Most of what security analysts do comes down to correlating various events to determine how a particular attack is being perpetrated against an IT environment. Making use of years of experience, those security experts can usually identify the vulnerability being exploited, which is critical to putting a defense in place.
At the IBM PartnerWorld 2016 conference today, Denis Kennelly, vice president of development and technology for IBM Security, revealed that IBM is working on employing its Watson artificial intelligence platform to work on IT security issues. By integrating IBM Watson with its X-Force security database and Qradar security intelligence software, Kennelly says IBM plans to elevate the level of analytics being used to identify attack patterns. IBM is also committed to sharing those patterns via an IBM X-Force Exchange service it unveiled last year.
Kennelly says the goal is not to replace security analysts, but rather compensate for the acute shortage of IT personnel with IT security expertise. Because so much relevant IT security information is contained in unstructured formats such as blogs, individual IT security teams can’t correlate that information. In contrast, IBM Watson not only takes advantage of advanced analytics to correlate that data, the information itself is more accessible using natural language.
In addition to security, IBM is building a broad range of Watson content libraries on its own and in conjunction with partners. In the case of security, the company is leveraging a database of exploits it has been collecting for several decades.
The opportunity now is to not only collect that data, but put it to use to both prevent the attack in the first place and, eventually, identify the person or organization that launched it.