Watson, the artificial intelligence platform from IBM, wears many hats. The cognitive computer has been a trivia master, physician’s assistant, financial analyst, cancer researcher, fitness coach, and customer service representative. Now, IBM is training the software to help protect companies from hackers and malware.
IBM recently announced a cloud-based version of the cognitive computing software that will understand the language of cybersecurity, using it to identify digital threats that might elude human analysts. The company is taking the same big data approach it applied to other industries, feeding Watson reams of security research to guide its hunt for hackers.
Watson has already begun to study two decades of IBM’s internal security research, including spam and phishing attacks; malware and viruses; network vulnerabilities; and even possible solutions. Once it has finished with the research materials, IBM aims for Watson to ingest 15,000 documents about digital security every month to keep it updated on the latest security measures.
That approach is similar to how Watson prepared for tasks like cancer research, where the program read through more than a half-million medical documents that it would use to help doctors diagnose and treat patients. In 2015, IBM acquired Merge Healthcare for its archive of 30 million X-rays and imaging scans, which Watson studied to better identify ailments such as cancer and heart disease.
IBM hopes that this approach will transform an industry overwhelmed by the growing number and complexity of cybersecurity threats. According to a 2015 Ponemon Institute survey, security analysts only investigate about 4% of malware alerts, underlining a shortage of engineers and automated services that locate high-priority threats. The survey also found that hackers have been gradually using more malicious forms of malware, giving missed threats the potential to become even more dangerous.
“The volume and velocity of data in security is one of our greatest challenges in dealing with cybercrime,” said Marc van Zadelhoff, general manager of IBM Security. Making matters worse for security analysts is that almost two-thirds of the alerts about threats to their networks are actually false positives, according to the Ponemon survey.
This is where Watson comes in. Rather than replace analysts, IBM is turning Watson into a consultant, searching through of research and security alerts faster than human operators ever could. It could help humans prioritize threats, shutting down potential attacks sooner.
The cybersecurity program has other advantages over human analysts. Watson can also look through blogs, research papers, articles, videos, reports, alerts, and other “unstructured data” that security professionals rarely have time to read during an attack. For example, it could read through an online security blog about a new form of malware, scan through a research paper on ways to stop it, and then send that data on to human operators.
“There is a massive amount of security data that exists for human consumption, which cannot be processed by traditional security systems,” J.R. Rao, director of security research at IBM, said in a statement.
Helping to put that security data in front of Watson, IBM is partnering with eight universities that will upload and annotate security data into the system. Working on the project is the University of Maryland Baltimore County, the Massachusetts Institute of Technology, California State Polytechnic University Pomona, Pennsylvania State University, New York University, the University of New Brunswick, the University of Ottawa, and the University of Waterloo.
Working with the cybersecurity version of Watson could also help train new human analysts. IBM also announced that it would be forming an “accelerated cognitive cybersecurity laboratory” with UMBC. The lab will focus on using machine learning and cognitive computers to solve cybersecurity issues.
The students helping to train Watson might eventually end up working at IBM, which has been spending to grow its security business. In February, the company added about 100 security consultants with the purchase of Resilient Systems, a cyberattack response company, inflating its roster to around 3,000 analysts.