When it comes to keeping up with the amount of malware spewing forth on a daily basis from cybercriminals humans alone are simply unable to track, stop or defeat these attacks.
We need help from something in the mold of a friendly Terminator or HAL system that not only has the computational power to keep tabs on along, but never needs a break or a day off .
With this in mind IBM has rolled out Watson for Cybersecurity. This is a beta program that will investigate the system's ability to use machine learning to identify and prioritize threats. Considering the amount of automation now available and used by cybercriminals to launch attacks, the Watson test case comes just in time, hopefully.
The beta program is launching with 40 participants ranging across the banking, healthcare, insurance and education fields. This was also an excellent choice as all of these industries have been repeatedly victimized cybercriminals.
While Watson may be better known for beating Jeopardy champ Ken Jennings, it is thought the same cognitive technology that enabled the supercomputer to answer Alex Trabek's queries in the form of a question, it is hoped, will help relieve the burden placed on cybersecurity teams defending their organization. And that burden is quite severe. The Ponemon Institute reported that some security teams are wasting a combined 20,000 hours per day chasing false positives and IBM estimates security teams are confronted with an estimated 200,000 security events per day.
The beta test participants are using Watson as part of their active security systems to determine if an attack is by a known piece of malware and if so the computer will offer background on the threat along with its size and what it can exploit. Watson will also help ID suspicious behavior on a network letting the IT department know if activity is taking place on accounts that is outside the norm.
There is no end date set for the beta test.
The need for even more automated defenses was brought before President Obama's Commission on Enhancing National Cybersecurity, which just released its Report on Securing and Growing the Digital Economy. Palo Alto CEO Mark McLaughlin addressed the commission earlier this year telling them the lack of automation and interoperability makes it increasingly difficult to defend networks that continue to grow in complexity and expand into the cloud.
“Simplification and automation are essential for making networks adequately defensible. Security technologies must be leveraged as part of natively integrated platforms, and capable of automatic reprogramming based on new threat information, to prevent threats across all stages of the attack lifecycle—on the network, in the cloud, and at the endpoint,” McLaughlin told the commission.