Security Central: IBM Readies Watson for Cyber Security as Threatscape Grows
This week, IBM announced Watson for Cyber Security, a cloud version of the famous cognitive technology system. Over the next 12 months, Watson for Cyber Security will be trained on "the language of security" in an effort to automate the detection of cyber threats and attacks.
This week, IBM announced Watson for Cyber Security, a cloud version of the famous cognitive technology system. Over the next 12 months, Watson for Cyber Security will be trained on "the language of security" in an effort to automate the detection of cyber threats and attacks. Eight leading universities will be assisting in Watson's intensive training by expanding the body of security research and data points for the system to study.
Watson for Cyber Security, which should reach beta deployment in some form later this year, is a response to what IBM calls a "looming security skills gap." According to the company, security analysts consistently struggle to investigate a constantly growing volume of security with speed and accuracy. Watson's new training could allow analysts to leverage cognitive technology to tackle security data more efficiently and effectively.
A cyber-sleuthing Watson could be a valuable asset in battling current security threats, which are plentiful and growing. Malware incidents and vulnerability issues are continuing to plague the threat landscape on a consumer and enterprise scale. This week alone saw several malware incidents and vulnerability issues.
On Thursday, global financial messaging network Swift reported a malware attack similar to the one that resulted in the cyber theft of $81 million at Bangladesh’s central bank in February. As in the first case, cyber attackers obtained user credentials and submitted fraudulent transfer requests. In the latest case, however, attackers subsequently installed malware to manipulate PDF documents and cover their tracks. It is not yet known which bank was targeted or how much money was compromised, if any.
Reports this week also revealed that the U.S. House of Representatives Technology Service Desk has issued an internal suspension of YahooMail access due to security concerns. In a letter obtained by Gizmodo, the House Information Security Office cautions staffers about a sudden increase in ransomware attacks via YahooMail and Gmail. As part of an investigation into a specific YahooMail attack, the service has been blocked until further notice.
Additionally, SAP Business Applications users were put on alert this week. The United States Computer Emergency Readiness Team issued a notice this week regarding the exploitation on certain SAP apps. According to the alert, at least 35 organizations have been affected by a vulnerability that can give remote attackers full access to an affected SAP platform. SAP and Oracle cyber-security provider Onapsis identified indicators of vulnerability in Invoker Servlet, a built-in functionality in SAP Java platforms that was patched back in 2010. Unfortunately, the vulnerability is still present in some legacy systems where customers have declined the security update in an effort to maintain custom platforms built upon the previous version.
Given the unyielding barrage of cyber threats, vendors and service providers have their hands full identifying and fixing security weaknesses. This week, Microsoft issued patches for a number of vulnerabilities, including a critical Internet Explorer zero-day that could allow remote code execution on IE versions 9 through 11. Additionally, Google has issued patches for five Chrome 50 vulnerabilities (three of which were "high" severity), and Adobe patched a critical zero-day Flash Player vulnerability that could enable attackers to take control of an affected system.
Zero-day vulnerabilities are becoming more and more common, leaves vendors scrambling to create more efficient methods for hunting vulnerabilities. Should its training be successful, perhaps Watson might be able to help.