security and privacy issues

Three Canadian universities are among eight institutions that will be in a year-long research project to teach IBM’s Watson cognitive computing platform how to comb through unstructured data to improve cyber security.

Starting this fall the institutions — including the University of Ottawa, the University of Waterloo and the University of New Brunswick — will work with IBM to teach Watson the nuances of security research findings and how to discover patterns and evidence of hidden cyber attacks and threats.

In making the announcement on Tuesday, Caleb Barlow, vice-president of IBM Security, said in an interview the work won’t necessarily lead to a commercial Watson for Cyber Security product. For example, Watson will work with IBM’s free X-Force threat information exchange.

“The university program is an academic initiative. Each university decides how they’re going to implement it with their students — whether it will be part of course work, extra credit — and they’re going to get a front-row seat into how we build cognitive solutions in the security realm.”

IBM sells a number of services on the Watson platform including Watson for Oncology (helps cancer specialists evaluate patient data against clinical evidence), Explorer (analyzes structured and unstructured enterprise data), Discovery Advisor (helps organizations discover  relationships between disparate data they hold), and Engagement Advisor (an automated self-service solution that offers answers to customer questions).

The goal of Watson for Cyber Security will be to give infosec pros an extra hand by analyzing unstructured security-related data on the Internet that traditional security tools can’t process, including blogs, articles, videos, reports, alerts, and other information.

“This is an opportunity for our students, faculty and researchers to contribute significantly to the ever-evolving challenges in the cybersecurity industry,” Claude D’Amours, director of EECS in the University of Ottawa’s faculty of engineering, said in the IBM release. “Furthermore the training opportunities for our students through this collaboration are second to none which will help them differentiate when seeking employment.”

“We’ve been working hard with IBM for years on solutions to the growing threat of cybersecurity. This project with Watson has tremendous potential to be a game-changer,” Dr. Ali Ghorbani, dean of the University of New Brunswick’s faculty of computer science said in the IBM release.  “At the University of New Brunswick, we prize opportunities for our students to help companies and organizations find solutions to real-world problems. This work with Watson and IBM is yet another example of the kinds of transformative experiences our students can expect.”

“Waterloo is renowned for its unique system of education that equips students with real-world experiences as they pursue their academic careers, both through co-op work experiences as well as exposure to new research. We are delighted that IBM is giving Waterloo students a valuable opportunity to explore the state of the art at the intersection of machine learning and cybersecurity,” said professor Manoj Sachdev, chair of the University of Waterloo’s department of electrical and computer engineering.

Watson for Cyber Security won’t replace an organization’s security information and event management (SIEM) system, Barlow said, which processes structured data from the network. That’s machine-readable data, he pointed out, whereas blogs, academic articles and such are only in human-readable formats. Hopefully Watson can be trained to go through that kind of data and pick out the gems.

The problem is SIEMs and similar systems are overwhelmed with data, Barlow said. An average enterprise might see 200,000 events a day, he pointed out — and most are false positives. Watson for Cyber Security could work hand in hand with SIEMs, he said — and help with the shortage of cybersecurity pros.

But how much value is there in material like blogs which may include speculation, conjecture and guesses? “That’s part of what we’re going to find out,” Barlow said. “There’s a certain amount of noise, as you can imagine. But when we look at particularly the highly-technical blogs, when we look at new analyst analysis of malware, when we look at indicators of compromise, at disclosures of recent breaches and attacks, that’s a lot of actionable information because this is really about providing context to the situation.”

So just as IBM [NYSE:IBM] envision’s Watson helping doctors diagnose a patient, Watson for Cyber Security could help a member of an infosec team analyze an event, Barlow said. “Let’s face it, most of those threads Watson pulls on aren’t going to go anywhere. It’ll be ‘Oh well, looks like somebody forgot their password. Don’t worry about it,’ or ‘I can’t find anything more about this event. Let’s just watch it.'” But, he added, it could also discover that the event was written about in a recent blog, lists the evidence and makes recommendations.

Other institutions in the project are California State Polytechnic University, Pomona; Pennsylvania State University; Massachusetts Institute of Technology; New York University; and the University of Maryland, Baltimore County (UMBC).

Related Download
Can we save the open web? Sponsor: Acquia
Can we save the open web?
Join the creator of Drupal, Dries Buytaert, in a discussion about the web’s evolution, how we can put the power of the internet back into the hands of the people, and how you can prepare your organization.
Register Now