In wake of Census fail, IBM taps Watson AI to support new cybersecurity A-team
- 18 November, 2016 09:41
Pictured : Wendi Whitmore
IBM’s new $US200m ($A259m) cybersecurity investment will heavily leverage its Watson artificial-intelligence technology to help the company’s specialists more effectively process the mountains of data involved in modern cybersecurity investigations, according to the unit’s newly appointed head.
Announced overnight, the creation of the X-Force IRIS (Incident Response and Intelligence Services) team will see CrowdStrike, Mandiant, and US Air Force Office of Special Investigations alumnus Wendi Whitmore taking a position as the team’s global lead. And while the staff involved in the team will naturally comprise the brains trust of IRIS, Whitmore told CSO Australia that the integration of Watson technology would be both tactically important and a market differentiator for the cybersecurity specialist unit.
“There’s so much unstructured data now that many of us are challenged to get it into our thinking,” Whitmore said, noting that for example the more than 60,000 new security blogs that are created monthly. “It’s extremely challenging for people within the industry to get through that in the timeframe that’s needed.”
Over the next year, she said, “our primary goal really lies in building that foundation of threat intelligence, and to start providing intelligence in a way that prevents attacks from being successful. We will really be leveraging Watson: if we can for example take a process that takes 6 to 8 hours now, and streamline it down to a minute, you will see the ability for our analysts to be making much smarter decisions.”
Whitmore’s position running IBM’s elite cyber-response unit will put her on the front line of the fight to even the odds against DDoS, ransomware, and the myriad other attacks that continue to threaten the integrity of business data around the world. Just the past few weeks have seen a massive compromise at FriendFinder Networks, a massive online fraud at the UK’s Tesco Bank, concerns about potential hacking of the US election, and growing expectation that security cameras and other devices will be exploited to drive massive Internet of Things (IoT)-driven attacks over the US Thanksgiving and Christmas holidays.
“Defending networks from data breaches has become one of the single most challenging hurdles for organisations to overcome today,” Whitmore said. “No matter what business they operate in, our clients face those same challenges – and we see them nearly on a daily basis, especially with distributed denial of service [DDoS] attacks.”
Direct hits like the sabotage of Australia’s online census – for which IBM has copped blame from the highest levels of government – have made DDoS attacks particularly concerning in recent months, both as DDoS-as-a-service options pick up and as cybercriminals embrace new techniques like the widely-available Mirai technique for IoT-driven devices – which recently crippled US DNS provider Dyn and have fuelled concerns over a new range of attacks on critical infrastructure.
“It’s less expensive for attackers to wage these attacks and much more expensive for businesses to effectively defend against them,” Whitmore said. “And it’s no longer just a technical problem: these breaches have a true business impact, whether it goes to the reputational loss of an organisation or true monetary loss for clients or shareholders. All of these things have dramatic impacts on the business bottom line – and this needs to be defended.”
IBM’s significant investment in cybersecurity capabilities – which also includes the establishment of the IBM National Cyber Security Centre (NCSC) in Canberra earlier this year – is part of a global initiative that includes the establishment of a large-scale virtual-network proving ground where established and emerging cybersecurity experts can test and hone their skills against a range of network scenarios.
That sort of investment supports IBM’s efforts in continuing to expand its 7000-strong security team to fill what one observer recently called the cybersecurity skills “chasm” – which looks set to get worse due to widespread lack of awareness of cybersecurity issues amongst Australian millennials.