IBM’s Watson supercomputer hardly needs any more resumé-padding. It’s already won Jeopardy, written a cookbook, and dabbled in revolutionizing healthcare. The next stop in its storied career? Tackling cybercrime.
Today, IBM announced that Watson is taking its cognitive learning chops to the cloud, where it’ll apply them to analyzing, identifying, and (hopefully) preventing cybersecurity threats. But first, it’s going to have to learn. Fast.
Collecting and analyzing this type of data can and does work. It’s not ideal, though. First, there’s simply too much of it; according to a recent IBM report, the average organization sees over 200,000 pieces of security event data every single day. There’s simply no way to keep up with it all. And while solutions like MIT’s recent AI2 can trim down the number of incidents a human researcher needs to sift through, there’s still the fact that the data points being considered are only a small part of the picture.
“This is about interpreting and learning and bringing in unstructured data, bringing in things like blogs, white papers, and research reports,” says Caleb Barlow, vice president at IBM Security. “[Those] other forms of analysis that are not well-structured, or easily read by a machine, and bringing that in to add further contextual insight into what potentially is going on.”
Watson, then, is uniquely positioned to handle both the volume of information, and also discern the crucial context that determines what sort of threats exist. While a human security researcher might not have a firm command of all 75,000 known software vulnerabilities, or have read all 60,000 security-related blog posts that are written every month, Watson will.
“Companies have teams where their job is to look at all the sources of news, and from that news try to identify the risk, and then actually connect it with their infrastructure, their computers, and ask if the risk is applicable to their system,” says Dr. Kevin Du, computer security professor at Syracuse University. “It takes a lot of manual effort.” Effort that could, if all goes well, be offloaded to machine learning.
Barlow, who spent time in his early career in emergency medicine, likens Watson to a paramedic coming on the scene of a potential head injury. “People that have been drinking too much and people that have had head injuries often present the same symptoms,” says Barlow. “It’s up to the paramedic to figure out which he’s got.”
A paramedic looks at structured data—blood pressure, heart rate, respiration and so on—but also takes into account unstructured data, like the verbal response, or what kind of accident the patient was involved in. In other words, paramedics consider all of the things that don’t fit in a data field, but that give them a much better sense of what actually happened. They’re able to work through all available information, to provide the physician at the hospital with a prognosis. “That’s what Watson’s going to do for security operations centers,” says Barlow.
Du notes that this isn’t a new idea; there have been research papers and small-scale studies arguing the effectiveness of unstructured data collection. Watson, though, gives IBM the distinction of being the first to be able to try it at scale. “I think the technology is there. Due to the lack of computing power and investment, nobody’s actually proven that this can be very useful,” says Du. “If this machine is trained well, it could replace a lot of human effort.”
Which is not to say Watson will necessarily replace human jobs; as it is, the industry has a significant talent gap. “Even if the industry was able to fill the estimated 1.5 million open cyber security jobs by 2020, we’d still have a skills crisis in security,” said Marc van Zadelhoff, General Manager of IBM Security. One that Watson should help mitigate.
Today, IBM announced that Watson is taking its cognitive learning chops to the cloud, where it’ll apply them to analyzing, identifying, and (hopefully) preventing cybersecurity threats. But first, it’s going to have to learn. Fast.
Playing Defense
There are already plenty of computer-enhanced approaches to combating cybercrime, most of which involve identifying outliers or abnormalities—like when a user logs a few too many failed password attempts—and determining whether those constitute some sort of threat.Collecting and analyzing this type of data can and does work. It’s not ideal, though. First, there’s simply too much of it; according to a recent IBM report, the average organization sees over 200,000 pieces of security event data every single day. There’s simply no way to keep up with it all. And while solutions like MIT’s recent AI2 can trim down the number of incidents a human researcher needs to sift through, there’s still the fact that the data points being considered are only a small part of the picture.
“This is about interpreting and learning and bringing in unstructured data, bringing in things like blogs, white papers, and research reports,” says Caleb Barlow, vice president at IBM Security. “[Those] other forms of analysis that are not well-structured, or easily read by a machine, and bringing that in to add further contextual insight into what potentially is going on.”
Watson, then, is uniquely positioned to handle both the volume of information, and also discern the crucial context that determines what sort of threats exist. While a human security researcher might not have a firm command of all 75,000 known software vulnerabilities, or have read all 60,000 security-related blog posts that are written every month, Watson will.
“Companies have teams where their job is to look at all the sources of news, and from that news try to identify the risk, and then actually connect it with their infrastructure, their computers, and ask if the risk is applicable to their system,” says Dr. Kevin Du, computer security professor at Syracuse University. “It takes a lot of manual effort.” Effort that could, if all goes well, be offloaded to machine learning.
Barlow, who spent time in his early career in emergency medicine, likens Watson to a paramedic coming on the scene of a potential head injury. “People that have been drinking too much and people that have had head injuries often present the same symptoms,” says Barlow. “It’s up to the paramedic to figure out which he’s got.”
A paramedic looks at structured data—blood pressure, heart rate, respiration and so on—but also takes into account unstructured data, like the verbal response, or what kind of accident the patient was involved in. In other words, paramedics consider all of the things that don’t fit in a data field, but that give them a much better sense of what actually happened. They’re able to work through all available information, to provide the physician at the hospital with a prognosis. “That’s what Watson’s going to do for security operations centers,” says Barlow.
Du notes that this isn’t a new idea; there have been research papers and small-scale studies arguing the effectiveness of unstructured data collection. Watson, though, gives IBM the distinction of being the first to be able to try it at scale. “I think the technology is there. Due to the lack of computing power and investment, nobody’s actually proven that this can be very useful,” says Du. “If this machine is trained well, it could replace a lot of human effort.”
Which is not to say Watson will necessarily replace human jobs; as it is, the industry has a significant talent gap. “Even if the industry was able to fill the estimated 1.5 million open cyber security jobs by 2020, we’d still have a skills crisis in security,” said Marc van Zadelhoff, General Manager of IBM Security. One that Watson should help mitigate.
Комментариев нет:
Отправить комментарий