IBM unleashes Watson on the cyber security industry. Here's what it means
December 6, 2016
Kelly J. O'Brien
Cambridge-based IBM Security announced Tuesday it's advancing its Watson for Cyber Security program with a beta test involving 40 companies in industries like banking, healthcare and education.
Those companies will be able to make use of the machine learning system to more quickly and accurately identify important cyber attacks on their businesses. IBM is not charging participants in the beta program, IBM Security's vice president of strategy Caleb Barlow said, but the company sees big commercial opportunity down the road as businesses turn to intelligent computing systems to help sift through the flood of network security data they collect everyday.
IBM named some organizations, including Sun Life Financial, Avnet and California Polytechnic State University, taking part in the beta program, but declined to say whether any of the 40 companies are based in Greater Boston.
How it works: IBM and researchers at eight universities, including MIT, have been training Watson on cyber security data since May. Thanks to natural language processing technology, the software system can analyze both structured data, like server log files, and unstructured data, like research papers and blog posts, to learn the lingo of the cybersecurity world and eventually detect attack patterns.
The benefit of the beta program, Barlow told the Business Journal in an interview, is that Watson can now learn from a wider variety of data in real-world scenarios, improving its capabilities for future users.
“Just like a human, the more it reads the more it understands, and the better it understands, and that becomes a shared value," Barlow said. "Where this separates from human learning is that Watson doesn’t forget 40 to 50 percent of what it learns.”
Why it matters: Thanks to modern security analytics tools, businesses have more data than ever about what is happening on their networks. The problem, Barlow said, is "who’s going to sift through it all?”
Every day, IBM's QRadar system sees billions of "security events" across thousands of customers, Barlow said. The problem for humans is identifying how much of that anomalous activity represents an actual malicious attack. A survey by IBM of hundreds of security professionals found that only 7 percent currently use cognitive computing systems to help with that process, but 21 percent expect to start using such systems in the next two to three years.
Security analysts currently spend a "good amount of time" investigating potential attacks to find out if they're damaging and worth responding to, said Michael Figueroa, the executive director of the Advanced Cyber Security Center, a nonprofit that promotes the cybersecurity industry in Massachusetts.
Figueroa called Watson a "great movement forward" in terms of understanding which attacks matter and how they're being launched.
"What Watson is providing is that speed of analysis, enhancing the speed at which lots of security data can be analyzed," Figueroa said.