simple automation. Basically, we have to find a way to automate the skills of an analyst so that this volume and complexity can be pared down to something that is manageable. This is an ideal case for a flexible deep learning system and the folks at IBM have recognized this opportunity with Watson for Cybersecurity.

This application of AI may turn out to be the most important yet because it could be the only thing standing between a cascading breach across multiple companies and infrastructure providers that is currently on the short list of things that scare the hell out of a lot of us now. Here is hoping enough companies see this risk and address it before that nightmare becomes a reality.

Comments are closed.

Scroll to Top