IBM unleashes Watson on cybercriminals

Cybersecurity analysts will soon have the help of an AI supercomputer in the campaign against online criminal activity, as IBM has revealed Watson is now ready to take up the fight by helping analysts crunch data faster.

Until now, IBM's Watson has been largely used in the development of apps, and creating improved customer services, although its most talked-about application has been in healthcare, where Watson is used to help with clinical decisions in hospitals around the world.

But over the past year, IBM has been slowly feeding its AI pet with millions of security documents and research reports to the point where the technology is now ready to be released to help organisations fight back against hackers.

Watson for Cybersecurity will be integrated into IBM's new Cognitive Security Operations Centre (SOC) platform, creating the IBM QRadar Advisor app, a tool that will allow users to tap into Watson's copious amount of security know-how to augment human intelligence.

"The Cognitive SOC is now a reality for clients looking to find an advantage against the growing legions of cybercriminals and next-generation threats," said Denis Kennelly, VP of development and technology at IBM. "Our investments in Watson for Cybersecurity have given birth to several innovations in just under a year. Combining the unique abilities of man and machine, intelligence will be critical to the next stage in the fight against advanced cybercrime."

IBM QRadar Advisor in action using Watson's intelligence gathering

The aim is for Watson to help cut down on the tens of thousands of hours that analysts currently spend sifting through security reports, according to IBM, and to prepare for an anticipated doubling of security incidents over the next five years.

In-field testing has already been successful inside 40 organisations across the world, including Avnet at the University of New Brunswick, and technology consultancy firm Sopra Steria.

"Today's sophisticated cybersecurity threats attack on multiple fronts to conceal their activities, and our security analysts face the difficult task of pinpointing these attacks amongst a massive sea of security-related data," said Sean Valcamp, CISO at Avnet. "Watson makes concealment efforts more difficult by quickly analysing multiple streams of data and comparing it with the latest security attack intelligence to provide a more complete picture of the threat."

Watson will be able to assist investigations by using its natural language processing power across blogs, websites, research papers and other security sources including data from the QRadar app, shortening the time it takes to process incidents from "weeks and days, to minutes".

IBM said it will help customers "design, build and manage SOC centres globally", and has already built 300 over the past five years, with options to have Watson's new capabilities built in via on-premise or cloud systems. The SOCs also draw upon IBM's portfolio of security features, including i2 and IBM X-Force Exchange. The technology giant has even developed a Watson-powered voice assistant named Havyn, capable of interacting with analysts on real-time threat updates and monitoring the health of an organisation's security.

IBM is clearly jumping on a burgeoning market, as while only 7% of security professionals are currently using cognitive tools today, according to a recent survey from the vendor, usage is expected to triple over the next three years.

Images courtesy of IBM

Dale Walker

Dale Walker is the Managing Editor of ITPro, and its sibling sites CloudPro and ChannelPro. Dale has a keen interest in IT regulations, data protection, and cyber security. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.